{ "Event": { "published": true, "date": "2023-03-23", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-03-23", "timestamp": 1679616182, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "7d5a4564-e205-413c-8aa7-eafd8c39999d", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0dbc61ad-c9a7-11ed-88f6-42010a9c006e", "comment": "Malware payload (IcedID)", "timestamp": 1679595484, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679595484, "uuid": "95c7e3c2-29b0-486d-939a-a7111dd13bdc", "comment": "Malware payload (IcedID)", "value": "d91dee9dfbdbf0b35593424723052a55", "object_relation": "md5", "Tag": [ { "name": "1105 SOFTWARE LLC", "colour": "#080BBD", "exportable": true, "hide_tag": false }, { "name": "73743838", "colour": "#ABF2CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679595484, "uuid": "9cf05400-44f2-4785-a687-211754217939", "comment": "Malware payload (IcedID)", "value": "009381653fade0d3b94ad0fa0a109c294ac55936a5d1ced44e18fb08188aa7df", "object_relation": "sha256", "Tag": [ { "name": "1105 SOFTWARE LLC", "colour": "#080BBD", "exportable": true, "hide_tag": false }, { "name": "73743838", "colour": "#ABF2CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679595484, "uuid": "f1b473de-2553-413d-bec2-3b9360759b8e", "comment": "Malware payload (IcedID)", "value": "813c274e68916cba601134f689788e938f7ef9e7", "object_relation": "sha1", "Tag": [ { "name": "1105 SOFTWARE LLC", "colour": "#080BBD", "exportable": true, "hide_tag": false }, { "name": "73743838", "colour": "#ABF2CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679595484, "uuid": "4868841d-db8a-4db6-9cda-8fabd1503e75", "comment": "Malware payload (IcedID)", "value": "085b9a7218a17f2c71f0b1bcce88f13234f2e6acfa0c10b20349122dd3563579f409be42c9c315779d2d833ba3dde595", "object_relation": "sha3-384", "Tag": [ { "name": "1105 SOFTWARE LLC", "colour": "#080BBD", "exportable": true, "hide_tag": false }, { "name": "73743838", "colour": "#ABF2CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679595484, "uuid": "c72ce8bf-70d3-4fb6-941f-b05e7c44d1f3", "value": "T19B846B04FCD96F97C9BEA47A0AC3686664BBD88A371AA607B70CD26270533145FD331D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679595484, "uuid": "0b384550-6884-4030-85a5-f891d690e081", "value": "dff367c9375e1b68769b5ca3b25ac329", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679595484, "uuid": "6f960072-9683-4cee-a992-0138dcb0cfa9", "value": "6144:EOUzREbq7Y9m47z+RtK87+YZSZXYSBdyvo+Rhw00C0Ul0YdxwW1Pi4QnpUk/rTwx:HUGbq0s4mR0SSZq3EuSX3wMW5vd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679595484, "uuid": "f0a7974b-45e2-4f22-bc28-b72c3c891180", "value": 400416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679595484, "uuid": "f566cc77-5416-48bb-aff3-f25c7c64348e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679595484, "uuid": "0f855a90-f8d3-4c16-b1b4-ca73ed7245d7", "value": "Contract_March_23_INV#305.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "63dac7ee-c93a-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679548813, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548813, "uuid": "9a234489-6506-4d81-954f-175a0e743e05", "comment": "Malware payload", "value": "06ed501084fee2629ec9ffa81ec35ad4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548813, "uuid": "14d74740-660d-4500-9fbb-476f21dd4a91", "comment": "Malware payload", "value": "02a8f0962681f2cf506deb96b80e2e4cfca38bd283decfb09f0a1f1c66814a4a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548813, "uuid": "880d9a0e-b12d-45f8-aaff-26f0a306a50e", "comment": "Malware payload", "value": "c7dc21edf35431c194f1cc31ff1268ab5d0ca9c8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548813, "uuid": "30496393-454e-4d88-ba21-c62d392c6b86", "comment": "Malware payload", "value": "190796376420ed609b1d83f24e04f4f4d934c554a28822671bad2657b2c8f89ce7cb787df5b1b783af3a50f84714956a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548813, "uuid": "381590bf-900e-4ed4-bace-16aae554acd9", "value": "T188A56C217A40C8E7C0134E3CB948F378F1ADADB70F3541CF52E5AA182D3656E5A2DD6A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548813, "uuid": "5c0e6536-879e-4320-adcc-3437e265c1e2", "value": "fe52af0d61c2219338f7536932f24ba9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548813, "uuid": "1ce60987-32f3-432d-9902-ae9f0de2f057", "value": "49152:g5aPR9oQ/7IMh7MpZ0q5t7PZYHLTqYTuMlne8x7RfgcGx2O:g5CRiskMhopZ0q5tGH/qYTuSXx7Rfg1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679548813, "uuid": "fa6d6c53-597e-440b-bdf7-1b649da50258", "value": 2062328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679548813, "uuid": "7a0eb174-6243-4e62-9f0f-badc7495c0c5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548813, "uuid": "0d126333-bca3-4878-8d99-4d5d1e5fd69a", "value": "apphost.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a630ef4-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload (AsyncRAT)", "timestamp": 1679564340, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564340, "uuid": "290ffd19-bcfd-4a20-ba6f-9b7a15b2e554", "comment": "Malware payload (AsyncRAT)", "value": "d6d92cf3a689fabe90397b6621ab64b1", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564340, "uuid": "30bfa779-f972-4e4c-88d6-2e4486c2d067", "comment": "Malware payload (AsyncRAT)", "value": "03249216f693b7eba0f38fa90c5d183dd61ce61a20f481c8973ebf271871e54a", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564340, "uuid": "9b6f429f-8788-41fb-ac34-2bf6634b7a5a", "comment": "Malware payload (AsyncRAT)", "value": "eba7a7708c0bb385700de6fa38dcef900255ce8e", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564340, "uuid": "8f9fb251-f4bf-4db7-8973-7ece3ab08128", "comment": "Malware payload (AsyncRAT)", "value": "db396b1f268e922e81fabd255de38aa122bc113004c3cec54bb95e6430bd976cb8f4e4302990200a3d6714a62f062831", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564340, "uuid": "45c76906-0aaa-4145-96f4-c3196ba9cc6e", "value": "T10EE423CD89B55C5DDA022847FD4BBD892F0D0C348702FB16D9D263BA6B345A2B72B498", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564340, "uuid": "7281c6e1-e83a-4b86-ae84-a564e226f0f2", "value": "12288:2xR4g66m4iAtUelh02WzM4acp0lUIUHlS00fFBbt3FELcWliP6KqkWwp0ux7Hc:9gf/w2X4acp0mFlbM4L0P6nux7Hc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564340, "uuid": "12759f2d-49e1-4445-a17a-7ad7ffffef44", "value": 709977, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564340, "uuid": "266e2d6d-fa7f-443a-8eae-7305426d7627", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564340, "uuid": "87141150-6cb3-412b-b254-04f760daedca", "value": "Odeme22323_1.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d315fe7-c97c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577176, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577176, "uuid": "c9c60f9c-aa9c-480d-a972-ddbe2d7b9b67", "comment": "Malware payload (Gozi)", "value": "05545e7f28bac9b72fe5cc04948760cc", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577176, "uuid": "fd1917a5-839a-475d-84a3-9e642d9cdacd", "comment": "Malware payload (Gozi)", "value": "032c637c398ea0dda67f1fb38d53784b09216aac18a37177c2245170e74e5bd6", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577176, "uuid": "d4a1a119-cf7f-46c7-adeb-cc71015f429a", "comment": "Malware payload (Gozi)", "value": "53281c244ee9ce5afdc695a8cc31bf052ba03736", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577176, "uuid": "91cf4754-3761-4886-98c2-d38e55fd0d39", "comment": "Malware payload (Gozi)", "value": "0b63c9e5c53545682c609bb07fe89ad776876421dddd76dd01534011896962dd42fa53962c3d9023d584b2fa0b8fa75f", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577176, "uuid": "96ba3507-4d6a-4143-9d36-540c78fcb132", "value": "T1DDD16B3682581FFF293631BC5C2846B225B2857B7B7F2CE6B47005A9251CB2041B6EDB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577176, "uuid": "9b5362ed-d283-44b5-a327-bcb5e8a78db9", "value": "96:M/fnUwLUK8EzDM9ax9gJ3t5fUB0GflhsM68qfhhLrGiaUSc:M/fnUwLR8EzDM9a9gJ3txMkbfPLrFaLc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577176, "uuid": "f0a4a28a-d599-4f30-bda0-f06b1d61d0f3", "value": 6522, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577176, "uuid": "7528454c-e698-41bf-8dd8-6c33a9168ceb", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577176, "uuid": "16049400-2994-4b3d-b350-907fe70cc066", "value": "Fattura 3559 2023-300926.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "156bc1b5-c916-11ed-88f6-42010a9c006e", "comment": "Malware payload (RecordBreaker)", "timestamp": 1679533220, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533220, "uuid": "a73d4d2e-9909-46d8-9eaf-0e0f521d55a3", "comment": "Malware payload (RecordBreaker)", "value": "baab2fda38fe37b23aa0b93b07a21eae", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533220, "uuid": "72e2c346-687b-4189-b1cd-0f3561b7c483", "comment": "Malware payload (RecordBreaker)", "value": "035bbfc8f0d41e985f97589480e23af05577a319e4e9ab0733148360c9a11fa8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533220, "uuid": "d61bd328-6a47-42c1-96f8-d48fad15e830", "comment": "Malware payload (RecordBreaker)", "value": "316456eb8665cce5bd4641a3902680e7cabb615e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533220, "uuid": "7f1e4b53-522a-4b81-8cfd-0f48eb4139df", "comment": "Malware payload (RecordBreaker)", "value": "634aa6670a3276855c922fee25076f25f3ea7d1f56a3ae7825ae935625cb3c956bbbdcdac9158bbb9c0034a8186ca2a6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533220, "uuid": "aeb4804e-bfbc-4496-bc99-e25e146b0713", "value": "T1A9846D0243E37C20EF2347728E2EC6F82A1EBC619E5B7F6E124DAA6F09741B1D552315", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533220, "uuid": "91e18838-529d-446f-b417-ebf033967069", "value": "05d87b5aa905cc75972feaf183240d59", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533220, "uuid": "75c3ac1d-dd4a-4769-a261-6718d345bce4", "value": "3072:uud04afZPctGqQJ/2j3YW+JpvuTebSmirpQoHLucWPiL6dlUHMwK5/0RGnTMa:uunPC5W4tuSYrJHLucWg6di4dzY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679533220, "uuid": "95b406f1-890e-49cc-b56f-c4b67a5ad8ec", "value": 372736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679533220, "uuid": "c2b03e14-cce3-4d86-aa00-defaca23df11", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533220, "uuid": "0ee9f512-9051-4914-ba1a-0a743e33df84", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0d369d2-c971-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679572565, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679572565, "uuid": "85354397-7605-4e16-ad33-2405846bb6d0", "comment": "Malware payload (Quakbot)", "value": "6527678be6343fa9d34d4fe551e801a3", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679572565, "uuid": "440754b0-6920-4c4d-af84-2e4f551ad9f7", "comment": "Malware payload (Quakbot)", "value": "04846a8b6ed6297020b43324bdeb1ef6e48505678248158c11426709eb94e58d", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679572565, "uuid": "998a3da0-a197-475d-9ec8-6c108ef70558", "comment": "Malware payload (Quakbot)", "value": "fac12da56f624416b6a58cf560c8f4ed36761fdb", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679572565, "uuid": "a76350ef-1baa-4064-a24d-31583cda9f1f", "comment": "Malware payload (Quakbot)", "value": "cfe34087a24f2545aabf9b6072330af169aa5fe9dd1ea12b06f71277922839b02959de35294a17e25b5c01d87cdd099e", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679572565, "uuid": "31a429de-f314-407b-8f08-1a78d29f8317", "value": "T1B363943099A711115B6B7A2B972F5140D6AA1F23CA04B507F80E7241FFEF90DC5E9AF8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679572565, "uuid": "378d60d2-b9d4-4af3-b54a-cf25c7897744", "value": "768:N1VUGGv8F/dC6f6vcllMmxBGIvW/JtyYVLYOhnuOljz8/bKiVeOqaUtFO9nscBU:Uv8F/8lZVLb8X0OsiZU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679572565, "uuid": "76c8fde7-4113-4d3b-95e2-a826557b486b", "value": 67671, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679572565, "uuid": "70b89ca1-7b8f-4a11-a8ca-78ff539d606a", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679572565, "uuid": "6fae0775-9127-4411-9260-fb74922fa0f6", "value": "aAD.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61b09504-c985-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679581022, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581022, "uuid": "a5793a93-9dd0-4156-828e-dc2e650a810d", "comment": "Malware payload (Gozi)", "value": "669f02d2e2338ef6e54bd2d2dc182103", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581022, "uuid": "4d6849b5-fb9e-4bec-a3ff-23ba2916b2d5", "comment": "Malware payload (Gozi)", "value": "052b69a9f018e39d1a7a69c0a7c6a5dd7963300486c28374d1ecd79399e52197", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581022, "uuid": "bb142777-c019-4df3-8b71-a6f17ead1249", "comment": "Malware payload (Gozi)", "value": "90739c572034eeb82800d846b6ca6122a8b52591", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581022, "uuid": "53c82acf-cad2-4246-846a-5d009dd76aef", "comment": "Malware payload (Gozi)", "value": "35f67c6cdd727e5b1325169f9c2e2a409cc44d325d4f511a2d51d480875c3303aabb203d25f377b91caea6c0dcfce650", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581022, "uuid": "4b63a92a-56eb-4efd-a011-c756b76970b5", "value": "T1F4413B58E9402C70DD0057F286195C03C038B1A1A2A653DFF2D9F63A479B5EBCB136BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581022, "uuid": "b3a6451a-d6d4-4758-b0b8-f51ffd65d0bb", "value": "48:9dTpy2f48exex09O5EEhEObM/61e9TrVusEUv6HeTt:jN3VxkGThnbWuuTrssXv60t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679581022, "uuid": "18d6cf73-bf18-4c7d-b0a5-fafe8cf3d5e3", "value": 1967, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679581022, "uuid": "e98b8c90-95a1-40e6-a611-1cef8f9a547a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581022, "uuid": "9f04decc-18e7-4dde-a322-28331260498f", "value": "Fattura 2203-23_012(3).zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bea336c9-c974-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679573877, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573877, "uuid": "a236b79b-0b22-4f85-aa52-ae87dc56d938", "comment": "Malware payload (Gozi)", "value": "c9cb3a11a5d0a309bbc63f15c841a403", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573877, "uuid": "10b882dc-a5f8-4ab6-91c2-a8acb0eb5d78", "comment": "Malware payload (Gozi)", "value": "05946c5def6a69a15ada12c39d948244f6e5af0482305877fdcddada121ae37e", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573877, "uuid": "0a61096f-af22-4cec-9d81-ddcbb140962e", "comment": "Malware payload (Gozi)", "value": "a9c4442b93c807f999c9f570ac4e3ad5336da4e4", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573877, "uuid": "0c17e8a9-c077-46e8-90db-e63c357de2a7", "comment": "Malware payload (Gozi)", "value": "0c874a62943549ca44823a1cdd3fc1bc07b0fb39681f2a1e0d255ec3311b122b39a47b925389ce0fa8fd3557ef5635f9", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679573877, "uuid": "d5cac045-5939-447d-b187-d3eaa6fa9922", "value": "T120611A14745AF77CEE59F17917C09EF01D0F1CD7C5BAAA4C86796300138A370A844A9F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679573877, "uuid": "0fb2a39e-befa-4263-ab48-cb0ee4f8838a", "value": "48:9KFQ8j2ciHPLJFFKWRXZQXUTuSvWdd7zslAdGb6wWacBitx8U87SxLLpHjI9n:siHzJm6XvTLvW/Yfbd2Biu7SnjE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679573877, "uuid": "809125b5-923a-468d-8a76-809c2290c02c", "value": 3401, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679573877, "uuid": "69125686-0fee-48cf-a694-e4f8b01e60a6", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679573877, "uuid": "52ea6b8b-6b1c-4f7f-85f9-7bbde2701ebc", "value": "Fattura 2203-23_012.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "10ca2063-c940-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679551251, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551251, "uuid": "28f7be5f-a38a-4269-be64-cb7a85eb1db0", "comment": "Malware payload (RedLineStealer)", "value": "00c10d1f690cf0dc936d40fb78d113d9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551251, "uuid": "0f34b2e9-2988-4851-a67a-0c5f792d7f35", "comment": "Malware payload (RedLineStealer)", "value": "06802ee2cfd6846b945a9f7d6efa3a83dcb406e5be9137a381cc0de4f2020816", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551251, "uuid": "1449f9a3-1c33-4862-be1c-6adc848b23d8", "comment": "Malware payload (RedLineStealer)", "value": "107c5d959988ccb51ad84f44e085b76f55acf701", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551251, "uuid": "ce7b6e17-9bd0-4699-a484-3001d6a53b8b", "comment": "Malware payload (RedLineStealer)", "value": "b08f505034fc537eb32b6621b1ebbab118de53fb9b0abcab0cf4dd8bfab7c949954275d188ec8116b82289657a8a9025", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551251, "uuid": "9a6d9777-9685-44c5-931b-af9ccacac41f", "value": "T1C8252306A3EA9163DDB92BB01CFB06832B327DF099784166670ABC4F1CB26457139777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551251, "uuid": "8ec3b196-1f75-4e3f-b567-816fbfe94bbe", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551251, "uuid": "9064c832-e4a4-4d90-a637-fdeabd87db74", "value": "24576:ayUCV9p6xgOHAA6swnX4X4fNM7zXwKxojSgDBezkyw1X:hlDpTwTHi6XwK4DBezk/1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679551251, "uuid": "3b27ff54-3867-4cc5-bf17-a45dbfabdd9c", "value": 1056256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679551251, "uuid": "48b1060c-7fe8-406a-95f0-0e5caaed70cc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551251, "uuid": "fa334840-933f-4357-9028-cbc66600e609", "value": "00c10d1f690cf0dc936d40fb78d113d9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22329f37-c9b0-11ed-88f6-42010a9c006e", "comment": "Malware payload (Guildma)", "timestamp": 1679599384, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679599384, "uuid": "092638af-89c3-46e7-999b-4820ce96a342", "comment": "Malware payload (Guildma)", "value": "4d87a0c7cb7c3bd54d76b0a35d96a621", "object_relation": "md5", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679599384, "uuid": "1e072d7a-a4d7-4f13-a862-6e239f16b980", "comment": "Malware payload (Guildma)", "value": "074a926f4cb0e46e58c3e892ec5b8cba78f34d04048e0c56a365fb320f8f1cf4", "object_relation": "sha256", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679599384, "uuid": "bc9e9b34-d6b8-45d4-b63e-cc4fd636c6a8", "comment": "Malware payload (Guildma)", "value": "eab83334e712740f25a7aba7fa832bce2ebe46b3", "object_relation": "sha1", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679599384, "uuid": "96f3b9f3-5e53-48e7-9522-0ef4d8329ec2", "comment": "Malware payload (Guildma)", "value": "e902ea356823bae3a0fc62d6db19271651649fcd4cf9438f6c4449c67d703b29895c5b8790bad9287ae091ac6664f29f", "object_relation": "sha3-384", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679599384, "uuid": "925ee093-c59c-4071-bfa1-2c70f88bdc48", "value": "T128C2AE4D5102B24784B3CF5C85E9211EF7818C3A347A95A9F8C11DD36E72AF629F2E27", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679599384, "uuid": "0f073e0c-0b20-429c-9d1b-f7307044d53c", "value": "192:IvCaJ0rCAXwbgEsd3ZQ4SLdxnf4GjaC94Jl1qdHYeQOaFpjMqu:IFdm8gEsHc4V09aFpjMqu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679599384, "uuid": "487edae2-5b0c-49f9-8ab5-74747eb5f001", "value": 25792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679599384, "uuid": "0760dca2-0603-40b6-bae3-14976e365dd5", "value": "text/xml", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679599384, "uuid": "31500c01-361b-450a-806e-13e198b660aa", "value": "payload.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "220fae4b-c989-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679582633, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582633, "uuid": "5c0edbe0-4d0e-41fe-a54e-36f52de65b8b", "comment": "Malware payload (Quakbot)", "value": "e7f0eba7951a65085da7c834c763f4dd", "object_relation": "md5", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582633, "uuid": "5bb9e422-39fa-4c1e-8c98-a62bbcf2dad1", "comment": "Malware payload (Quakbot)", "value": "07cbb891d1d54845f84d364d6d02dcf4321767314c5ba52e790c6ffe1a599e04", "object_relation": "sha256", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582633, "uuid": "36e50e8f-d394-4eff-b747-fbd66f5a0764", "comment": "Malware payload (Quakbot)", "value": "21353f70ce08bb6b16d244ce33fd2907b3cfd08a", "object_relation": "sha1", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582633, "uuid": "8fce7e7a-f8f3-44cd-92f1-220b4dce30bc", "comment": "Malware payload (Quakbot)", "value": "726f6d4afb7c518e3a4533e5ffaa7c13abe02db9969b42c37f8bf4f521664fb70bdd4b533b54cb25c8036bc71e363793", "object_relation": "sha3-384", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582633, "uuid": "b96967e8-71b8-43cf-baf5-0db35877d588", "value": "T19EB3B5749A0321205747BA27963D9094D7A84D328B84AA4FF41F7216FFCF61CC5EDAB2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582633, "uuid": "44e1a12a-6527-4b42-8d55-04da7b3ff78b", "value": "1536:a1CgE3loJcsYmq/YmH44RD5+eVx6frDXQ7YdbNvfceQ+r00FKdADP28gs:a1CgMa/yYmY4yrrQUv9Qa00FKdADP2Fs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582633, "uuid": "f463b5c4-7616-46c9-9b60-8de75b9dbe7b", "value": 112896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582633, "uuid": "f7a50a65-6074-45e6-9baf-8fb2bd03b67c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582633, "uuid": "4bab1932-8dab-4c58-a853-5c99e1b3c691", "value": "PY.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11a2c354-c97b-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679576593, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576593, "uuid": "c7456c15-9ef1-4bd9-b7aa-d3d61bcc3626", "comment": "Malware payload", "value": "d69d6fa9dfe91dcde26aa2aa4bf9289e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576593, "uuid": "94901204-a258-438b-91ec-5e230206af48", "comment": "Malware payload", "value": "0a1a25372a8025181699bf4f999a0b05c7958b7e4cc33ea37a9ed63bc2b11f5b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576593, "uuid": "5816a55a-c5a8-436a-9513-6341cc8944f5", "comment": "Malware payload", "value": "c756d3b14be75182f3c504f1574b418cf07152e7", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576593, "uuid": "689940fe-a53c-46fe-b1d9-4ec2a17aaf63", "comment": "Malware payload", "value": "0725890bdacbabcaebb1e81546e6afd9de6845b4262ae156c0bb46188c9bb1ca351b19105a8294119ee4666af52feb86", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576593, "uuid": "8192f58d-9cfe-42b9-9caf-bc691eeaa7b2", "value": "T13C145B22B591D03EE4E28171F6B80F778D6DAD15572888D3B3A4AC88CA345D3B73D71A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576593, "uuid": "4d38974d-b383-4521-8050-bbbb494c5585", "value": "fe5020e72c287b43efc81177eed4e0fd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576593, "uuid": "3346ca81-4b93-4b4e-83ab-10314dbf4285", "value": "6144:OBPzw/U4fcXoLRUsqJN4G8ISkelY3KMJWZ0S/:OBbwM4fcXoesS+G8RkXh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576593, "uuid": "1fa16cde-7ee4-4c75-8a75-f68e21b47fb4", "value": 197272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576593, "uuid": "fa134d77-a456-44eb-9e3c-4dfd2ff533d3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576593, "uuid": "051016e1-70d8-4530-b6a7-6d176a660a1a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f92ab08a-c94b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679556365, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556365, "uuid": "3423829f-b962-4de2-bd2e-3ae7aa24a3c1", "comment": "Malware payload (Loki)", "value": "5b0f700c827197f3dab5296745669ed9", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556365, "uuid": "9f85e390-020f-4fc2-ac23-7095a9cfaa76", "comment": "Malware payload (Loki)", "value": "0a541cc53dbb9a5251a44ceab6fa9e26b160f5e36fd9640dd096dba446dbe155", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556365, "uuid": "8a441237-f23e-47bb-a416-ab3b351a9e17", "comment": "Malware payload (Loki)", "value": "0965e9fb1424ef4e229abb5b4ae87721b8433d70", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556365, "uuid": "134d92b6-e3bd-44f4-ba02-1b0ff5880a41", "comment": "Malware payload (Loki)", "value": "a958d406760f572719554b35a5798dff373f1c021ca6d59e82eb8349f2ccb7189f91c5e6204323bedde1a3e66ed62dff", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556365, "uuid": "fdf61347-8f73-406f-9c7f-82a21dcb7dde", "value": "T143C2E742E79E03B88F9111B3262E1BC9AB7DA73D335155A1786C8234339DC2E46766FC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556365, "uuid": "3ef79fe2-09fe-4b52-acef-593ec8307007", "value": "768:lFx0XaIsnPRIa4fwJMmYW7KXyIhWzlEpyzb:lf0Xvx3EMhWuXSN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679556365, "uuid": "5d30185e-b2ea-43eb-996b-a5785aef4ba8", "value": 28151, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679556365, "uuid": "7e17b380-9380-4e24-9738-7076b2e557e7", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556365, "uuid": "d5f3e4a9-aafb-4a20-9753-5ef32e971c75", "value": "Debit Note.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99e2f7e8-c9c2-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679607316, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679607316, "uuid": "e1d5d467-80cf-4ecc-90eb-43d7d734e33c", "comment": "Malware payload (Amadey)", "value": "05978bc1157822d50322f42b63490126", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679607316, "uuid": "2b716f47-4c55-4bae-a3e3-2356aed40eaf", "comment": "Malware payload (Amadey)", "value": "0a5b702d8127497f5249e753ed129ee473f0507903e157e87db9e50af668ca78", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679607316, "uuid": "ab61f2ef-cf07-4464-88c9-dc0349ef0d19", "comment": "Malware payload (Amadey)", "value": "beae52a7339d30fe8872258ce81b53f43c25ff8e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679607316, "uuid": "734d480b-f299-4541-83e5-c079ab7315ce", "comment": "Malware payload (Amadey)", "value": "e05ec33bbe222429aed57ff6766c772192946f130cc714ea45f3104e86051523337968fb08f4b7cab022470a75fc381b", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679607316, "uuid": "a1c6f2ce-a49a-4eea-a567-391b1291bef2", "value": "T1D0B32D409E0BBD03C53406FDD4D7A6B749B79A9819A5870ED9346CAA6D23E481EF2CC3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679607316, "uuid": "2c14594a-b1ce-4fb3-8d21-4bcb9a1d4400", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679607316, "uuid": "7dda6f88-6a75-4b90-8e45-af031f5a4f14", "value": "1536:rurgu5SIr4FidRnablY5Rh+iqBUQMdCEHH:rur9kuPnablIp6h0n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679607316, "uuid": "760497e1-f0b9-467c-83e7-b8d6e33503ac", "value": 116224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679607316, "uuid": "f7e8d84a-fbf6-4d19-ad7e-c4af18da4668", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679607316, "uuid": "6f68ca0c-754d-4b89-8cb1-4bc0a752f3af", "value": "05978bc1157822d50322f42b63490126.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7fc34904-c979-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679575919, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575919, "uuid": "d789dc36-c51f-4c69-a8a0-07328278c3a2", "comment": "Malware payload (SnakeKeylogger)", "value": "2e7d0cf4cec98345f5c0a37b41a4ec28", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575919, "uuid": "c88ac348-ad2e-40e5-af1a-05ddc4baaa8c", "comment": "Malware payload (SnakeKeylogger)", "value": "0aca8e757450257b435be941b91b79bedc38d9b25be3a60b10a52aec61a158a8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575919, "uuid": "3756feec-5317-4952-be2f-012710a19d9c", "comment": "Malware payload (SnakeKeylogger)", "value": "e93e2ffbce12cdfbc2da6fa985a2b4cf934ca756", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575919, "uuid": "d8589347-167e-49a3-8fff-8112777a5d88", "comment": "Malware payload (SnakeKeylogger)", "value": "75184f5f78fb5f4ca913b152d57d9278bcac55231470d837125b611d7efee2b80a8ddfa1cca27892a666b8127c3f192c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575919, "uuid": "ef42c828-0d12-4579-84e3-6330d3445d6a", "value": "T1A59401793A63C453FA5A3F7478A6F7296320E8587E1837073780BB9E78737954D0A601", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575919, "uuid": "3e526753-6a67-4834-82bc-987127025a2a", "value": "b78ecf47c0a3e24a6f4af114e2d1f5de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575919, "uuid": "c431aa05-d6c5-49b9-a463-b4c8ef682829", "value": "12288:ioZqMpB0QfDg1a8+kDCyram5H0naXmpf0v:iosMOQfDg1a8+kDCm0nppf0v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679575919, "uuid": "3c6969e1-28e1-4ecb-9ea1-34f0caf1aca9", "value": 430468, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679575919, "uuid": "f153be26-7e17-468c-a73e-163e0a0dc68f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575919, "uuid": "f5387813-1a64-4ef6-81e6-c1836492bd46", "value": "Order_PROFORMA150223_DOCUMENTACION.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8f7e48a-c94b-11ed-88f6-42010a9c006e", "comment": "Malware payload (zgRAT)", "timestamp": 1679556258, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556258, "uuid": "9056f8e7-09e8-4ae2-8bb6-0d9a6b3a2cbf", "comment": "Malware payload (zgRAT)", "value": "f0fc210b0b39ae210d3db8834cbcf396", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556258, "uuid": "c2e0c59c-ab5f-4f76-b8ee-658f1c85a394", "comment": "Malware payload (zgRAT)", "value": "0b2d62bf8c0f1e0bbdfdf6532c8b9c70b73411f3c907854738064d423ebf88df", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556258, "uuid": "2d4e950a-b788-4ffb-af37-ce3f5f317f0e", "comment": "Malware payload (zgRAT)", "value": "bf2d473dd0ce8750810b6000c4fe740485231559", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556258, "uuid": "168aafd8-d4e7-4e2a-bbe5-1328e980e972", "comment": "Malware payload (zgRAT)", "value": "5baadf8a24e6cfe65bac393093b1ca3ae1b2ec36f374e8fe9033759f01e218da41fdcfbd0eeb2791d35c6325618c96ad", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556258, "uuid": "383869ec-e5a9-4071-9507-e8e0cd5eb96b", "value": "T170053961BFEACAA3C2AD1737D5F15D1447B1E852E522F74F318923B604837A29E0871B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556258, "uuid": "b763c2e9-001e-4bf1-bb1c-34365dc08bd5", "value": "12288:n3aZ2Cap+WYcE3QLJtdNIaYL96Yn9hRXeFmZdtHvLW:fCa8cE3YJXYL5rt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679556258, "uuid": "a12a0f94-eb57-4eeb-9714-9c4471aba2c3", "value": 858624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679556258, "uuid": "27ab08f3-89bf-41cc-bcf4-fd0876ce89e5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556258, "uuid": "820217f1-c88a-4718-ac98-3bdd6e86c779", "value": "f0fc210b0b39ae210d3db8834cbcf396.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d11824f3-c988-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679582497, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582497, "uuid": "6d19d6ef-5398-49a2-bf3c-c08840eb5f35", "comment": "Malware payload (Mirai)", "value": "a0f826e4823abb88547262260cb9263a", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582497, "uuid": "655b04a3-eec2-4192-a799-b844c60720f6", "comment": "Malware payload (Mirai)", "value": "0bd791c1dd469e61c88b108c2d760a6ebb53a0dc33a1dd90bf91d58cc24ccc6c", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582497, "uuid": "5a5e0f47-97a6-4138-b407-cd7f138b023f", "comment": "Malware payload (Mirai)", "value": "9e289e331cf46a180c36c365a26a7dc8476253e3", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582497, "uuid": "4dbeb241-941a-4497-9d01-9c4bf1a43682", "comment": "Malware payload (Mirai)", "value": "04cbf2655c60d1fb6febd60bdd8ce02db9cb1ed1f792efe8ccebb6c0a33a3b01357b55885df2d5491f3a832b96e87648", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582497, "uuid": "6d404ce7-55ad-46cd-810d-289a8b5afc3b", "value": "T16E934B8AB741C673D1430AB2129BAF150133F6BB1A5ADE16F3A93CF49F11585B221F9C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582497, "uuid": "aae6d2f1-4e34-49b3-9936-118d2d5263df", "value": "1536:2l3Lh4hbP3JUBUJUbtRIpaRNPpOlE5dM1SvImozd65h7yWJN/Dc3ogWztw6m2TWn:+3+RUBUJUbtRIURNPMS5G0v9L5h2A/Dw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582497, "uuid": "7ad473ef-0015-485a-8c59-6136b97c28da", "value": 95790, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582497, "uuid": "d3c64a19-0077-4f51-ab71-cec4051862fc", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582497, "uuid": "76c5767b-496a-463a-bc05-314e2b892cfa", "value": "okamiii.1586", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87f201e2-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679564336, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564336, "uuid": "e2c29d26-09e5-4b05-9ca6-25831464f630", "comment": "Malware payload (SnakeKeylogger)", "value": "0e2a0204ddfc2182f061506fc1af848b", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564336, "uuid": "8e852b29-fc14-406f-aa1a-9cfddef742c5", "comment": "Malware payload (SnakeKeylogger)", "value": "0c9533905069a8df72e4c194fb93dc8f64d4c6517a405186d58ff58a9e563c61", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564336, "uuid": "e89fee1b-f6e6-46fd-a7cf-f4b2187324ba", "comment": "Malware payload (SnakeKeylogger)", "value": "23fd8e49e971dc30ae82a576c671d8566106c972", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564336, "uuid": "e4d20f5c-6faa-4548-a327-d5cbc34ce809", "comment": "Malware payload (SnakeKeylogger)", "value": "e3a4217fef5ab8709287c1db44f6d8310b24e144af7adc145a2ee4fcfa139e3684a7cb8c378e7cbd5a4071a140eaa4d3", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564336, "uuid": "4c685236-c680-4298-9910-39c869908ca4", "value": "T10A642320B38ADA6FCF983D99396DC3128FAD957BE4656BE1B03D27C1180927B3E0154D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564336, "uuid": "407bb58d-2240-48a3-b1d2-a644c251b7c0", "value": "6144:O+vG07R3PVAzpfw+aMneRIbnzzPOqoEjiT2DcJFt8a1616F5y8dNfeYkCJFZpV18:dR/Vqpfw+1n1ah5CoJr8K06FrN3JFDH8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564336, "uuid": "83611e1c-979c-45b1-af4a-4f32ae3c45fc", "value": 331579, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564336, "uuid": "efe6c085-6e85-4acd-a7a2-6998a2a32c00", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564336, "uuid": "b1c6ef88-f15e-42fd-8a4c-7664b8ce5871", "value": "Liquidacin por Factorizacin de Crditos_1.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e847550-c9d6-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679615860, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679615860, "uuid": "54706aa1-19ed-4214-9230-73fba2a2aac5", "comment": "Malware payload", "value": "e3df1c889184bdcfae00b62874f229d4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679615860, "uuid": "06e1c372-2509-47f2-a3fa-2d99b6017349", "comment": "Malware payload", "value": "0d8ae95f2ca631b3df67bdf6b3bd9ccad1ee75a2201c8283f8854369fe2cc88d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679615860, "uuid": "2b33aac7-0375-4a5b-ad37-7c34a2ba22cd", "comment": "Malware payload", "value": "489b72274516c9d255bfb71d368ee6a060428bdc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679615860, "uuid": "51ed557d-e2b7-4896-b291-85ec9c068275", "comment": "Malware payload", "value": "3d4417c38e486e3d7671c69c630632e3652dffc6e8e2d5b3440c94f8b732837bef5f09f0164398f528cfb9d7e271bf2d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679615860, "uuid": "79710d86-6703-45e1-b022-e70ea39c556f", "value": "T16444CF1276D1E972E856513C8825C7F429FABC709B59CAC77B402B7E1D313D2AB3A342", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679615860, "uuid": "bcb1ee90-7d58-468f-99fe-b3476d3eb5e0", "value": "f74196ae98b7afb3677d1c2066ccd5db", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679615860, "uuid": "69577a16-3379-43c4-9c79-a9c6bd75083a", "value": "6144:soQVcLQXXYCW+yyGGiM4oPVm2EPNxyLG:shVc8X3W+yyGbM4UVm2E6G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679615860, "uuid": "70c5a95d-10c4-494d-b104-be66a93698da", "value": 266240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679615860, "uuid": "999aeb93-7202-4274-ab02-bb9315d2223c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679615860, "uuid": "6e7a4751-68a8-4208-b765-075d6caac4d3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c6caffa-c94c-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679556424, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556424, "uuid": "8b69f6d3-b321-476f-9ceb-7942a7bb80f9", "comment": "Malware payload (AgentTesla)", "value": "25d385986303e4fa5cd18acc86c87df8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556424, "uuid": "8ba74ca9-4130-4c84-b429-a23f6f6322f5", "comment": "Malware payload (AgentTesla)", "value": "0daee48e22c19a395759d6a12b732707097dbfdf1ddd8695984777a2e2ac99e2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556424, "uuid": "6f9db226-5b7a-4b29-989f-8711393a7ae6", "comment": "Malware payload (AgentTesla)", "value": "31d1cd91aede38f395158273a8eced51baaa3119", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556424, "uuid": "7ba8bf13-8328-461d-a2dc-50ca83556df0", "comment": "Malware payload (AgentTesla)", "value": "88eff8ea60c23eebdf0f206dcb2cc8e9520f8a4e894c0a77901997ece23c5614c32568c53bb01a7403172333c22a65ce", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556424, "uuid": "dd3ff78b-7d7e-4c97-b1e0-373549bc1c6c", "value": "T11D256B41EFAA6461F11004BA216B7D5FCD51A88E98EDFB6E150FEF31F5E220D1D82E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556424, "uuid": "b02d2775-5a4e-4ae2-b3f9-c43dd5be04c9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556424, "uuid": "f8166d90-8648-45e6-96af-daec66e1450f", "value": "12288:gimIcO14qNVAvfq9BMXCeOiwJeoO612bTZqkFRSpL0470vxiLATAGn3WtNmBNa44:485NGfq9CXCehwJtOv0L5s5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679556424, "uuid": "563a6b46-b260-4e57-b768-551d5082eb85", "value": 1004032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679556424, "uuid": "79d50987-77c4-40bd-a998-e446db1d0ac3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556424, "uuid": "520c0f01-2722-4e57-85d8-491e4bcc2727", "value": "dhl-90876398765....pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9cad0f0-c97a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679576445, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576445, "uuid": "7479e053-573c-4dd9-b034-32d9ffbdb7ba", "comment": "Malware payload (Heodo)", "value": "01cbd13497b0e8c64a9637a95b192226", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576445, "uuid": "68e00212-54af-4c4b-9cee-b71fe3c52a44", "comment": "Malware payload (Heodo)", "value": "0e98ef27ae09b6e3a7cf7f2ecb6b08ffa3b1a174eca5ee5ceb8ab8589c858a8f", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576445, "uuid": "529c5e34-bf35-40e0-b040-3bf20fcc4bfe", "comment": "Malware payload (Heodo)", "value": "c0c56e8bb2c7289d90f318641840f8a07f250387", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576445, "uuid": "a980b41e-1607-45ac-850f-85cb5cb34ee1", "comment": "Malware payload (Heodo)", "value": "fec0ef2ee095a1925689fd6fd567291d148edd7c0dbab479a089335b7eabd0b6fba9917cdefac47976b3a013d87ff9d8", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576445, "uuid": "45abee77-b362-4c13-b8a1-e8b71e994ee8", "value": "T1B644F98C7BCA5ECDC224F379794BC8C5456C46B2CAF1196CAD8ACC158DA339D87E908D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576445, "uuid": "8fc3dc77-b353-4834-9a0e-0d7e0d5f8cdb", "value": "3072:xXzeHrBwsHzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaBtuXK:FeHrBwsYXm5ZGa3vRXm5ZGa3vX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576445, "uuid": "2b2926dd-80a6-45ab-89b7-03ab387f9a6e", "value": 268004, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576445, "uuid": "c8674504-e48a-4fcf-b3c5-cd964d49d650", "value": "application/x-tar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576445, "uuid": "c1483fa6-619f-49f8-a884-bd06b0b2fb3a", "value": "INVOICE No L56 22 March 2023.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8dd91264-c98d-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679584532, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679584532, "uuid": "cc314477-d8d0-421a-91bb-1613c8d6b011", "comment": "Malware payload", "value": "f054a6222f58ffab401bec9affc56a68", "object_relation": "md5", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679584532, "uuid": "552b4c32-4abe-49f3-a039-2199e5c51c47", "comment": "Malware payload", "value": "0f63d8fd2e6619bc402689077f7690f4effd77cb67c68868a7eb0f147269c97c", "object_relation": "sha256", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679584532, "uuid": "ff9270ce-e5c5-4da8-afe3-b983df9a0ec9", "comment": "Malware payload", "value": "3321b6451743c417af1cdb394c56461e5cd9ddc7", "object_relation": "sha1", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679584532, "uuid": "39a4e4da-55bd-4d82-8a6d-483d136e3b0f", "comment": "Malware payload", "value": "8ae267e1f52087c85535a9ada6f499fe6239b7d94ef03fc96e53df2c45d60fe7b73d00b2f022898c139925562d5c3cfd", "object_relation": "sha3-384", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679584532, "uuid": "f296e6b4-1b00-4a90-9db5-0e7934b3de07", "value": "T1AA81C7BC0F3F50D93F0C5076E5338805D625FA1337DE869EBC9A6279ACB7A507916A04", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679584532, "uuid": "661017c4-1c9d-47d4-8c4e-a24ef49604f3", "value": "96:7xoVE9qLbPuexApjXctwFUcUEPcVOTHDW+RgH3T+ZcmLnXocZIucmLEQqLEzlcmQ:7xUTLJ8XctwFUcUE0VwH1Q+ZcmLXocZ2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679584532, "uuid": "1e8e9186-68af-430b-a05b-096b8e104eca", "value": 4159, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679584532, "uuid": "c1c404ff-07f9-4c3c-865d-0b1f77645805", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679584532, "uuid": "bf8c59fe-bc99-4cd8-b957-abd211472f3c", "value": "Ducimus.html", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5532f922-c97d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577565, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577565, "uuid": "432c4c86-1464-4765-9d2d-810e83fca3c6", "comment": "Malware payload (Gozi)", "value": "c0a7c860795b5cc98364f8e051494ef6", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577565, "uuid": "8d545b43-25c6-47d6-a44a-2ebc51833ef9", "comment": "Malware payload (Gozi)", "value": "0f91bf77ac5b1b995e84855a9008b773a40362773ae0a642c671d74f5bff2f84", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577565, "uuid": "c1c1e698-c263-4d3b-b8ce-86347275e228", "comment": "Malware payload (Gozi)", "value": "d97193e4557773d9d117d0f2396cdf894b001cf9", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577565, "uuid": "d296bad3-0ea8-44dd-bf4b-4bd28a7332c6", "comment": "Malware payload (Gozi)", "value": "9042018aa1783f9d98696106e6375e9c1086637638447a887d2d79ed2a69770a2dedad561445273053d79882bded6b37", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577565, "uuid": "2cd55670-5444-426d-870a-066390d135d2", "value": "T18741E8FCE368C108DA6293386D035DC7598514A2AE6EF864D06D8BB466872AAD313531", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577565, "uuid": "0e838928-f829-409c-b420-c38b0ca6188f", "value": "48:9Xx6JeZAPrJibxaRhHFkwUChE6TaYaSaXEREu2:dvAPrJSxqq5Cxh1RW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577565, "uuid": "1863c42b-d1fb-49d0-94da-71589b4a47a3", "value": 1991, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577565, "uuid": "894a96ee-b927-4e28-a7fa-56225e54a6ea", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577565, "uuid": "3f4e2d82-e545-48e9-ad31-f9813954cd73", "value": "Fattura 2203-23_012(5).zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf6b93f9-c989-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679582924, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582924, "uuid": "7a6374e8-afdb-4731-9204-78ea1957caaa", "comment": "Malware payload (SnakeKeylogger)", "value": "4d26b22bbfe4d139af22d311eca2dedf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582924, "uuid": "8a9fa809-17ed-47b0-a3ab-d9e4e4fac4f4", "comment": "Malware payload (SnakeKeylogger)", "value": "10148fb64ba2a9d9fe2ef5ca3fd2be127b61310def2ad5851e5e3fe2b4684b43", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582924, "uuid": "4e8ce374-4949-4728-a583-d124074d9634", "comment": "Malware payload (SnakeKeylogger)", "value": "30dd258c64f72c7932bc181ae6a23414d87d662e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582924, "uuid": "e61d35bf-f5b0-4f29-8f3a-24d458fc3252", "comment": "Malware payload (SnakeKeylogger)", "value": "563085d7c70f76d0b3fa13c98d507f355205de8384169377d10658f5ced4c54bc847b2dfd0617fe71e764c59f9da64f6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582924, "uuid": "a103db7a-fd9e-4de5-99ab-d4a554bdf8ff", "value": "T166155C41EFAA6460F11144B9216B7D1FCD51A88D99EDFB6E090FEF31F5E220D1D82E22", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582924, "uuid": "ac27debf-411a-4125-ad9e-a00d6d5f1063", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582924, "uuid": "b260d357-7a1c-4088-b6e8-b95c19ec3480", "value": "12288:HrQdmq6v6F48yK6nSp6Roxg90klpk8W6B2I0uxlkhS4GfOXRXvxiLATAGn3WtNme:LQdH6v6F4gIK6Y+fzXWK2zgRZOhV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582924, "uuid": "f72fecd2-38d7-4666-8b56-1978c93233d0", "value": 922112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582924, "uuid": "eb4a3607-464d-4dd7-bf1b-293b69983473", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582924, "uuid": "e9938f01-a7f0-4d43-b189-aa9d35bfa8e6", "value": "Comprovativo.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86671d3d-c9d3-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679614584, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679614584, "uuid": "8c5e3c9b-0524-4959-b44e-e6a0a2fd2f26", "comment": "Malware payload", "value": "b6866b6b89cc063ac98a60995ebe49c4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679614584, "uuid": "30f4b589-2fa1-4c06-9df9-01f5a864e77a", "comment": "Malware payload", "value": "10c567dbaa0e65bbd01765ace55b1b8265bc160692a05521323483a955061966", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679614584, "uuid": "1627d023-f3d4-455f-9e8a-b5aa019137be", "comment": "Malware payload", "value": "28428a0e5e4d4a0a0538fc65b365b0dac9e780ec", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679614584, "uuid": "2648b281-a39c-4726-9f32-c52723832304", "comment": "Malware payload", "value": "81c4336968cd5f498d64fa998230abcddbb0fc3e3d7416499d38e240532fb7cf732acd08c34f372fc176bb4f33b0ee70", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679614584, "uuid": "1fcd7d39-6819-4baa-85f0-f65efced3738", "value": "T17E953306A8F60471DDA3D0F8DDF949118A276E570B28125C59D9B68F2B3B143D8EF3A3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679614584, "uuid": "af2938fc-aba8-4681-a638-9d0941c35aba", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679614584, "uuid": "00218d97-9490-4708-a890-e4bb2b0d5995", "value": "49152:EGlJfs7nlVdaZULj7Sdny1X0QWbJJoruNbepSy5dlLYp:5On51v7Sw1gJeUE3PYp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679614584, "uuid": "3876a5e9-eab6-4e2c-ad09-fa73e350c6e5", "value": 2006416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679614584, "uuid": "08f613a8-a022-4656-8485-270ed2342569", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679614584, "uuid": "9065f282-07a2-498a-aca5-0f83ad21caf8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9143041-c997-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679588900, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679588900, "uuid": "15b8b0d5-368e-4b32-aba4-9eaf29eacb03", "comment": "Malware payload (AgentTesla)", "value": "afd90d94c3c0c61174e82f593c8cff46", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679588900, "uuid": "48e7ba85-8e52-41da-b4c8-b3efd2336463", "comment": "Malware payload (AgentTesla)", "value": "115ea41f31a3a4f6a39bab6c4db11cc6c785ad288727dd54f5467bff1c357256", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679588900, "uuid": "22494516-d9af-4e03-9ce8-e2e629efc87e", "comment": "Malware payload (AgentTesla)", "value": "42c21617cc5cb04ef9800bf323687b6afe7262cd", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679588900, "uuid": "97a66de0-7a42-47b1-b4f7-9df2bedaaa4d", "comment": "Malware payload (AgentTesla)", "value": "ff33edaf05bff42800be7206360d18654ec6f2b38c0d397914873001caa1a498efb032ef25a1b18c4337c0eb9fa0a748", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679588900, "uuid": "323351a9-c3dc-44cf-bf82-476bbba697ff", "value": "T112D48DEC19FC21EAC5F0EFB16ED54517B2D3906AB301EDDD6BD20B640242A49F98742E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679588900, "uuid": "209a6798-ee81-4934-98d2-6b1a85e6902a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679588900, "uuid": "51490466-52eb-42e5-a526-3d5471f0a418", "value": "12288:O3mWBZFElBq8ZPmyc2EuWczkaRdYkvxHfiSS0IQbPZZ8Oz:O2sZ9qJaSjA0x6SloOz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679588900, "uuid": "23f7d2c0-9c39-47d2-9373-a89340d95ffe", "value": 619008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679588900, "uuid": "aecfbb14-7f3a-4917-9d5c-c24fa859671d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679588900, "uuid": "0c54f05a-6a58-441d-a8d4-46aaab42a66f", "value": "Daily Statement.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92379bda-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679564353, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564353, "uuid": "41fe0ff4-797a-47c7-95bf-2b75b1583173", "comment": "Malware payload (Heodo)", "value": "3f34d4a7fcd41506b1361167549f842b", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564353, "uuid": "94281328-b071-437c-9965-1af51976f3b4", "comment": "Malware payload (Heodo)", "value": "11f7b6b11a624c7a09ccc40a99e1221598107fec68ff41e9a19a6d46ce56652d", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564353, "uuid": "dcfc052c-054d-4031-a4a7-02a78dee4090", "comment": "Malware payload (Heodo)", "value": "503d219a20212eed5a7963543d9afc101ecb3620", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564353, "uuid": "3a37579e-54be-4d5f-ae1d-a4cd1ca79b6c", "comment": "Malware payload (Heodo)", "value": "0cf58517b6a6dc4faddb0bc39e9ae89eb658744d8239a49dde60a0cbb2cfa2a052375249ab552bbd758c0e5b8a51f49a", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564353, "uuid": "718b7f87-9880-47d9-8f62-fdf825714746", "value": "T1B244F98C7BCA5ECDC224F379794BC8C5456C46B2CAF1196CAD8ACC158DA339D87E908D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564353, "uuid": "99fc87b6-3443-432e-b6a4-5550e2ac936b", "value": "3072:xXzeHrBwsHzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaBtuXE:FeHrBwsYXm5ZGa3vRXm5ZGa3vN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564353, "uuid": "ef1b6228-bf57-4365-96a3-44fc36d1a6e3", "value": 268004, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564353, "uuid": "5a4bc8e6-f0bb-41a8-8419-6fab87112287", "value": "application/x-tar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564353, "uuid": "dec97aff-1b2a-42a0-9114-6b03c40b6cb8", "value": "Ommega Publishers.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69e68779-c985-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679581036, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581036, "uuid": "521bd3e7-4eab-4dcf-b1f3-7e08551a6204", "comment": "Malware payload (Gozi)", "value": "841dda82907088cfda33303916fb2d05", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581036, "uuid": "d67601db-5bc2-40e0-9648-424a249498c8", "comment": "Malware payload (Gozi)", "value": "123bda1a6cedf72acd51a01f40ed32ea1e61d610ff46a05a6a7166c0777f6a8c", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581036, "uuid": "b0c4f0f2-11d6-4a05-8545-d670947a8a08", "comment": "Malware payload (Gozi)", "value": "0d239fea1df46a3cca0cae388ae0adebcbe12dd0", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581036, "uuid": "5d5525cb-ecc9-4817-a912-e615da6fda23", "comment": "Malware payload (Gozi)", "value": "93132e8618b163c1691a6b31187de9d8f71e90ee2082608c005d7f3479c9d7b1fd3853a47ebfa96b9ff652649d753b90", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581036, "uuid": "d362fcd5-50ad-4e4c-b396-836d21a93497", "value": "T1F0E16A3A821C2FFF283631AD4C1852B325A2957B7B7F1CE6B47045E9251CB2080B5EDB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581036, "uuid": "3d785c9c-b5d8-4918-9f28-7e0257bcb4c5", "value": "192:M/fnUwLR8EzDM9a9gJ3txMjHEUfSUGfPLrFaLc:dY4qf4n/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679581036, "uuid": "26123320-0671-44df-868b-c48698fdf8cb", "value": 6809, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679581036, "uuid": "77ee72d4-9daa-4737-aa6e-013922e98475", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581036, "uuid": "562c3b6c-f1b3-4cf1-8e78-9a26fc300972", "value": "Fattura 3567 2023-300934.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ac6ace9-c97a-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679576205, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576205, "uuid": "407ce96f-97d7-4972-889f-00435c0221eb", "comment": "Malware payload (AgentTesla)", "value": "e0f0121478c0dad03186a410eb454907", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576205, "uuid": "c7f9a66e-e63d-41c9-ae85-bd18c435fcbc", "comment": "Malware payload (AgentTesla)", "value": "12ca7c4843ac470fe38c9170fe4ae2bb5b162d932405f61525dcbeb3253285d1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576205, "uuid": "672d0148-3fef-46a4-9d09-bdb6a84acdf3", "comment": "Malware payload (AgentTesla)", "value": "0a3e1e9d28442b1915a2fda864c092b3933fe85a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576205, "uuid": "c6382a96-3381-4136-8424-da310998a6c1", "comment": "Malware payload (AgentTesla)", "value": "7836a9f951c443f92daa91d14f5a6ff2136bcb3f0e1d8def230884dffb92a3ff409b02c20a5471b6a23547bd580fe2e4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576205, "uuid": "ae183702-0f33-4fc0-933e-bdc57961aa0b", "value": "T1A3D4597D1DB99E22F839E2B98BE4D137A091D7D76B224F2407D7131C8E0294678DE0AD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576205, "uuid": "21785857-0669-4199-8a43-94dafe2d223c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576205, "uuid": "714b7504-df02-464b-a89d-0561b72028b8", "value": "12288:3FD0YYLT6ldy7yYVnQmCAhFKareBHJ6VjqXDPCyA2SHt/:WYYXqOyYRacFKaAoqXLLAN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576205, "uuid": "d2fedd87-a254-4098-8bb4-ec396491fd3b", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576205, "uuid": "10bf9f35-38cc-4127-8244-489c96675513", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576205, "uuid": "ccd3f937-621d-4af6-b703-b86d9e9bc441", "value": "rUSD289_183.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "432692d6-c967-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679568086, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679568086, "uuid": "c92c0460-2632-40ba-b7ef-889188d5acea", "comment": "Malware payload (Gozi)", "value": "3ab6a988b6be228bb01cda32c6aac390", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679568086, "uuid": "45d2518c-39a4-4670-a5a6-6e390405179b", "comment": "Malware payload (Gozi)", "value": "12e40b7a3fb60d6e81a1107f49c1bc8c696adfe27fd1a8710f759373e2fc44ce", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679568086, "uuid": "64590d21-8f4c-4cff-9e52-11bf6f37feac", "comment": "Malware payload (Gozi)", "value": "bde58ec22fc32760c69a28b4944f46d8b2098121", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679568086, "uuid": "6baebbd9-fffa-4a46-91cf-f6195dc85761", "comment": "Malware payload (Gozi)", "value": "ca950fe6040d36bc514427de8499e04d16b3c77512f158252c9d8cf1f573e4db0a8700461a5ba8773b27b1540b21da85", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679568086, "uuid": "99de7fa1-b331-4d24-bcd5-3cd7f321614b", "value": "T10B4108A4E334B22BD67313F81F5A5752024C8FD60A5381C910276396B1BE66DC332F1D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679568086, "uuid": "52c31eee-0ad5-4d5b-8bfe-fdd2a6b143e9", "value": "48:94jDMMEWgGjuMgDPYAj0n4sbrpy4VpGQ2e5h6dnu2EWl:GBEEqV7YAj0ZpGQFqdu2Nl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679568086, "uuid": "a6ddbaa1-c221-4148-bb84-0705ad94d496", "value": 1982, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679568086, "uuid": "66a523a1-a6d3-437f-a958-04df193f776b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679568086, "uuid": "325cc303-3dcb-44a9-a392-6bbdb8bc87de", "value": "Fattura 2203-23_012.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6004ab33-c9ba-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679603783, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603783, "uuid": "35dc77fc-ef3d-47c2-9855-787ef144b955", "comment": "Malware payload (Mirai)", "value": "975772ba388dba0764eef5d729f6346f", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603783, "uuid": "e06633d2-5c05-487f-b946-6107c60dc9ce", "comment": "Malware payload (Mirai)", "value": "14068f08c81afcbc481b59c16ac69fb17e749e820087ac2dba23f742c35eaf90", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603783, "uuid": "7b08be7d-df12-4f55-b237-b266e4af87fd", "comment": "Malware payload (Mirai)", "value": "cddffa276619782dd9d0005a6bc20beb768b7e65", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603783, "uuid": "1dc398ea-7cec-4919-ac6f-023c3a79c66c", "comment": "Malware payload (Mirai)", "value": "25b5d1a6af6c18f9308c7e724769e55be6bda5abd2dce2a67e7180792f1c80ad5edd971baa6f22e823cb08480e52e917", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603783, "uuid": "37d13d98-ea9d-4568-b34e-6274163ba107", "value": "T17873085AF8819B12C5C502BAFE1E118E332317F8E3DEB2129D246F6477C796B0E36855", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603783, "uuid": "874160a8-04bc-4d33-ab69-44ade3afb0c6", "value": "1536:ypnbCYReWKNsQQQm5FLAcaFu2sMCiVgwoh6cnz5IYIg+:HYPoMAcabgwoh6cnzWR5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679603783, "uuid": "994d041f-cdca-47bb-9900-2c9014276cf4", "value": 75060, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679603783, "uuid": "2879fdfd-ae8c-4601-8bff-03d71655bddf", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603783, "uuid": "4f452e85-cf3e-46d7-bc8e-37464e4804aa", "value": "nigga.arm6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2428fdb-c98e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679585076, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585076, "uuid": "60caaea8-5484-4a93-97c9-957361081dde", "comment": "Malware payload (Mirai)", "value": "1f2aad111ae1af4c462725d01975a52a", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585076, "uuid": "5c93f7dc-6a1b-4301-9353-60cbf51789ea", "comment": "Malware payload (Mirai)", "value": "1476d80c4bb47205521a2cff3c9375b799a50a0fcd20fa2f9294f99700144714", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585076, "uuid": "f86ca8ac-3eaf-40ab-aaae-4fca37ea2076", "comment": "Malware payload (Mirai)", "value": "36c807ef6c36ba8cfe326c5a52fa7ea461e03f69", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585076, "uuid": "b43f0068-ee2c-4be8-9c80-30249dd2f321", "comment": "Malware payload (Mirai)", "value": "6d4f26ae51e061ef770f0b91ed82b2c737ec236fb62ef3ad9d25d080dd8d3243d71f7d0309cb47650645571df3b699e5", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585076, "uuid": "386a33ab-b97f-4341-8179-e85aebe04760", "value": "T10D43B7C29E573DBAC2C5FAF8DAE7D12418E7E824A3B74246A5C9DF50502FE88250D34D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585076, "uuid": "350a4eb3-39b4-4d5d-9bd8-2c917e066361", "value": "768:2Klv8ZNF+n9lQdJvFacpjviHmIOHXkSHwg7/Tb80cN:1QF+iHpjvKOHU/6bU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679585076, "uuid": "1f072d94-3adf-4dfe-9e3d-575faf4fb4b3", "value": 57550, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679585076, "uuid": "a5d7e222-f6e2-42a5-b276-d10c8ab676ea", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585076, "uuid": "17921b29-5beb-415a-b691-bc990eef4daa", "value": "x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac0a7de8-c91c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679536050, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536050, "uuid": "8e391fe0-e031-4a7b-a3ad-44c2ab1c1276", "comment": "Malware payload (Smoke Loader)", "value": "674fd92e3d8e27fc8da9533692cebaf7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536050, "uuid": "cc0fbe34-aa9b-4f48-8123-a470ccb6cf74", "comment": "Malware payload (Smoke Loader)", "value": "1571eb000453b89cd056f23691dcac1004432552a59dc63c51e13424d4e1fe01", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536050, "uuid": "46b33dca-bc7d-4b73-92fb-c4163531be25", "comment": "Malware payload (Smoke Loader)", "value": "98c2b61fdf0e0c69d78b10cd04f3d29297343c2e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536050, "uuid": "1f48ef17-510b-4c51-98c2-b5c5573ab7e9", "comment": "Malware payload (Smoke Loader)", "value": "95aadd9de53fd4bfe552c63f080f489c38732c5de37b0d24f37813fa3a636d0e5c4280927a83b7bb5af2113f1076de8f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536050, "uuid": "b4d44743-59db-4d5c-ba6b-b5f82ea20cce", "value": "T1A7445C0293E77860EF2247328E2AC7F8261FBC61AD5B7B6E174DEA2F0D711A1C552711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536050, "uuid": "c98282f2-ee04-4e17-a2d4-15920b91a1ef", "value": "0c7d5e3cc418522bc761bfea9cf074f4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536050, "uuid": "1d44e732-25d3-49bd-834e-29af746d8234", "value": "3072:ak1/QyO3aOUxYgcbNEcc7ZVUOfftYp8ZgU/uOfmWYyGkWgGwtUIMa:aKOU5mN2lC+ZRu9WYyGkWktK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679536050, "uuid": "079f48ac-ac8c-40f9-9a4b-1d4d4a3e9924", "value": 253952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679536050, "uuid": "703e0d86-e695-4044-901c-bd837789904c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536050, "uuid": "7c9c8237-73e0-435e-b14e-288a49848248", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ea42d84-c987-11ed-88f6-42010a9c006e", "comment": "Malware payload (PureCrypter)", "timestamp": 1679581769, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581769, "uuid": "9a0b7867-1064-438d-90e9-70d4f390cd4e", "comment": "Malware payload (PureCrypter)", "value": "dd21f8249db2858aa4c85c12e71b55cc", "object_relation": "md5", "Tag": [ { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581769, "uuid": "597541c7-c021-4cc4-9b50-816acf45595d", "comment": "Malware payload (PureCrypter)", "value": "15993026ade985e2d41f8f8d6d60179901f2d5be4515870c1c4030f78466dbb0", "object_relation": "sha256", "Tag": [ { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581769, "uuid": "2ecaf540-361e-41c5-badf-0178676c943e", "comment": "Malware payload (PureCrypter)", "value": "b9fe37ee982168ef16639bb1cc65ee4137fe7c9f", "object_relation": "sha1", "Tag": [ { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581769, "uuid": "e245f67e-0ceb-460d-9ad3-ccb87365bf46", "comment": "Malware payload (PureCrypter)", "value": "02e94d20de55cf5769ba9f4fb2fc814b1eb4ce1907d9e229429457a5e2ee8099fc7d171cdbb0a1f73209d94c0a14bfcf", "object_relation": "sha3-384", "Tag": [ { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581769, "uuid": "ca88184e-3ab5-43d9-816f-22be762d8bc7", "value": "T150545BEE1225DA97FF8F9C34D0BA57C2F2414AF4C8F44DFD72AA2A821389A5535B50C1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581769, "uuid": "9c74ceb4-1054-4f9b-96f6-fa24bc05e22a", "value": "1536:FW3JRZLzBJ5wGq4up0KjIko1EnTJgOiAOqZ8RzrWWmBSwGjols/ZL4vUNr:FWVzBJ5wGqpjIko1EVzGlfwGnJXr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679581769, "uuid": "b1355095-2fce-4a0a-bb41-8c58c86070e3", "value": 303067, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679581769, "uuid": "db5c65c8-3876-4945-a9f0-944ad343befd", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581769, "uuid": "68f277a6-b77c-4fc4-8723-820bce3d1196", "value": "15993026ade985e2d41f8f8d6d60179901f2d5be4515870c1c4030f78466dbb0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f01e302e-c989-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679582979, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582979, "uuid": "ddf2e765-7e92-4957-aa57-53426a4cd7de", "comment": "Malware payload (Smoke Loader)", "value": "38a6465f9677c4651ae8e59bde27445b", "object_relation": "md5", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582979, "uuid": "fc562894-aa4d-42b7-935d-05dfe531a429", "comment": "Malware payload (Smoke Loader)", "value": "17f4c1a120bc4656d19ea74e8949701d1cb6429747cd965c55d60f9ff72d0a77", "object_relation": "sha256", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582979, "uuid": "8c4ab162-c89a-4e61-a3a1-622713c29399", "comment": "Malware payload (Smoke Loader)", "value": "91053119ed0e6799cfe63ceb3d9a913c9ca758e1", "object_relation": "sha1", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582979, "uuid": "7436c8d1-8053-4bb4-b9f7-650bb1d3dab9", "comment": "Malware payload (Smoke Loader)", "value": "9757e0c15dc001207408ffc4d53eb3a86ced919ae9e7dfee586f1d52df25648f881bd89494ec7126bb49f0bf5e64bc6b", "object_relation": "sha3-384", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582979, "uuid": "fee84f59-ac9a-4e9a-a0c3-7c3c8a6e850d", "value": "T1EE44CE327392C472E517C1394821C7B46A7BBCB14F598ADB6B94177F8E303D29A3A346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582979, "uuid": "79d2feeb-2859-46c6-bf89-32ecb0fc5711", "value": "d82b59d9ac38acfa112d084d606d9e02", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582979, "uuid": "4732aecf-e123-457f-8fbf-3148ad9b5c23", "value": "6144:ZJlFYWLzQ1KhNj8Xo4vOpbEoGiUOZPbJT/VVGOeAj:fYWXQ1Krj8Y4WpbE9iUOZPbJT/a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582979, "uuid": "fe94e57a-6dc8-41fc-b38c-028f9a794199", "value": 256512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582979, "uuid": "1a81cd26-0b69-42a6-b068-2a78a9b86e38", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582979, "uuid": "36360eb0-a580-4243-9c5a-2bc194daca8e", "value": "38a6465f9677c4651ae8e59bde27445b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7437a4a-c999-11ed-88f6-42010a9c006e", "comment": "Malware payload (CoinMiner)", "timestamp": 1679589756, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589756, "uuid": "76acfc8d-5fd3-4f64-bd12-29cde862fc2c", "comment": "Malware payload (CoinMiner)", "value": "34d32d2091dc4c272692ad0fc0f08470", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589756, "uuid": "257eafeb-15ff-4b83-ab3f-2282031b457a", "comment": "Malware payload (CoinMiner)", "value": "180636e998f46837753d0fcec286bcecf19451fbb12bf686cab39d9624a85e17", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589756, "uuid": "848dc7a8-8239-4631-95b6-2044ec4ff97a", "comment": "Malware payload (CoinMiner)", "value": "86dc51ef4beb8f457c2b88a95686615ed9f7bf73", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589756, "uuid": "16d6b385-ef15-4bb2-87a8-c26ad3d4768d", "comment": "Malware payload (CoinMiner)", "value": "995a9c4d43306a055aa1c3846c8b71686598c78fc4bebe22c720a996a444017e6513d7af75f7994c9e165e58ab50d1f4", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589756, "uuid": "33240d39-2438-4d4b-b4bd-ae5e8e89c350", "value": "T1496533EA39A17E46EF3E4230552054B60522D3795CE9C567F8B810E93EE37E0B53C29E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589756, "uuid": "7f6c7c28-6de5-4e6c-ab34-13e26586d323", "value": "4e7985092d46eb55f0c6d62c8dfe0bf5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589756, "uuid": "373958e2-e36d-4dd6-8b5f-e0e3e9bb9b3b", "value": "24576:pPK2rFv42rkotEqqaOspa7ce99XL5Vl2Fgb5048cXfoe8UP8:pPK2b9tWaEVBL5Wyb5LdfCx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679589756, "uuid": "ebf41b22-a50b-4fcd-846b-210663146093", "value": 1526472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679589756, "uuid": "fea49ed3-00e8-4b77-b9c8-500c9cb9dda1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589756, "uuid": "21e0e60b-c9e9-46cb-ac44-5897a3910533", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "254e68af-c918-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679534106, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534106, "uuid": "d4df1f74-5006-4c55-8ea5-4d72ef66fb4f", "comment": "Malware payload (Smoke Loader)", "value": "9d228b3473942173a21dd33fc1632c31", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534106, "uuid": "ff606892-2a00-4f84-a18a-53ba72cbdd2e", "comment": "Malware payload (Smoke Loader)", "value": "18f8dd5c8fffc77a808cea5c6e7e7aa922360a64b768b9fbcd4a4c51e4851da1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534106, "uuid": "9e4689de-d9ac-48b6-8f7d-334557478033", "comment": "Malware payload (Smoke Loader)", "value": "9ae0f74e5e82e0d0f9dff79a9ecb3cfa081d3e8f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534106, "uuid": "e1333ca9-6f54-447f-80fd-3a9a9d832b0f", "comment": "Malware payload (Smoke Loader)", "value": "c86c18e8dad4d7d7b774611f9a69840ce60ff8757bb51f74984a9492e9aaf418f161f03f4bd35db6e2920e7d313683f9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534106, "uuid": "08e20853-3dcb-488c-a3a3-41048cabdf84", "value": "T192745C0253E36C20EF2646728F2EC6F42A2FBC619E5B7B6E124DEA7F0D741A1C552705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534106, "uuid": "6803e8ab-92d6-4575-a836-ea2788e4a941", "value": "05d87b5aa905cc75972feaf183240d59", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534106, "uuid": "f3636113-fffc-4fd4-a2c4-205362f98e2a", "value": "3072:Judo8yK7PYV2wZM2j3Y33QVxmuTeZoCUOuA2TVlE4btUk/X8QxRV:JuoF833CYuvCUOuRtUIx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679534106, "uuid": "8ad3911a-7204-464b-a06b-25dd6404d92e", "value": 369152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679534106, "uuid": "8ceb7fa2-b0d1-4ae1-83d1-2b548c392c7c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534106, "uuid": "8727d5fe-d043-4331-b7c0-e7146f149ee3", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a3bc4457-c935-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679546773, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679546773, "uuid": "3a1e6c16-d2f5-4c70-bba6-7cc5b62d1338", "comment": "Malware payload (AgentTesla)", "value": "a169ebcc244ae373d09de5a1eeea8cb1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679546773, "uuid": "ce576122-4a79-4cfb-8fd3-966d66df1bc4", "comment": "Malware payload (AgentTesla)", "value": "196a71cc3b90f4cbfd85a9c29cfdaae5513527853bf15ae234270fab67a6d780", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679546773, "uuid": "41e0aed8-ed54-4961-a143-c9f89cc5c20c", "comment": "Malware payload (AgentTesla)", "value": "72d55ebf28f6e7fc985e646ddcaaff45ce8c0776", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679546773, "uuid": "84f6398c-944d-46e9-9d03-9c5c409bf91b", "comment": "Malware payload (AgentTesla)", "value": "1c2fc9a3d2c61854fc673f6096a3f11677eeebc4d1388b0a28ecfcf14e063e4d1a72c3a5bc422a7d45883d050252296a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679546773, "uuid": "1184c3dc-66bc-4f75-8114-993d5d094f11", "value": "T1E632B2516FCC98F2D229E173426A800D29BDE47734831AE9B9CDE18237ED20E45FC2B5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679546773, "uuid": "e6804c6f-b4ee-4629-820d-c599424543b6", "value": "192:mvirQoBqlgiVhNZunKeksLC45oEygs1HXRX3u79TDV8Aop8I+ZtQudDRE/7VbDWV:mKrd4LNZnbsLC4mgsmTWPp8IUtQaDiVG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679546773, "uuid": "8dbb0c3f-669c-4a46-ba5d-ada3caf03e03", "value": 11670, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679546773, "uuid": "a7296d24-b9a8-4e5e-9a50-880faa859b84", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679546773, "uuid": "00cea1db-cc8b-48be-b513-075af7692c17", "value": "a169ebcc244ae373d09de5a1eeea8cb1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f8068f20-c996-11ed-88f6-42010a9c006e", "comment": "Malware payload (CoinMiner)", "timestamp": 1679588576, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679588576, "uuid": "3b5eb38b-5af8-471c-8918-e23b3aeef2c5", "comment": "Malware payload (CoinMiner)", "value": "90c3f4ec5879ebef23f3755733f0a3e9", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679588576, "uuid": "6b4dc785-63df-4971-a886-8e5a0a9a15b7", "comment": "Malware payload (CoinMiner)", "value": "19a2fb39d3c04119ea35d0ff5b410227175286fb9ef678e7e4ac6fca69b025a6", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679588576, "uuid": "66af9c89-cf3a-4c5d-b242-7df7f80b5d44", "comment": "Malware payload (CoinMiner)", "value": "223f1a719ec54d2afef3cf2a16923b7daf347efa", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679588576, "uuid": "10915773-8728-476e-af61-4082835efcd9", "comment": "Malware payload (CoinMiner)", "value": "acce32d2caff3980bed2f4e95c2c79a946d5fd1783be52d55ff9cbd7a8189295099bab6f1dd4a2124447003c57166407", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679588576, "uuid": "7896103c-4c24-4774-96b1-82141279c561", "value": "T13D44C02273A1C47EE55B45798C12FBF46A3B78704B5946CB2B90067E4E307E1EE36386", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679588576, "uuid": "7fb7a395-5434-465d-87be-1c5a5e2cc6c6", "value": "1a1f360ce6c706ec6136d71fd36c1fc7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679588576, "uuid": "ba4e96a5-2758-4c36-9ffa-0072d1a49c4c", "value": "3072:Lodho+YyQ+VTL5W9ddoU/BfR9IqBuq+tj/hy9XsPgDokAxzd5RoXp0tPJ:wdVTLGdOU/BVu7YOkioXetP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679588576, "uuid": "deb1c6af-0827-4ff5-99c0-236862e7969d", "value": 255488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679588576, "uuid": "c8ff4072-fc50-499d-9998-cbb0c93836c5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679588576, "uuid": "b9d65fb6-5d53-458c-8c05-7a49fc444cdb", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b86d8ea-c97c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577254, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577254, "uuid": "9d8f7af3-2b35-44be-809d-d738babb80e2", "comment": "Malware payload (Gozi)", "value": "92c2b60a06ef1627ef2be1379e6c4642", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577254, "uuid": "ccb56388-540c-4f90-b047-298867047955", "comment": "Malware payload (Gozi)", "value": "1a278fa43ce5b287c52b263165cf1e923ae0f1738a8a89088de9ef19fdbf8bfe", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577254, "uuid": "f8803494-2c90-4ecf-93ea-716e911f40a0", "comment": "Malware payload (Gozi)", "value": "110a40ac9ac65f9d4eed32e68f580dca2abaf537", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577254, "uuid": "4385a7af-ee0d-402c-98ec-5aef426c30a4", "comment": "Malware payload (Gozi)", "value": "ed040920ad4f402ee2277a57107b1f690e537e4fabce38ebb2ef799b8e5a43ca3aec46a0206f9bfa60aca3444075ffe8", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577254, "uuid": "1ac0844d-bf38-4a9d-be58-8e27e0f902ef", "value": "T16ED16B3682581FFF287631AD181852B625B2957B7A7F1CF7B47104E9250CB2081B6EEB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577254, "uuid": "2c7bdcac-89ad-47db-981d-c528711946ce", "value": "96:M/fnUwLUK8EzDM9ax9gJ3t5fUBkJFz0GqpbqfhhLrGiaUSc:M/fnUwLR8EzDM9a9gJ3txMvufPLrFaLc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577254, "uuid": "f1fd1976-404c-421f-965b-e732dd2555af", "value": 6709, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577254, "uuid": "9e236189-95cb-4f96-804c-bd1990dd8999", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577254, "uuid": "b72cc5ee-cdc3-4670-8c15-6cc246a47803", "value": "Fattura 3566 2023-400933.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05960f38-c924-11ed-88f6-42010a9c006e", "comment": "Malware payload (GCleaner)", "timestamp": 1679539206, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679539206, "uuid": "712c5142-6ae5-4386-b568-e8c9c0c25def", "comment": "Malware payload (GCleaner)", "value": "292037d48c86be45c2380b4c7f9f5a12", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679539206, "uuid": "efda0b70-6904-45e4-b4d5-7f74d8cf0b7c", "comment": "Malware payload (GCleaner)", "value": "1b3906f6e5109bec6501f12b7786a628fb232e6ed7c0957ed183360ce7bd452a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679539206, "uuid": "c2edb53c-9238-4eec-bf53-2c3c825cd5c5", "comment": "Malware payload (GCleaner)", "value": "483afba751b8bd49c61f6ed52fd58a1ac9924cea", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679539206, "uuid": "597c094f-a330-49d5-b10e-524b522ebc60", "comment": "Malware payload (GCleaner)", "value": "ff10bd97a44d3a7e8845af63df1acaaf5c55f4981ad348f1f36d0127040ab5a73ebe066a5b89b7bca6a18f51fc3990e0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679539206, "uuid": "d87bdfeb-516b-431a-bf3c-7cb7dbc5f7a6", "value": "T1CDA53343F3461DFADAF3F9701E25BE6A9702BE05B93D20BCA41E498A1F2E4D0944D785", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679539206, "uuid": "38be5714-2d4f-4cbd-8010-565da2bb9c8c", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679539206, "uuid": "a0d7304c-af12-4b9e-ab8a-d5d9f369eaa3", "value": "49152:EGlJfsNvVrVIRpiY2WwKPLNRyOXytf4ARwhudNJiFAJXM5dlLYp:5SvVrjpWlPxglQARNNJig2PYp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679539206, "uuid": "c7c67817-489b-4612-8d62-2b00c88127ba", "value": 2205684, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679539206, "uuid": "90391fb1-f2e6-4f36-8fbd-7136612de2ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679539206, "uuid": "01e4ce63-f444-424f-86ed-fe1ae88bab52", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e5888ad-c97b-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679576587, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576587, "uuid": "70278237-f72a-4b21-8997-3f4c1d94b4f2", "comment": "Malware payload", "value": "97413261e457137d87cb2cf795dcca0c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576587, "uuid": "0c64ccf3-b99f-42fa-9d9c-7110cfcd820e", "comment": "Malware payload", "value": "1b926491d3172dbfc5c6a2de4e8a7b3a7c67977391227fe5c72264f0824dc8c1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576587, "uuid": "92332325-bb15-4185-8e66-374866917e92", "comment": "Malware payload", "value": "58e8f2f06d9eb26f7df678dc6359678091006127", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576587, "uuid": "e3ac15c9-09d1-4f63-8d6c-7812dd595d1d", "comment": "Malware payload", "value": "fd42319bde23972a915512956cf7dee2cbcec0a35287ca7242e4877f5e3aed6cb5f5acb0c184a3a515faa0a20839c886", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576587, "uuid": "a8189b1e-b546-4858-b790-f531a4415b85", "value": "T1A706AE02FBA7A691E8CF813D12EB573F8E391754D73498D38EA214A9C8256D1773E390", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576587, "uuid": "85e8e04a-04c9-4af1-83dc-aa81bc3ef2df", "value": "a95ee170fffc34e09915d3707393d32b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576587, "uuid": "250336ec-0b83-440f-942c-4ff2c676fdff", "value": "49152:plCOVrlD3PQOGUCmyTvDuz1u+Tu31CPwDvt3uF7DCmcx/JL0s:TCOV5zGVAu+c1CPwDvt3uF7DCm0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576587, "uuid": "6d9c5aeb-2a79-4ccd-8309-53deac7bcc59", "value": 3755152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576587, "uuid": "acbcbeea-5bd9-4e0d-8d27-802211b9bebe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576587, "uuid": "30796bbf-946b-4fd6-b330-71ac9afd8317", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb61b5ac-c969-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679569227, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679569227, "uuid": "c6b2cca2-65b7-4d29-bbee-9c8d771eecc7", "comment": "Malware payload (njrat)", "value": "4ac97876e13ba932cc9f7c00173fd958", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679569227, "uuid": "21ba1f28-bc41-405a-85bc-c7ab94697e68", "comment": "Malware payload (njrat)", "value": "1c6935c5622b81350dffeed2f9fcd6c43645f73bb88d697d927495f45d02411b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679569227, "uuid": "bdbe7ab5-6a23-4ebc-9e33-6ca057c9dc5d", "comment": "Malware payload (njrat)", "value": "1c84938b4cf33bb6f4fd2cd5bf4734fda614bb6c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679569227, "uuid": "6eee0afd-5dde-4a31-9387-179afc761d33", "comment": "Malware payload (njrat)", "value": "24bac5141f63b61a3f0b721a785b2809969a07244d08e7fe6ac1a0af26dd9e064df3dc8763e99a16694c5f2846c8dd68", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679569227, "uuid": "451d203d-89dc-47d4-a767-d71fe95aa88d", "value": "T1C6032A4D7FE181A8C5FD067B05B2D41207BBE04B6E23D90E8EE564EA37636C58B50AF1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679569227, "uuid": "f523bfa8-f5d5-485a-8d5e-16469666f069", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679569227, "uuid": "532e65b2-b2f3-41b4-9272-b5b4ab205f90", "value": "384:LmOs0IiejvCVLO309QmykrtG+dA+VCwvOSifrAF+rMRTyN/0L+EcoinblneHQM32:RFdGdkrgYUwWS0rM+rMRa8NuL3t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679569227, "uuid": "f6ab046a-2f69-416f-be7d-ec5a76f86e6b", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679569227, "uuid": "79a3ee68-e103-4707-90b5-9d98e9ee3395", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679569227, "uuid": "e3c42ed8-49ba-42b8-81df-24b4242356e3", "value": "4ac97876e13ba932cc9f7c00173fd958.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f9ba2f9-c915-11ed-88f6-42010a9c006e", "comment": "Malware payload (LummaStealer)", "timestamp": 1679532942, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532942, "uuid": "b9b7f560-e922-41f0-bb47-941ba6fbb950", "comment": "Malware payload (LummaStealer)", "value": "55827b9ac95087ae344311a8a316b4f4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532942, "uuid": "ec45b27e-81f8-40eb-bf94-8746d7ed9fcb", "comment": "Malware payload (LummaStealer)", "value": "1c716eba8d314a13f73edcbbf6dce4107f131982cc0a31cef6c89a183d88268c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532942, "uuid": "b9138357-4b43-45bd-8bc7-c555b8fde52c", "comment": "Malware payload (LummaStealer)", "value": "9539a3e39e421bba13d3252326528f32825a7932", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532942, "uuid": "75b6d9eb-d763-4342-ac36-a69d65e773fc", "comment": "Malware payload (LummaStealer)", "value": "ba6d82db7348738ad5787d762b3dec154196840d3f18511a6a342013fe6e15b83c7a9893ca9b56d7567fe5e9cf3fe9cb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532942, "uuid": "8e9ec5f9-fe0c-4f9f-9881-a09da7d2eebd", "value": "T1A6847C0253F36C21EF2347728E2EC6F83A5EB8615E5B6B5E164DEA3F0D701A1D562309", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532942, "uuid": "a37f4507-f7a9-4dcf-9368-183d5d76ed9f", "value": "18027003e68ded455b288db03553d6d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532942, "uuid": "112e7664-ca23-4c9d-94cf-9566e9bee58f", "value": "3072:nbICCTP3zlrH84ATB7+STtSPOXWfGQvCwBnxu3OW6w/JrU1tYHTbShxIMa:ojR44aVnTtDWPvbnM3OWVe1cX+F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679532942, "uuid": "d1f6ce56-dbd3-4648-b811-1bb745712969", "value": 397312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679532942, "uuid": "a62fe53b-1f29-4246-a6fe-9b76d260785a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532942, "uuid": "6f0b1906-05f6-4054-aef5-554fe5523912", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "859a3617-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679564332, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564332, "uuid": "0b24038b-1d99-40a7-8432-4e161edc2ae6", "comment": "Malware payload (Heodo)", "value": "deaaf635aa87a6083dddfd6c006a2105", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564332, "uuid": "96c0747b-9f82-4a24-8668-86cd642af9bd", "comment": "Malware payload (Heodo)", "value": "1cf847f34ea809171627e88bc29b111fb3ff1b15d77137a3b9f9e3a5e693aa9b", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564332, "uuid": "092a7542-f923-4e61-9cd2-fbf6b832cf45", "comment": "Malware payload (Heodo)", "value": "499d81f4bd23fe81887cd5b2d4b5f9ed8fe9288e", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564332, "uuid": "21e46961-dad0-4550-95c3-4abe796b316a", "comment": "Malware payload (Heodo)", "value": "553a3622ae44176cbbfae83d00f9b889476ac293f20f46da094c20ac9163931ed285dcc225c8a35b956502d67f380f1d", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564332, "uuid": "da5210c2-612b-4369-aef4-a8aa94c19714", "value": "T10144F9CA6B97548CC060A3FE300476E6433947E3E970ED34E4959C2E8D66F8E61F4A9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564332, "uuid": "816adfe5-f667-403c-a0dc-a476a9006da8", "value": "3072:kNjcvQx377FjDDRX4UzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaC:kmvQp1DRXKXm5ZGa3vRXm5ZGa3vuVF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564332, "uuid": "7f63683a-1fc7-4bcf-a177-188cf688cb44", "value": 268308, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564332, "uuid": "e4fda955-746a-4c15-b9c4-984b7cbbfb7f", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564332, "uuid": "c0361095-a903-4d3a-a5ca-49c010388c53", "value": "innovinc.org.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c267898-c97c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577120, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577120, "uuid": "a12c694a-c641-4bc5-882c-a9f3ff56bdbd", "comment": "Malware payload (Gozi)", "value": "0caf9b34ec894ec02e884bc1b7299b02", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577120, "uuid": "a4001894-620a-468b-bdca-735014f1287e", "comment": "Malware payload (Gozi)", "value": "1d5ddda92cf90bf329c79d18bc0db08bdba52465d4a47a4d9118661a24a72465", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577120, "uuid": "103b342f-f55b-4d87-b44a-953a1a90d434", "comment": "Malware payload (Gozi)", "value": "55f4ebc58a1da96a6f9861ca32471bebb09494c2", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577120, "uuid": "47f67bc8-de0e-4e24-a7ff-124694270602", "comment": "Malware payload (Gozi)", "value": "2709a73b36181f67f069a8a642cb3c55fb2713a9c2f54b8a7dfb48109c64fe7def2e531e352768da465ed6d387a0a6a2", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577120, "uuid": "e6357a79-4c71-43a5-b98a-661d8cba9170", "value": "T1C0F2AFC3DCE49971ADA633DC15EA2E4B52F9BC3220B79455CC178F076713129E239A8E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577120, "uuid": "c36126d7-6c8a-4aa2-b8a4-9fe32eeddc66", "value": "384:9C/x2ewJ3IH68wR70w2cU5yyyYWG9VcXallll0WRvg5vgavgavgjaBw:9W1lbLw9uYVO6lltw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577120, "uuid": "da4c5c48-9995-4dd4-9f67-dab78992bb43", "value": 36192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577120, "uuid": "cd65504c-734b-4332-8933-9dc835a514f4", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577120, "uuid": "6343fe80-f178-47a8-8e20-7f90d3d7d357", "value": "documento6.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "777fee61-c9a8-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679596091, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679596091, "uuid": "07390c74-b795-4ffc-b7b2-7d0c46ff96bd", "comment": "Malware payload (Gafgyt)", "value": "ce98a710b21354c5402e0fbd208fc58e", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679596091, "uuid": "468f9e57-b7dc-4db9-b02a-157ce5289e99", "comment": "Malware payload (Gafgyt)", "value": "1da5373a9a1badc39acd477607f58f7046430e7cc9894b16a219126b9c4c1c49", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679596091, "uuid": "f2d70575-834a-435f-a32e-eaf71ee55a08", "comment": "Malware payload (Gafgyt)", "value": "0100ec11195062f992d497fa212254aa811095b8", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679596091, "uuid": "2da1740e-2298-4d06-b939-fa7c8560102f", "comment": "Malware payload (Gafgyt)", "value": "fffff6fb64101bd076add1c782f796b850d4fcb8ca8dbfcf6f758966c0edc870c77f1d9efc00a2cd3273bd57bdb25a2a", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679596091, "uuid": "be14030c-0b19-43e2-99f8-74954a8bf366", "value": "T13B836B23A651C6BBC0875BF91BDBD6615023B8B90B33720A73D8BDA92B36DC45D5D302", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679596091, "uuid": "8898cc99-6172-4256-8027-ecf955d6956c", "value": "1536:UB7crF7FePF5tZuEqdPUq0aJb9sqx3CjrM3XYuWIr8UmoIYuOVje+ZNne:URQFet5O7dPr0oSwyjr4XYuDnmrYuOVA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679596091, "uuid": "b17ba201-700a-414c-a4a6-ee92cb2698e5", "value": 85803, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679596091, "uuid": "ca640756-9723-4997-ba73-be5cafc88b99", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679596091, "uuid": "03467708-8d82-43d8-8158-ccaa1e70e6e3", "value": "x-8.6-.SNOOPY", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d36309f9-c91e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Tofsee)", "timestamp": 1679536975, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536975, "uuid": "7db80986-500b-427d-bdae-775b95513c11", "comment": "Malware payload (Tofsee)", "value": "7a01c232135c3a5c9eaee31dbdc33786", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536975, "uuid": "b1c9cb21-86e3-4ee0-bee0-21f9d2d84636", "comment": "Malware payload (Tofsee)", "value": "1fc287e8880a966edcdd9a91f08bf4ff5771d0f378c7e71774fb42012430f28b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536975, "uuid": "bf32b998-ed3b-4d42-bc57-33682e400a38", "comment": "Malware payload (Tofsee)", "value": "44394f789aeab98aee0d7030b76678dccb193b78", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536975, "uuid": "fd8da18e-4161-42b7-9459-9514a54cbb7a", "comment": "Malware payload (Tofsee)", "value": "2b3c13536b354544d519d4ad22f1959d7d1dc15500dc5d54338f6d13d11e81429d7efbdcfa32ac2468d0e7febcb7246e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536975, "uuid": "e6993c44-8aee-41bf-84bf-7a635fd92678", "value": "T158446C4253E36861EF2347728F2EC6F82A2FFC619D5B7A5E174DAA2F09701B1C552312", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536975, "uuid": "1c33aa1b-2ab6-447a-8b83-155a1fd67a28", "value": "0c7d5e3cc418522bc761bfea9cf074f4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536975, "uuid": "d7187157-4605-47d8-b2e2-396cca946950", "value": "3072:NoCMyOOmLgYgxabNETQL8lVU6xzRHsVPv4J2t+yt8LMa:EtLGxsNDgplRHn2t9t8A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679536975, "uuid": "dee313cb-f50f-418f-a75d-c5633431513e", "value": 254976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679536975, "uuid": "0852c3d1-93cf-4efe-a904-b91766aa6fc5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536975, "uuid": "75795d33-b24b-4a06-a785-94f7bbb2674b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31dc7e44-c919-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679534556, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534556, "uuid": "a03d0d8f-8c4a-4600-a0da-8f48559fe0ed", "comment": "Malware payload (Smoke Loader)", "value": "b2df5c85ab6ba6f96deff7bed9b65f57", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534556, "uuid": "8a524f8b-c2c7-4c3f-a91f-de3158f3eeed", "comment": "Malware payload (Smoke Loader)", "value": "210a7a0639ebf697fbac79ad02ac07a28424654ac12829aa4aef427f504f6749", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534556, "uuid": "26a1a79f-f8f8-487c-bab3-e96e3ab447d5", "comment": "Malware payload (Smoke Loader)", "value": "da68b7044d6c1e4538b252687f70ba60d0a547ff", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534556, "uuid": "4b592364-1e97-48cb-a9ab-60ab99daae2e", "comment": "Malware payload (Smoke Loader)", "value": "74591cef4298929a46e057fbba9796a56d93efcebab601c88fea46218dda216335e01c6f57fa416bd8e36700e11453f1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534556, "uuid": "1d78c9cc-340b-4b8f-b907-11f03950a3d1", "value": "T1AF745C0293E37C60EE1247728E1EC6F86A2EFC619E5B7B6E164DBA2F0D740B1D152705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534556, "uuid": "6f8888a5-5ab9-4940-befc-68736c4f2e6d", "value": "cd10f4930e443428517f91868d83e9a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534556, "uuid": "b0d51769-8679-4ddf-a41b-674494b9ca3b", "value": "3072:7M9+oPDtGzftVnDY5QJpXtkyGcK3/+6Efpd0JcJJ:oYI5evGLP+6Er0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679534556, "uuid": "24920205-e0d7-4d5a-b972-337f6c6aad71", "value": 368640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679534556, "uuid": "00cc4ad9-1a94-4ece-a325-6e9d3cf4bf61", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534556, "uuid": "1010cd55-8410-4cde-8e82-141717feae12", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab4f03e7-c91c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679536048, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536048, "uuid": "91843a80-53cd-4299-ad46-5392d920739a", "comment": "Malware payload (Stop)", "value": "8ea60a591c9008d6c9591a88a234f844", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536048, "uuid": "a2e81f94-de4b-48cc-89dd-adf0d9f1e532", "comment": "Malware payload (Stop)", "value": "2144fcba25786b3a40a26396f540ac398602956c826402a96f191abe73ac1bca", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536048, "uuid": "04b2a0b4-2a88-430c-ada2-0b9f365494bd", "comment": "Malware payload (Stop)", "value": "32004b928c4c3b3b003c5aab2cf12b525567930a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536048, "uuid": "623e36ff-1849-4306-ae83-6e530264c1ac", "comment": "Malware payload (Stop)", "value": "e08c06c77803419a3f543b2eb243e245ef7bf0b5de8167517f466aea6bc3674e21bebd11948cc0a67bdeda145443e0ea", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536048, "uuid": "62bfce7c-bbfc-461c-9e0c-487cf2fcb135", "value": "T15B15F11213E36C71EF1747728F2AC7F82A5EB8209E1B7B6E124DAA3F0D701A1D566705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536048, "uuid": "d5b3a2d7-b0fe-45c4-94ce-4964fc255292", "value": "18027003e68ded455b288db03553d6d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536048, "uuid": "2b57a259-4143-4b1b-83af-6be22c3655b7", "value": "12288:9dQ20eXN2r/6S5VgxjZwmIFz49ghnY8o1/Jtl6pdNL6rulxrW:94eXN2WSAyb5Ggg1x2pGS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679536048, "uuid": "b844e1e7-00f8-4e1e-a33f-88978ba255f7", "value": 916992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679536048, "uuid": "e0b6de56-f8d2-4166-a288-df992ee404fa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536048, "uuid": "f4644e5c-37d0-4524-9efa-0f7777c96089", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4eac2c82-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679564240, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564240, "uuid": "901af7fd-c9de-4cc0-91c8-f39a2275369c", "comment": "Malware payload", "value": "f45a24c4f95ebc9c77e61344b65872f2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564240, "uuid": "bbafdbbd-e1ee-490c-8332-2cb52878156a", "comment": "Malware payload", "value": "21d213c4a54955d404e6a82297217a66bf52cead08e73c5411637b8daf70fd73", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564240, "uuid": "9b70cf93-bf59-448c-b855-8a7ded981ef2", "comment": "Malware payload", "value": "2de0c42c45b788547ca6226f4c45da792d41ab59", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564240, "uuid": "58a597aa-76c6-4fb1-bfeb-98e1e6e2bc94", "comment": "Malware payload", "value": "0a14bed239a207bc43c5d59a064ffe36f887f00668126587ba1850455b3443c8149b739eb788a2835f51d08c70784a40", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564240, "uuid": "cbee0ff8-af18-4217-b3d9-7eeada660f3e", "value": "T19534F907B642EAA1C3865B72D4EF452043B1E5C377B3D74A3D9923DA0D223B99D092CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564240, "uuid": "1826f3a7-8bb7-4d26-a829-23d76a4c02d3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564240, "uuid": "fbd7852c-b597-4b64-8d9e-7cdc80e3bf56", "value": "3072:5DUgHdym+kKk3CRH9Lnr+qFDhTchMr4Bhi9k49SvElMZ+pi/oSxiT77jt:5Dp9x+kKQCB9jhTcmsBs9X9d3pi7iT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564240, "uuid": "3ae5d1d7-293f-4ee7-8c52-c8ae67a8f438", "value": 247808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564240, "uuid": "97666791-f376-42c2-8abd-ca5fb19d77b8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564240, "uuid": "4f43b37a-8fc8-4cc4-b782-105832341b9d", "value": "f45a24c4f95ebc9c77e61344b65872f2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f38ec1d9-c942-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679552490, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552490, "uuid": "6d4e1679-5f62-4e5b-af98-086ccfea0a09", "comment": "Malware payload (Heodo)", "value": "c6fc4fb33209728feb0ab7accb4c7333", "object_relation": "md5", "Tag": [ { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552490, "uuid": "415eda94-4084-405b-be41-7cb240387fd1", "comment": "Malware payload (Heodo)", "value": "221e80e8fc50a45ca8cc0028f4e57501aebeb8d1959249686ea8571df0ceea91", "object_relation": "sha256", "Tag": [ { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552490, "uuid": "c8f5c103-f327-41f1-9b96-ddeff179d190", "comment": "Malware payload (Heodo)", "value": "61ca706bf215e0b490abd0e75912a83c4d790504", "object_relation": "sha1", "Tag": [ { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552490, "uuid": "0a88b25c-3046-431a-8ec2-56493fe94ee0", "comment": "Malware payload (Heodo)", "value": "9b47a9260655f7b5b4c3cce01543f45431f9c427bf4fe7c24bd48cffc8d6a33a0bf195e11ea01bf22fed41a54a0a78ee", "object_relation": "sha3-384", "Tag": [ { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552490, "uuid": "77d0bb9f-91e9-4e46-b82c-2c1aab177426", "value": "T16844F98C7BCA5ECDC224F379794BC8C5456C46B2CAF1196CAD8ACC158DA339D87E908D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552490, "uuid": "1a9a3a4c-3ff1-4ffa-8f94-a27b31d9047d", "value": "3072:xXzeHrBwsHzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaBtuXe:FeHrBwsYXm5ZGa3vRXm5ZGa3vP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679552490, "uuid": "a1734e82-0837-4e60-a293-83101a1711b1", "value": 268004, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679552490, "uuid": "61c00991-4d06-4eb5-a7e3-ff1b1ddd2fda", "value": "application/x-tar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552490, "uuid": "296c4411-fc6d-4e23-a325-8775f336cd39", "value": "invoce No FTI10717 22_03_2023.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af0cd1d7-c997-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679588883, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679588883, "uuid": "09def971-0c2e-434e-ab32-393a772b43d5", "comment": "Malware payload (RedLineStealer)", "value": "6c424413c57edbfcc0ba98b54e0d3de7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679588883, "uuid": "c720be53-45de-4727-9def-6250bcd6b65f", "comment": "Malware payload (RedLineStealer)", "value": "2263e60cbbd7480a32cf5232199fea08a6d90249d97489ae9271f56b8d486309", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679588883, "uuid": "d0e40933-ad15-4598-971a-606a6c28c847", "comment": "Malware payload (RedLineStealer)", "value": "78981f49bb012b6379a7ef7ced9c4ed3b32c2086", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679588883, "uuid": "8631daa2-10ed-4f88-ba5e-baa6f4fe57de", "comment": "Malware payload (RedLineStealer)", "value": "ea7f0fb4ed7f8c65925d3e2186f751476a5f2dd2481e820bcab80d8abd89de34a15ce611e640ad182450b859cd6e4700", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679588883, "uuid": "5a0ca606-6768-464d-89c6-45db64f7a032", "value": "T1D874E011F291D0B2E55705384A26C6B09EBFBC706B5542CB2B4C7A6F1E317D2EE3A346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679588883, "uuid": "26387705-1fce-42ec-9c00-b980bf3a029a", "value": "1a1f360ce6c706ec6136d71fd36c1fc7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679588883, "uuid": "2ae7a0ec-acf9-4f6f-a6af-c1c75b61419c", "value": "6144:2syW2VL4Q96937TiW/9igriUZeBdnKKzIK:TyW2VT969rPZO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679588883, "uuid": "ea6369e4-3b8f-4a73-9637-5faf6a2c0fb3", "value": 354304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679588883, "uuid": "86cc9139-3810-4866-a5de-2c56a6955a69", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679588883, "uuid": "537d530a-27d2-4449-997b-2fe0e01109e6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b6c0593-c99a-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679590085, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679590085, "uuid": "22ff169a-61fd-469e-b2e2-4ed5c731f87c", "comment": "Malware payload (SnakeKeylogger)", "value": "e845619578fee912f0a684784f863098", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679590085, "uuid": "7f726c96-9cf5-4b54-8c76-c2cfec8f22ae", "comment": "Malware payload (SnakeKeylogger)", "value": "22a276583ef717ae772867c3f9018fffd4db027c86133f3497d2b002f4910d54", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679590085, "uuid": "27af05d8-febe-4760-b54e-d0fb4b637794", "comment": "Malware payload (SnakeKeylogger)", "value": "c64707c1179d3234c89785cff5024441c5f1789f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679590085, "uuid": "1988db08-bcc2-468e-a5c9-600ae04de182", "comment": "Malware payload (SnakeKeylogger)", "value": "4a83b51284e20703a74d9fa03f3b5548258ba1f5d09a72c17dc15d89497d598fcfd8f813f12630fb295f0c00739d884a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679590085, "uuid": "51fb9585-5f66-401f-ad14-3902a271724f", "value": "T19005D004BD7A0977F8EAD2B41060273A03B4BB615466E6898EFDAC9D2CDBF5301C465F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679590085, "uuid": "313cc93e-e1b0-4a2b-824b-bfb05a17acf2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679590085, "uuid": "f9e49648-65ee-4afa-9025-03c648f78a3a", "value": "24576:h8QByUZGFQL+nWN+922us2ktad4Z5G5a:eQBVZ5qnWSmsdGf5a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679590085, "uuid": "846fe0e1-389c-4700-a5ce-bede39fb9bc6", "value": 796672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679590085, "uuid": "b5b0d8b1-8ee1-4063-aac9-8dcbb4a35fb1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679590085, "uuid": "57773277-7ff9-406e-aee8-7edb39d6c431", "value": "Order RFQ-012723008_Pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2266c4a0-c941-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679551710, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551710, "uuid": "ad3983ff-79ec-4ad7-9514-33672ba06a17", "comment": "Malware payload (SnakeKeylogger)", "value": "2dd2ecb8470da41499622db0c5ecc953", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551710, "uuid": "42728173-9092-4306-b706-2ceb1bc20bf9", "comment": "Malware payload (SnakeKeylogger)", "value": "22b3c8355218fd0218d45ac51ac53e1322b54674e19bb8d428d8937e246dbb2a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551710, "uuid": "b453129b-78bb-4c0e-bc96-2e20e74546f9", "comment": "Malware payload (SnakeKeylogger)", "value": "6d95773939219455665e6f9b49f4d0628f29791a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551710, "uuid": "682b9627-3cfa-4eba-9573-2e6817fa8e25", "comment": "Malware payload (SnakeKeylogger)", "value": "1f15c2b7dbe57507a71116424ce3e2a4b713b23b78012105285ce431485b5a9d6caf662f352924fcc8f153ca19fae4e8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551710, "uuid": "88d821b8-fcbd-41bb-8dbc-927bebed8d9f", "value": "T1DB359D0678D41AEAF77EDBF4C1E115EC03F16283940DEB2DCDC0A4DA1A247C36A569A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551710, "uuid": "dab9d8d0-7426-4eae-abad-0ce62faaf477", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551710, "uuid": "671d5371-ccff-43ff-9942-300ac672f00f", "value": "24576:tqGnNNycpUAELKV5UkvvWWJFVUkXO/8BOcpEujGRDyoM1iNT8Hs:UcpFE6WWJgkBMDyoWiQs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679551710, "uuid": "a633b47c-71fd-4f53-b2b3-b6d8f7b9a314", "value": 1145856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679551710, "uuid": "b1e41deb-b3d4-4b15-a0d9-b3ca98d6c644", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551710, "uuid": "4a8c604b-7489-4031-af5f-707ecf1434be", "value": "2dd2ecb8470da41499622db0c5ecc953.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "10581301-c9af-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679598924, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679598924, "uuid": "a59d7fd4-ebcd-4a3a-ab53-759a4d8ccdef", "comment": "Malware payload (njrat)", "value": "00bba72f9fd1aaad1e083a27c14a7d2d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679598924, "uuid": "10a15a51-74eb-4f14-93d2-b7e71f8539c9", "comment": "Malware payload (njrat)", "value": "22d63c0ca31019e77eb995fed035cac211e6d82e24e6d54105e26adc0c2d0373", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679598924, "uuid": "8ac42274-6389-44b4-ad3f-7aab58012559", "comment": "Malware payload (njrat)", "value": "c04b8f0907575cac9e9c1058ab11733814394c29", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679598924, "uuid": "274c6e01-5515-4826-8bbe-5c2098b50176", "comment": "Malware payload (njrat)", "value": "94da7e9845d99446cf6cb60f21553e094e0800703492d85295bb272080559a87d3ea0abdc48ca6b623579a7a069e187e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679598924, "uuid": "17873630-a0b2-4ea8-84bc-1f39b5585339", "value": "T11B64B022B9C0C471D46618350AE5D7B27B3CBD301B264EDB97982F1E9F341E1AA357A3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679598924, "uuid": "6b1eb3b0-9628-4b68-bb8a-6ebc715fc3c6", "value": "91e96141ed5dbe3bc541c8aad7ff3c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679598924, "uuid": "8e1ca827-f60a-440d-8bb8-d1cf436c4a16", "value": "6144:XdL2uWkVLRR1wOe85TjsugzAgT+tkE98F0lAylgQS:NLllHPwOl7gT+tkE98F02ylgQS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679598924, "uuid": "39389958-ead6-4f43-8b40-a709b35c2c56", "value": 314899, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679598924, "uuid": "7e6440eb-5965-469b-ae59-5c116e7ef365", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679598924, "uuid": "a9773500-6e10-487c-8334-207dcd807ba9", "value": "00bba72f9fd1aaad1e083a27c14a7d2d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a2b68fb-c998-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679589143, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589143, "uuid": "d9d622a0-0ffd-46fb-885e-8c88bc393c53", "comment": "Malware payload (Mirai)", "value": "cf9bcc590957bacf7926a2d42382a73b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589143, "uuid": "a3227d37-89c8-4f2f-9ba6-d04f5b717511", "comment": "Malware payload (Mirai)", "value": "239878fe3034ec1f139c0a6b9c9d51cd4d7cb94d6905969658ee8ec9c895ca40", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589143, "uuid": "f8b28e66-43ec-40c5-a377-ddd64180d9e3", "comment": "Malware payload (Mirai)", "value": "2ae044a221c208e251cd0c9b595b897832fb12e0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589143, "uuid": "c6818ef7-f33a-44a2-bbd2-044d63009fd0", "comment": "Malware payload (Mirai)", "value": "3b784729035b50e24a3fe0d58383e34233ca8cbe24f32a93e84987399dd98c5191a3d8c353192ce18add040ff9946aeb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589143, "uuid": "fd104f7e-de73-490d-b869-3e63f9a6e82d", "value": "T14353B4C3AF623EBBE1CAFE72E5E5D70420EE4401A7891763B5D8CD00D51F98D28D6668", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589143, "uuid": "e1c3e29e-a918-41d7-a741-83b97ee8fe72", "value": "1536:bO1lVTOXfONU4NLU3IdB100cRFE4eDxB7:y1lVTOXfOy4NQ3IdL0Jgz7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679589143, "uuid": "712b9cd1-77a5-4c22-a351-0bafa79e5c7a", "value": 65535, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679589143, "uuid": "b5fee591-46c6-4cc0-acd1-0cf19e848d68", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589143, "uuid": "37c146dc-07dc-49fb-97e2-be5327029941", "value": "cf9bcc590957bacf7926a2d42382a73b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "547a4487-c993-11ed-88f6-42010a9c006e", "comment": "Malware payload (Vidar)", "timestamp": 1679587013, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587013, "uuid": "fed1fe2b-b619-4f59-98ea-bc0cee6ca5cf", "comment": "Malware payload (Vidar)", "value": "0590b2409eb38418e064b552945b3f91", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587013, "uuid": "52faa3c7-c071-425d-a3e5-f8e8fb92c1e6", "comment": "Malware payload (Vidar)", "value": "2453f0f1232d73d823f5bd2dadf48fb18cff82604d1613d1707ae6fb451743e4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587013, "uuid": "356eb23e-8f30-450b-80dc-74432fe091d5", "comment": "Malware payload (Vidar)", "value": "ddf8f28eb904f387dd9430082fc8abac98c61efa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587013, "uuid": "a0b5b144-c15a-4def-b61b-230a4b80f689", "comment": "Malware payload (Vidar)", "value": "dc148d26aa20f7d35e4614f06c6fa6afec81a4693b594a340ce4307eface3db92cd8149560f3dc9b836614eafa5d3692", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587013, "uuid": "a3d43087-5bf7-4d19-aa9c-445e958e8f36", "value": "T10F46233327F86588D4819C384522FFA535F50B9E5E229CB869DD39C12B315EDAB326C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587013, "uuid": "779fb782-f4a3-445c-9005-d5d43d44d9a7", "value": "d77afd5ed20b76e0466e87a7e2cdee1f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587013, "uuid": "472e33d8-8494-4c19-8e36-83e696675b77", "value": "98304:bWFfqP11weDNI1HxzWga8eINvg/Tig3cxq1p0rj/KWCdo0qZIEBdBH1:CBqHweDNI1HxioZarigswpCC+TP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679587013, "uuid": "8e9ced36-b153-4068-baa1-ab2c5e83dfc2", "value": 5628928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679587013, "uuid": "38ef87d6-6894-4af8-9811-c38f4702477a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587013, "uuid": "b96e13c4-6818-4e70-924b-c187ba271eeb", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cfbc2e0e-c994-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679587649, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587649, "uuid": "4b3c8c66-c132-462d-a4dd-dbc1e0f86249", "comment": "Malware payload (Smoke Loader)", "value": "efa38b382d4573acf04a35d0add913bd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587649, "uuid": "2bf5cc94-edfa-45fd-8ded-8bd9afe431be", "comment": "Malware payload (Smoke Loader)", "value": "2460b900e7cca5a66f1d84ba794d0a471496165b3225e9e7a9acf6ee1ec8e887", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587649, "uuid": "41b0c27c-1edb-4eed-9d93-38f091dfde1f", "comment": "Malware payload (Smoke Loader)", "value": "95f164e9809d34d9d0b95ed2d26932762f18c52e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587649, "uuid": "8472c600-79a4-4436-9fed-69ed418d32ef", "comment": "Malware payload (Smoke Loader)", "value": "e1b779c8487bccb313c7ce67a5e03cd8b1d7638b3b65a4fc78c33aea90c03ec150bb438781efb58b12aab53f481565ba", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587649, "uuid": "cdcaf4bf-20a2-4a52-ad3f-3ab25307b50c", "value": "T11E44CF2273D1E473E95B05388811D7B07A3BB8B14B1589D73B94927D4E317E1EE3A38A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587649, "uuid": "23c4c48f-0295-4ca7-a09d-70db49c877b2", "value": "82f9a3111ed4dfd5fb803f88f46422ca", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587649, "uuid": "414e6f67-ba93-4b38-a34f-5222b219a617", "value": "3072:jUfGVdpcaV0LkN5iSx3ffSOp8Ij39aNKwycwt+otwk3mnLPzJ5Rupot:acV0L6Ew3zp/9NVcEtkLR4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679587649, "uuid": "134e88be-392a-4b3b-a09e-09e5050ca107", "value": 256000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679587649, "uuid": "d33b1f07-8941-4c71-b174-3002d9d1928c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587649, "uuid": "ee68af59-6bdb-43aa-bc01-8f8bdf53fbea", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b310500-c99b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679590380, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679590380, "uuid": "da9efa3e-0f3a-4a6c-ba14-0e3cfde3e494", "comment": "Malware payload (Smoke Loader)", "value": "0f496a47572d7829609f36d553acd99a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679590380, "uuid": "7578f8e4-ffc0-4235-a6a9-0ca0ab0248c2", "comment": "Malware payload (Smoke Loader)", "value": "25e47e9a6f3a3e0fe5301a3c5da1de51e3dc9734c04512b3275a6b27dbbadbdd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679590380, "uuid": "7e25dc8e-44ac-4b5d-b7e7-82d5a82c2b84", "comment": "Malware payload (Smoke Loader)", "value": "7cc919bdf8bcdf96a7f2032cbcb14064053db3b9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679590380, "uuid": "389b9289-710a-4119-9f10-e50f07ba5f85", "comment": "Malware payload (Smoke Loader)", "value": "d68439f99dd62a1df9e60adba83c941b34d8a8c804c78dbeaa1d6e6c12ec206c3a6e9b93cf490930a7bbc700208c8f64", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679590380, "uuid": "2690b7a9-2a69-42fb-98c8-a09d4ba04359", "value": "T14A44CE2236A1C872E55B44398825CBF46E3FB8704B6786DB3B44527D4E723D1AF36742", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679590380, "uuid": "9a7904a1-a7fd-4200-87f0-feffe3222a4d", "value": "1a1f360ce6c706ec6136d71fd36c1fc7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679590380, "uuid": "7dd702cc-ddef-4079-877e-31458daf59a7", "value": "3072:KtCywKyk+VTLZW9NdNtG/l1yPqlJ7IwvkKNGR1ZZJJpbloEd5RVkEl:9LVTLmN/tGN6XwvkKMxXJpbeWVkE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679590380, "uuid": "b765e91d-9747-4638-bd62-e5fd5c3cd8f0", "value": 255488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679590380, "uuid": "960b25ec-70bb-46c5-b799-90829b831c3f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679590380, "uuid": "5d1f011c-454f-44e6-ae75-7070ccdea357", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6d23ebb-c9d5-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679615551, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679615551, "uuid": "41a12354-12f1-460b-ba55-a0a46a603e31", "comment": "Malware payload", "value": "cc57c91249af3c2e1095be3c872f4a86", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679615551, "uuid": "ec1bf5eb-1ccc-4704-b94d-08e1422b7134", "comment": "Malware payload", "value": "2649d65bd971a74b63f9cc854134599ce6f3829f4f6fc56c105ca7eceea7cf66", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679615551, "uuid": "ab5457b3-e071-43e2-9b60-7a4505c87565", "comment": "Malware payload", "value": "bfb2b936a4bc57c19582b3c6071d1bad1c5767ba", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679615551, "uuid": "84fc2162-d614-471f-8e7e-7e6d3bb8ed97", "comment": "Malware payload", "value": "88f938c5786da6737b7809086c242b775185a1929277ed97cf110b2c4f5ff28d1f682caf6b1ca8cd4c2f13e79479600a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679615551, "uuid": "72233dda-61cb-4b68-b239-021478d7f312", "value": "T19974E0127284C832E59601358936D7F95A3FBC714B2556CBBB807B7D2E313E1AE3139A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679615551, "uuid": "f1037e5b-31be-4d3e-94cd-dbc2ecb8a4d8", "value": "f74196ae98b7afb3677d1c2066ccd5db", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679615551, "uuid": "5cfabbc8-516e-4d50-b834-1d5f575f808b", "value": "6144:N7ag2fLXK6WsaAdBLDdfMosjCdqkn0C2VIQv/h1HufmQ4D:Neg2fzK6WsaA7dfMos+4BzP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679615551, "uuid": "e1b73164-01c3-41d6-a063-53f5e665a435", "value": 363520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679615551, "uuid": "ed5c2d37-8e38-4ba7-b4c5-5e9d552f296a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679615551, "uuid": "af3a8286-a838-4da7-b659-469512a6d8df", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17819b10-c97b-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679576603, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576603, "uuid": "d6ee0c00-9b67-4585-8dc6-8f85acf91850", "comment": "Malware payload", "value": "c43dfd320fd77c77378f65c5090ec034", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576603, "uuid": "ac3f051b-0da9-4b43-a841-7e723f3434fd", "comment": "Malware payload", "value": "269e59fc701c7e0b02e2f16f983619ce49a1f579080189da7f659fa19fc44be3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576603, "uuid": "f927fa27-8b79-4a85-9584-cee07e866a20", "comment": "Malware payload", "value": "0d2156b89eb122ec4a735610bc5c96e31debfe71", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576603, "uuid": "a7020e7b-1ac4-4c32-bf27-11d3f9894cb5", "comment": "Malware payload", "value": "af29ebe028a79d94b6f4f46fb1eba9d0f1298613c45d9a34e649f4bc6a1ffbc751d004769896edcb93249a1b36272f6b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576603, "uuid": "ec1e7026-e211-4bbf-93b7-359763ef047f", "value": "T1D4646C52F9409036F9D201B6D6FC4FB79D2D9934272990E3BBD848B45A205E2F639B0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576603, "uuid": "71169a30-4adf-4229-836b-a78dfaa24763", "value": "36356fc1624780b7dae2e5a4d7840503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576603, "uuid": "265aafb6-8b20-47af-a613-0bfde2d1b920", "value": "6144:MjqUB8rL7lE4T4XSZc+HxZaUzw+kKNXBw6Zfpos9R5IYd08EujEfAjfTOVBO8ODi:MjqUB8jlE4T4XSZc+q3Td6ZpoQ5I18E9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576603, "uuid": "2890b1a7-1fc2-43d6-976b-1477cce14947", "value": 327312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576603, "uuid": "5977468b-f520-4ef1-891e-558a16a72605", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576603, "uuid": "713f1236-0df0-4d2c-ac71-429f2dacb8fe", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03a650c3-c97b-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679576569, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576569, "uuid": "cfc83f97-5ea2-46b0-acc0-b918c5dec349", "comment": "Malware payload", "value": "841f236091db7bb2beb2d2ec03482074", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576569, "uuid": "5641cef4-150e-49a2-a18a-2d4bcb37b710", "comment": "Malware payload", "value": "26df706f7154cd8d18687fb72dff65e7a2b10715a74db79e92d6ddeacfef2e20", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576569, "uuid": "4bef05ff-0306-41a8-a0a5-fba028043af6", "comment": "Malware payload", "value": "e726201bc2a43ca61cbac4a09ae0e87b5798731e", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576569, "uuid": "8c38853f-7fc5-4833-a9f8-47c5b3d193fa", "comment": "Malware payload", "value": "d9d759994d9b92dd3cc396e5ff80919cc21fd3fed886f00c9e6b15e3472ff6b55a3038cf652f8afaf1c514adba9549cb", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576569, "uuid": "68d405f7-bd75-44cb-9313-254b98371a96", "value": "T1E695BE51F223DA48C2195375CA81DAF01BB1FC09EE129E1B7995BE1A7E773C03B21792", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576569, "uuid": "917d88f1-f318-4b3f-a97f-16d996e21cef", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576569, "uuid": "e6653e71-36ea-4b07-b000-7b29799c9a2e", "value": "49152:JyCjIylGC+wzZAElWCaPbGZfkuR6C3bLQt+HObUJJGy:JytPC3A2WCaPusuLQt+ubUHGy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576569, "uuid": "909d87fd-0ee1-4c44-99c4-ff352db28cad", "value": 2040832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576569, "uuid": "89464a95-18d1-4283-b5a2-d40ba03cec74", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576569, "uuid": "ea07010c-335a-4cd7-8dcd-92499ed99179", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7110e8f-c990-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679585943, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585943, "uuid": "5b475aab-1007-47ad-9dfd-a9be64fd4ede", "comment": "Malware payload (AgentTesla)", "value": "b4eb7c963e1c86a62c54b603e2947bf4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585943, "uuid": "e3dcf468-282c-4682-8ec8-a4de6a00442e", "comment": "Malware payload (AgentTesla)", "value": "26e13ef1698e2c46ca7e4cb3c89cb338b228acb8afc77f351505df91a06c70d6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585943, "uuid": "486b7c1d-1dc9-463b-b7a4-7d6d8fd3bbc9", "comment": "Malware payload (AgentTesla)", "value": "c15ba57242d816c734ff175041ebc0d3e8fecc24", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585943, "uuid": "b8dc81b9-af8b-45cc-b44a-767c22ec36d6", "comment": "Malware payload (AgentTesla)", "value": "18fc7221278f5c68e039812fccf351ea6c5014dd885cbc5749c89632c13c75fce2bc6d37343fdcda9c13cf5380c09cf8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585943, "uuid": "040c722f-cfa8-4ef0-9f2d-ea44b843ef9f", "value": "T17005E001BD7A0977F8DAD3B41150633A03A4BBA25462E69A8EF968CD3DDBF6304C115F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585943, "uuid": "735cd90a-6c9c-4d5b-9925-3a76f7f3d7b6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585943, "uuid": "5155f1dc-5805-4e79-b993-2f23b257298f", "value": "24576:U8QymUZGldgNJvGR1hi+RA0V6oDs/ZlCB:1QyZZH7GrMz+AZlG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679585943, "uuid": "30e9fb57-cab8-492e-b4c2-152cc9005a7c", "value": 832000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679585943, "uuid": "552d6723-90f5-4257-b4c7-2f45ca085630", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585943, "uuid": "11bcd89f-a805-48ae-8276-3d5e93b74ac2", "value": "QUOTATION REQUEST 2145575777.PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20006164-c97a-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679576187, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576187, "uuid": "1982996a-106e-4f65-8bd6-0814544ed779", "comment": "Malware payload (AgentTesla)", "value": "d5e3ab4c7703df6b8f0d61e783ba6e85", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576187, "uuid": "3f429bd5-fe06-421d-85ce-4890dbeb03f4", "comment": "Malware payload (AgentTesla)", "value": "27dad8f6d3fadb72906edbe32c9218f696fc8b68baff55032a94bab77c571d33", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576187, "uuid": "17905b65-5cff-4195-ad74-5600eed7f00e", "comment": "Malware payload (AgentTesla)", "value": "33c52dfc4f4f221ecb9f4c04f6ec4e1a2c9cc637", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576187, "uuid": "8f6ea251-b9f8-4d75-bdfd-816802316375", "comment": "Malware payload (AgentTesla)", "value": "5579a245a81c5d2846f8c43f4e1ff69a98cfe39aa2d963653a51f8cb416f19d80ba3696e939f3f910fcddde023385f82", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576187, "uuid": "828656d7-b2a1-4c6b-aecf-000a4259c27a", "value": "T147A4128117FD6FB9E8BA57F50619152103F2339631E8E3A81CC8E0DCAF97B445584B9B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576187, "uuid": "ee592640-ed51-404f-b292-84568bc91554", "value": "12288:NRmL/kPtDcQDzHltIDi6iRnbYDWIU1BO8M61oyhBfnMh:NOkFz/L6rimDZIBO8xoyPMh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576187, "uuid": "0ebda66b-4085-4572-bf49-1720233aa264", "value": 474512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576187, "uuid": "9aa719c9-b9e9-40cd-a440-17dcedd30324", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576187, "uuid": "44feb013-cd92-4e15-96d5-228a1c2da67d", "value": "ORDEN DE COMPRA 283681.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7558520-c91c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679536122, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536122, "uuid": "43fb89b3-7e57-410a-8248-deb76235027f", "comment": "Malware payload (Stop)", "value": "e248894fce0ba8d5e218292f5400ce4e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536122, "uuid": "10f2a654-5fef-4cb3-8a9a-5439d64f27c7", "comment": "Malware payload (Stop)", "value": "27ebb84c6116af03e64a773a83816cc45a9dda1e4ea372229633decf59edd0a6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536122, "uuid": "357b1b58-64b2-4a22-9c75-f212284fd22f", "comment": "Malware payload (Stop)", "value": "3f1a25c630088d12050f41dce59982725ed05c26", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536122, "uuid": "3df489e4-5de1-4ba4-bfdd-e70ca6969caf", "comment": "Malware payload (Stop)", "value": "9b56886dd7b2de772c3b588df7c1e588372e3f195675f357a7ac674f48fdeaf295eef988861f5e12994a7a8d9429e872", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536122, "uuid": "fe028260-bc6f-4707-b5ea-8086e93f6664", "value": "T11415F11213E32860EF275B328E3EC7F82A6EB8619E177A5E135DE97F0D701A1C562705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536122, "uuid": "f61a2af5-fba9-4c89-9261-49fc0ce2f23d", "value": "18027003e68ded455b288db03553d6d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536122, "uuid": "8d3ec659-16d2-47b1-97a5-c8bf6bf0acab", "value": "12288:Ih8xHc+zTkjVvr8LTJajJn7BR0iw913DAR83pKepyroivMea0zFRK/NTHrn:IKc+XktTjd7U9VDjAYmVagy/9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679536122, "uuid": "265e0d91-41f4-4525-ba5e-9e89da9f5295", "value": 916480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679536122, "uuid": "db2fd102-44fd-4e56-ad83-ebe514a936a6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536122, "uuid": "371dbf1d-faf7-4f1d-b194-3a4656537ec8", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38983db4-c97c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577088, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577088, "uuid": "4f015ce1-0cfa-41da-a21a-0498f246d809", "comment": "Malware payload (Gozi)", "value": "3acbb9c6fbf5344bc12167a4a1f0044f", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577088, "uuid": "59416d80-e1f9-426e-ab58-43245dc0771b", "comment": "Malware payload (Gozi)", "value": "294c109833f20fa379ce4f872e7628aa2815dda70a69c3980ea703801bf41855", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577088, "uuid": "cc2a1f6a-c707-44b4-afeb-77cee48f3a85", "comment": "Malware payload (Gozi)", "value": "6bcf86d9b974e5e637a7de6ca6a637932a8e818f", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577088, "uuid": "55639998-f40d-415e-9c7f-e34850b9d3f0", "comment": "Malware payload (Gozi)", "value": "0040edf3876c4297c17c1a26cc985498562774bad62815aecb94b718f784653370e8e78533114b9277de9e62b2a8f556", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577088, "uuid": "80467989-ab13-41a4-94cd-84bc028f07d5", "value": "T13AD2CFA13F1D5824C5705A9E04AEBC4D0326BEBB0539D9E5FC333ED768A273BA01C461", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577088, "uuid": "b33e28eb-e5f9-49d8-8410-4131016a6d4a", "value": "768:3+vCcXiCcXiCcXtu2EE+L+ypVVHiIATNKUKsK0KG:0CGiCGiCGk2ErL+aHiIQKUKsK0KG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577088, "uuid": "ea7d6218-300a-4d0e-ba7c-831676ae51d1", "value": 29557, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577088, "uuid": "6f9a221f-f9d6-4812-81ef-6eac8453168e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577088, "uuid": "7dbe808a-18f2-4beb-8b5c-215c8abe6026", "value": "documento2.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7cfd184a-c998-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679589228, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589228, "uuid": "16911c45-2d86-4857-b203-be975e91ba8e", "comment": "Malware payload (Mirai)", "value": "5372834e503b91628afd2d15c0c76efb", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589228, "uuid": "0a0a1422-9f5f-46f2-a8d5-bc0e0ee60e3f", "comment": "Malware payload (Mirai)", "value": "2a3e423fdd330390d81fb10ba8e596d4d7c9b14a50cba414f427e7d93c434707", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589228, "uuid": "b6e4eefd-9d8d-4a07-b22d-84a128c9996e", "comment": "Malware payload (Mirai)", "value": "8324249460085089d0535f5bcfd2ed76be6585a6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589228, "uuid": "4cd83e38-3e36-4480-9ab4-36ad262b75b7", "comment": "Malware payload (Mirai)", "value": "38b7859c3e70f196200488b4afe88a729ed4c4ecf4c32552dbd66ff7a219525540f926a35dec7be9f8a080677ec86b9c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589228, "uuid": "72bf302c-ca35-4863-bb73-dc4cfe07c27a", "value": "T19F4386C1AD527D3EC3C2EBB6EF9BD24836D78244E39A234294DD0BA0846FD891D4974D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589228, "uuid": "2f003c66-c5d4-4aa1-b24a-75ac6ce61488", "value": "768:OpCBfJgvdh/GWUKk8nMoUqihIx8v/sGGT7wCVy/bqxHbUhW1XCQ/V/cdErfmgexm:MCelPUcrOI0sGFB/DOgZh+YtI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679589228, "uuid": "c29d5378-d643-43f5-94b6-5bbd919d86ca", "value": 59019, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679589228, "uuid": "0b78770d-fab1-409e-8a6a-1f5a4d58e01d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589228, "uuid": "afd302f5-0048-4078-9b1b-e8142e534931", "value": "5372834e503b91628afd2d15c0c76efb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7ed0e9f-c993-11ed-88f6-42010a9c006e", "comment": "Malware payload (Guildma)", "timestamp": 1679587260, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587260, "uuid": "196f47fc-b2b2-4298-b586-255c6326d66a", "comment": "Malware payload (Guildma)", "value": "95fb83c6a85e19c95532df9e96d60d2d", "object_relation": "md5", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587260, "uuid": "31efacdf-d9e4-430d-a804-64d8f2596927", "comment": "Malware payload (Guildma)", "value": "2a56414609e508ca4f046a2656b167a30aba2b24a930b57f67a566b7b7fb300b", "object_relation": "sha256", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587260, "uuid": "e81202f1-cf92-44f6-a6d5-eed6e1b38fc1", "comment": "Malware payload (Guildma)", "value": "25b856dcaa3af9032136f894261bd4926ffa2462", "object_relation": "sha1", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587260, "uuid": "0575ebc1-dbee-458e-9e13-30f76db518e3", "comment": "Malware payload (Guildma)", "value": "ebbd5b17c26d105991e6c277c46fed6b151d37e9022c245d57e13d8d7e0b093518398a499a95440d61b0bdb9311e3396", "object_relation": "sha3-384", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587260, "uuid": "2688e959-cd5d-453b-a5b4-81f227720a40", "value": "T1EAB2DD8C010542891077C76AA962370DEF17737B62DDC669FA8ED4D0BF68192A2F4FB0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587260, "uuid": "e34357be-9355-4b57-a374-368c504cba77", "value": "768:v2yF6GXTtEybWPSlE4Rcls17P+08rhUUGMHfBWiJYRgXvEgL+N+een2rA344r9Zo:vZF6GXTtEybWPSlE4Rcls17P+08rhUUu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679587260, "uuid": "c0700ea9-4f3a-4cb2-ab62-5b64b6940a7c", "value": 25408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679587260, "uuid": "e5dbe7a7-2cd7-420f-9949-b2b0bdd56aac", "value": "text/xml", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587260, "uuid": "be77c2c9-44d5-4c7e-a86c-1114824da013", "value": "payload.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc54632d-c99b-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679590650, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679590650, "uuid": "6af580db-d834-4e36-b508-b280f4c6c286", "comment": "Malware payload", "value": "bc5c544aae4fb6f548d3140e11433215", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679590650, "uuid": "041a5f78-0fba-4432-ba54-eb7967a22711", "comment": "Malware payload", "value": "2a569f4515241511f01a2488164c7054842649485b0313e97b3240380e1b1ef9", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679590650, "uuid": "e10b5874-f6b3-4391-b532-ade67a0a87ff", "comment": "Malware payload", "value": "acc839582ef5d905e5b27963bd204a36cd21e577", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679590650, "uuid": "e27b1acd-63ef-47f6-8b46-6af87e24154b", "comment": "Malware payload", "value": "497fcf28bfe97b0f85bfa249197d7745ebbda9bcd4e66c2f8849a5a2bc4e25b42b6621b424e172d70c33869bcfac1490", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679590650, "uuid": "79cd167d-e4eb-4eb9-9664-6d60fd3e3f42", "value": "T1F6E31D7693DA19B29F952B843D7B759B2F19F88E30714019CE0E5A80826CEFB25C15FC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679590650, "uuid": "eb72ff33-f3e5-4d3e-92bc-f90ff9dbbe8f", "value": "3072:bxvukGeFKtHxDDNfWHmK6ARyuRyNRPFaZ7lsg6S45kw+qnER78feTIh1DYFmsxyY:1bGK6rzFnER78feg1DYtycn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679590650, "uuid": "f87d5cd6-ba1e-4ab0-b3e9-4ea04e6f840a", "value": 152877, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679590650, "uuid": "1f38f11b-5476-45d8-a929-8b822999cd3b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679590650, "uuid": "ed0a1b75-09a5-4e8b-8b91-0fb511339048", "value": "r9.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab1d9598-c97c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577280, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577280, "uuid": "0da7f9a3-c0cc-48c5-89c2-6f1bc5f278dc", "comment": "Malware payload (Gozi)", "value": "241a115d21ea8d14d991fecfa293ab1b", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577280, "uuid": "90a4b173-9672-49ff-8e4a-d2a077c4c831", "comment": "Malware payload (Gozi)", "value": "2b7a9156151a708f5994418685d540b9eda303448e59f5b72ddc2034ff0ae72e", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577280, "uuid": "753fe9f7-a578-4551-b1a0-ae7e53708a06", "comment": "Malware payload (Gozi)", "value": "a1816a26373fe9d0266428538946ecc3753bc3f2", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577280, "uuid": "0c7e6c2b-f86f-49bf-bc65-d444ff0237b0", "comment": "Malware payload (Gozi)", "value": "a415bf9bf3a8de995907cd3dbc921338601cce100f4858aa00fd2e7e876ad801c7a2a1e6e67389f4fd4cb6a77ceafb0b", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577280, "uuid": "418200ac-2601-4acb-bf85-b15bcb9852bb", "value": "T1DFD15B3682581FBF283671BC4C1856B225B2947B7FBF2DE7B47405A9250CB1081B6DEB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577280, "uuid": "6e3f75cf-9c8f-4762-b582-8a6f173a1486", "value": "192:M/fnUwLR8EzDM9a9gJ3txMWeIgye/fPLrFaLc:dY4Zd2n/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577280, "uuid": "e31e7d7e-c7b3-4924-bc25-c85a39cc854d", "value": 6509, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577280, "uuid": "ac01c6ad-71cd-4072-bdf9-b764b8530a1c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577280, "uuid": "7a393d84-5efb-4650-8a64-46fdb01f7390", "value": "Fattura 3564 2023-300931.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72c74915-c91f-11ed-88f6-42010a9c006e", "comment": "Malware payload (AsyncRAT)", "timestamp": 1679537242, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537242, "uuid": "9c7897ff-8b72-41db-a319-00b60b58a6e1", "comment": "Malware payload (AsyncRAT)", "value": "1c2591a5f2e2ba62de1172781a64d3e9", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537242, "uuid": "670187da-e839-4cb1-ac08-67d9f59bb492", "comment": "Malware payload (AsyncRAT)", "value": "2bb791129de1fcf9ff71362ffcf0007123cc30495492805f8c5353c24f1c1811", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537242, "uuid": "c9827a43-7da4-4d1b-8c48-33f01e093145", "comment": "Malware payload (AsyncRAT)", "value": "ca5f1136032151e1449f1bf12c3852b414be1d72", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537242, "uuid": "fb71be30-34bf-4aee-8846-77db587ac16c", "comment": "Malware payload (AsyncRAT)", "value": "3c5d5be17a1999503820cb8f024db26c09ee67a803ca4bc2eb19f8ce91e3441e015e496aaec76d632db150b581f94b58", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537242, "uuid": "fa2e258d-f0a4-4c1c-9007-39c2184ed216", "value": "T115B327145F8E0B45E1557EF80CB69344D5B2896F0C22C1376CDE20E96F3F7A07B89AA9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537242, "uuid": "6952e9e4-e6a3-4a8c-8445-b22f15a13a2a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537242, "uuid": "47602027-b514-456a-8703-1078b7e43cd4", "value": "1536:DCYm5EizbOWoEnenkJ/AUaPQ4EXJ6EipXy9FMXsGjB+V7DQ4X63AsqiGwHak9irG:uYmqizbOu+wrXni52F47927ogw5aJdY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679537242, "uuid": "cc2cbbc6-fd82-44a2-a942-31319eb8284a", "value": 117248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679537242, "uuid": "8782ae58-0964-40cc-95f3-445c9c3cd2b7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537242, "uuid": "0a872b50-9e8e-43a6-87ac-a91e44d779c4", "value": "Minecraft.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71d638b9-c985-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679581049, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581049, "uuid": "295a7229-09f4-4cfb-a424-002f12432410", "comment": "Malware payload (Gozi)", "value": "6f9c656b2673d61dc33e6df83b11e0e0", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581049, "uuid": "714f3756-285f-432b-8027-a2e4ce420151", "comment": "Malware payload (Gozi)", "value": "2d3ea74d3102fbe4f32b9cd6a45eadc3071c928c402e124236e88efa051ee4cf", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581049, "uuid": "60789dd3-4dde-47f0-a96b-4c3127a4fdb1", "comment": "Malware payload (Gozi)", "value": "7fbdbf413fb6e6023fd1585aa21b39eb8e963631", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581049, "uuid": "0b2b4f1f-96e3-4c7b-bc6b-c638d7ee4bcb", "comment": "Malware payload (Gozi)", "value": "d7f19555e272f755acbccfe8b02ddd21eb93ef96775ff05736cc2e52f9c38973cd80be12174ec2e135a471463138c2e2", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581049, "uuid": "d4f8dbaa-cf3e-4a69-8246-6dd369d0fe40", "value": "T1C3E2D1A89F4E199A9F8F2BBC7675264CB0246B06993D879854F73CC14B06FE82013D73", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581049, "uuid": "b4343924-d72a-4fa9-8024-9ec3fd671f9f", "value": "384:OHq32yHq324Hq32bHq32iHq32aHq328JVsCKhv9dPR6J2cbf35CDE1ldrQNl0tXY:7+kVw2RJe9vmbhkEnd6lza1QQs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679581049, "uuid": "93adcb67-c1e0-41b2-833a-c12002d84009", "value": 32324, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679581049, "uuid": "4ce90a29-4363-4118-acdb-f961271ab96f", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581049, "uuid": "cdf81afd-3f94-4b2a-a65b-2e5f4aae674f", "value": "documento3.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "376baeca-c9c8-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679609727, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679609727, "uuid": "dbde6c6d-6dff-4a5c-bb82-f6621af91627", "comment": "Malware payload (RedLineStealer)", "value": "1b593af8090548ec0dde5e4caf6f6f66", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679609727, "uuid": "77f498d9-bba2-4b09-b202-a199e466bee7", "comment": "Malware payload (RedLineStealer)", "value": "2d63e04f5e4cad715c71a925993248d53d2a14f9289efb9be2725479d41ab917", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679609727, "uuid": "4239649e-3633-43ea-ac5f-89511f7e84c6", "comment": "Malware payload (RedLineStealer)", "value": "68a50bafece742232199a75ed34e50b10407f3e9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679609727, "uuid": "dd090594-0f6f-4d12-8859-d0d1998a7db5", "comment": "Malware payload (RedLineStealer)", "value": "90bc4cb0481c7393618298eebc78f34ebe81aa6879d17f2a8b452b854d68b9a817d4e0eda9980d4c75d45fd89ea397c5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679609727, "uuid": "1d098ff0-2d65-4134-91fe-24d32976a668", "value": "T1C4F41243FBCDDE02C83846B6267260EBA355CE95660EDB6EF8ED051819263873537339", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679609727, "uuid": "ff5bdb62-0f70-43e8-9291-20895ebda82c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679609727, "uuid": "9162b5f7-5aca-416e-8ec3-c16b49c0f441", "value": "12288:fsT8jeFG6sFwXAUL0J1o+4J1o+4J1o+4J1o+4J1o+4J1o+D:f6E76QwQUYyyyyy9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679609727, "uuid": "ec32151c-1a37-4235-a8f6-fe0bc40585ec", "value": 773632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679609727, "uuid": "f3e5c95c-66e8-41bd-a245-e78006f8b032", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679609727, "uuid": "f9dfa952-53da-4dae-9f21-4b67a5ff0d9f", "value": "1b593af8090548ec0dde5e4caf6f6f66.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a0cdb1fb-c9ac-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679597878, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597878, "uuid": "aa419d5b-732d-4cd1-9ed0-85ea58a257a2", "comment": "Malware payload (Gafgyt)", "value": "87732f57e172a9328cee73059eceb0c3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597878, "uuid": "236b6008-840c-402a-8221-245546747e26", "comment": "Malware payload (Gafgyt)", "value": "2dbbf3b2fdba954fd002f8cb1273daa675d8386e2618917696b7dedba09a3715", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597878, "uuid": "ca596358-1afc-4e9c-8e5f-e9353ec277a2", "comment": "Malware payload (Gafgyt)", "value": "f823f3da52b289c1a88b00e2e936c77239ca6313", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597878, "uuid": "7636b268-0d3e-4b0a-a2e6-46a3ad47c630", "comment": "Malware payload (Gafgyt)", "value": "7f11689272af7261bef5235a3912ed7b052a5940dced772e46b75c442a8edef33b59ec5ac3d41391bb2edd9701a46042", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597878, "uuid": "1b5bf1bf-b3f7-4cb3-b5e5-1b849f72572b", "value": "T167733A02E652CAB3C8930BB602AB9B6A4631FD2A1E2B9F55F31C7DF49F124C87117355", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597878, "uuid": "721d2091-fe47-41d1-aaf9-5097e1e1cfbe", "value": "1536:nm+c5osQWiKLoxKFn6pD+OTxzM8MmLI2VOCjXUfJRk:45omr0xKFn6J+OzMmU2VOCbUfJRk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679597878, "uuid": "34a040d1-bcd1-49c1-bea0-0e008bcb454f", "value": 74024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679597878, "uuid": "15be52e3-eb1d-4fdb-bbd7-7af7d10b8c1f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597878, "uuid": "c29f9397-cbc4-432f-aa91-65227d4dd51a", "value": "87732f57e172a9328cee73059eceb0c3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf3b610c-c9a8-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679596238, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679596238, "uuid": "291c1a2f-4732-4f37-ae4a-50a22390f784", "comment": "Malware payload (Mirai)", "value": "5f5c1cf8416b9fd02c686f87f5cddb99", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679596238, "uuid": "f1c88c4c-b8a4-4a4c-a43c-1ef62f77a243", "comment": "Malware payload (Mirai)", "value": "2ddb03caf87ea640c50ab9a4e98527c6ceefb21248453d62441e92ca941e8b93", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679596238, "uuid": "4f6076d2-6b21-4596-90ec-48d9d729b5d2", "comment": "Malware payload (Mirai)", "value": "b87ef5abfbdfb6930222b1a4b1de1ecf17aa0a83", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679596238, "uuid": "a8101372-66f0-4126-b6f4-332a92e4fee8", "comment": "Malware payload (Mirai)", "value": "be5b6ea7f485471f468141549b866bf333d743a5369df824dee5d198b92f082d809a39840a5178a19915d36df498b1ae", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679596238, "uuid": "7201b775-7216-4564-b1ce-21234f8817aa", "value": "T1E9B5332471D9FA6BF0293A38BCF6993F044CD0F1B21846ED2666537B96E9A034452DFC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679596238, "uuid": "0a55555d-f617-4374-951f-77b18d6a796d", "value": "49152:EygBvzCmIUcREJy16PZ1LhwWfpr4ODZAYSryP8CBVoPxkg+WfhcOk:EygV2mPgi3tHrhSrzCj2xtJ7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679596238, "uuid": "863e9cc2-250c-49d9-9d69-184805aaa3d3", "value": 2400256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679596238, "uuid": "0a90667f-272d-480f-a1ff-f0eca6056067", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679596238, "uuid": "b69540b2-bd44-410a-8314-341297872df5", "value": "miner2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c604d662-c914-11ed-88f6-42010a9c006e", "comment": "Malware payload (LummaStealer)", "timestamp": 1679532657, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532657, "uuid": "fa9ad53b-7fa7-4165-8b6b-8072616f4892", "comment": "Malware payload (LummaStealer)", "value": "196089db791f0ae40e8c2e8dfabd8808", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532657, "uuid": "c8b5bdb5-61af-4b34-9574-604ec5b16cf0", "comment": "Malware payload (LummaStealer)", "value": "3058c4866121911e1e0ea1cbef3a1b89f4b6e2b4e4f3bd921a7c89a190b2f3f0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532657, "uuid": "47f0c0cb-966f-4182-9ff9-93ac3313c7e2", "comment": "Malware payload (LummaStealer)", "value": "37056f187730562c28d9cfc2a5a38131e30c129a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532657, "uuid": "170af157-8d96-4b67-9b92-133da954f339", "comment": "Malware payload (LummaStealer)", "value": "2451497af76f151b5cf0f66607117cfb9c87ae77026e4b2518560e5922a3cca5fb186a2eda88d9fbf9d98c810aa623de", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532657, "uuid": "23a864d4-b6a3-4366-9ce0-d7aa03b34770", "value": "T1CA446C0253E36861EF2347728F2EC7F82A2EBC619D5BBB5E174DEA2F09701A1C552711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532657, "uuid": "5d2a1765-08fe-47d4-bcee-f6914b67f75a", "value": "1da652280d0e88580dfac17c8bc7ccb0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532657, "uuid": "e3e82366-a6e1-49ea-a84e-731ae2313b4b", "value": "3072:yYVuTODMU44rlANEDaGXgu9QXiSxhQUIgBQdCdTvY3X5W20Ma:PYU1ONJGQXfICDdTvY3pW2x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679532657, "uuid": "8931e207-2ff1-47cc-bab5-8ac96c6dc34a", "value": 253440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679532657, "uuid": "d8c3d195-9ebd-45c7-a3be-1207b6167175", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532657, "uuid": "8c3867bc-365d-4ce9-a9ca-d58cdbbf49f0", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60f0cdbe-c91c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679535924, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535924, "uuid": "dfce9fa8-6451-4e2b-8ead-0a8589bd925d", "comment": "Malware payload (Amadey)", "value": "442dbb59ed9922deaf049f3fac0fb3ac", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535924, "uuid": "3d80943a-0ed8-4463-84c3-e0b9c63c93a9", "comment": "Malware payload (Amadey)", "value": "313571cfb1e62d3e105941bf5c478bf8eec5cc7b38dcc041d7a8b3c5ae4d62b4", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535924, "uuid": "25123701-91d5-410a-b455-d962fca2b67f", "comment": "Malware payload (Amadey)", "value": "9c907d60c6104985ddd9552d6079d4802272bef1", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535924, "uuid": "837f07fb-f162-4913-9587-d5853d63d444", "comment": "Malware payload (Amadey)", "value": "75ad345813cf82130c53552276a4c997174b01bdbcc66fd2b0280d8893c4471dce684b920eeb58de0f8e4612d7e01129", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535924, "uuid": "9170f9ec-574a-4600-b878-d08d9e1310d8", "value": "T185447D1263E36860EF2247328E1EC7F82A2FBC619E57BB5E174DAA2F0D741B1D552311", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535924, "uuid": "6e442ec9-dc49-4f5a-845f-367797b6c12f", "value": "1da652280d0e88580dfac17c8bc7ccb0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535924, "uuid": "eb305673-22fd-4e6a-ab6f-85c4f6a9eaf2", "value": "3072:Ah0mDO6c43S4rAQNE/yH3hgubWuEyoju7BtR7QpTQJD5nFBijMa:Pd43XHN5KYojotEO5nFBiI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679535924, "uuid": "ada9bec9-d850-417e-a564-64c57e863a4f", "value": 255488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679535924, "uuid": "c02e25e5-39b2-4c89-ae82-6bc96e7a6eb7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535924, "uuid": "4b7d192b-ba78-438b-83ca-9137ecc1684e", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ceb76a51-c99d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Emotet)", "timestamp": 1679591513, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679591513, "uuid": "40434766-cd39-410e-915c-4ff417ead9f4", "comment": "Malware payload (Emotet)", "value": "9eae6f49a02d6eb9f75af7bbf4349808", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679591513, "uuid": "4053e004-161f-453f-8afb-c3f7cfc84fcc", "comment": "Malware payload (Emotet)", "value": "31fb4bf411dcd7fcb860bdb1db26859290b047b39b94638a7d4fd2a46d323e98", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679591513, "uuid": "c6b3e015-cf93-4fbd-8cf4-48d85626be64", "comment": "Malware payload (Emotet)", "value": "2caf7ddeb9fc1d6076558661ef69b9638cfd2e7b", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679591513, "uuid": "2fb0aeae-f0f9-4bd0-8474-0217f1adfce7", "comment": "Malware payload (Emotet)", "value": "436b76b0e68f6f6e94cad943d790979801b4632dff8e1ab4e82d6f488764fe42f9407d7050cb6df3d01dc7d13d49d921", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679591513, "uuid": "e4dbb74d-e087-46cf-b879-e00946dcb62a", "value": "T19D9332D7AA57148CD060A3EB3008B5A2423603A3E570DD74E4D95C7FCDAAF8E61F4A9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679591513, "uuid": "a30867a1-f5d8-428a-915c-8cfd56914f18", "value": "768:vvQxmTUdOGFf77IlCpfj2d7gtD/uqDX4l8EE1:vvQxxOGV77Fj2sDRX4lG1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679591513, "uuid": "cf56dee8-440e-4f5f-8449-1c6fa0842330", "value": 91102, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679591513, "uuid": "daaa38bc-9a77-4e86-879e-cd889288c0ab", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679591513, "uuid": "1fa571a1-5e4a-4a41-a29c-a36703365351", "value": "vbn540.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1546bf5-c94b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679556325, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556325, "uuid": "9a5bf5ec-18a0-48f8-8a53-00f1c6ca0fb2", "comment": "Malware payload (Amadey)", "value": "23b0a4843850cdf5501c3a20170a7c22", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556325, "uuid": "1083212e-a857-4ef0-925e-1928b6c6e104", "comment": "Malware payload (Amadey)", "value": "320cf487c3888ac81d17a04b16e306ffa65bdec84a777cced09858f6d98b0f9c", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556325, "uuid": "47731517-0163-4d9e-af00-5ab70e215c8d", "comment": "Malware payload (Amadey)", "value": "0737a97206b76ac6bb703ad728d89ec30979ed63", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556325, "uuid": "f9258417-d44a-4795-b99f-6252032dd488", "comment": "Malware payload (Amadey)", "value": "cbdd9cf9859db2889f9d10e8da18d825ee94cef83e8a4882c8fd995cb36393b20566f8b9bf2a2eef7a4764bab0fb7af4", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556325, "uuid": "c1298d85-8443-442e-ba06-1c0a5039722f", "value": "T1D6434C60950AD209D51807FB68E7DAD483F8E1EC1C47DF1F54889CEF6A6730942A3EDA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556325, "uuid": "0d0ce40b-5db9-41f2-9d2c-e5f4e084fc36", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556325, "uuid": "d21d0a79-1b89-4123-9c0a-2d9f843ac79a", "value": "1536:8urgu5SIr4FidRnablY5Rh+iqBUQMdfb6u:8ur9kuPnablIp6h0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679556325, "uuid": "32c2b4fe-2d6d-440c-a445-32c19df0f1f6", "value": 57344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679556325, "uuid": "ed0e4323-b15e-4d2f-86d8-7d4d3ada1737", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556325, "uuid": "d065984c-aaad-4a9d-9915-33455e1c92f8", "value": "23b0a4843850cdf5501c3a20170a7c22.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fa8050d8-c932-11ed-88f6-42010a9c006e", "comment": "Malware payload (AZORult)", "timestamp": 1679545630, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679545630, "uuid": "f4b27a65-5d09-4825-ba98-53c24db8dcf2", "comment": "Malware payload (AZORult)", "value": "3d3d9c73902bc0e71ec19bcbf2ba8849", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679545630, "uuid": "e95ca142-e0db-4a23-9683-1e76e354a897", "comment": "Malware payload (AZORult)", "value": "3224f1f522dea901dcfc2d3980113856b7f84f1aac421e1ed4ac743491b4d247", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679545630, "uuid": "af7651be-921f-4320-97f3-32d4d8edb23f", "comment": "Malware payload (AZORult)", "value": "24529dfdbbd45a5ff006e838a669432f756b89aa", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679545630, "uuid": "a63c0891-76e7-4fd6-9512-0baaae2a2ffa", "comment": "Malware payload (AZORult)", "value": "31e3ccfeaf74b3057e358a83909e6e0c15c5ea9ad369b246d0f6a8c09ec11d75316268e731adb3a1b973b351bfa6c3e0", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679545630, "uuid": "fd12e00c-8e3d-4b7a-b4e5-73f4ccca6c98", "value": "T136154A40EFAA6460F01144B9216B7D5FCD51A98D98EDFB6E150FEF32F5E221D1C82E22", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679545630, "uuid": "65c8b252-9e74-4754-bb16-2178c8b1eff2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679545630, "uuid": "d717d218-9227-4d6b-8c36-41748424bb66", "value": "12288:JylZZSy9LUuJxzcVrM7NzaO2Ch973wN5sfsolKvxiLATAGn3WtNmBNa4OCfup8iN:Jyl/SqBzc8N2/C373AQNe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679545630, "uuid": "a2c34c4c-2c7e-4bf1-b71f-a89ac68716ee", "value": 898048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679545630, "uuid": "35f4cde3-a09c-46ce-b06a-fba6165d9717", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679545630, "uuid": "bbe83a03-ef32-44ee-b57b-151b2f0cfe51", "value": "SecuriteInfo.com.Trojan.Inject4.55009.27685.32262", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "06424443-c937-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679547368, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679547368, "uuid": "7a0bf089-cde1-4ba9-82c1-f3b7dd787a5f", "comment": "Malware payload (njrat)", "value": "360feb26856fd5accc8e656c23edaf38", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679547368, "uuid": "22095bee-1d65-456f-b1d3-91972cadc848", "comment": "Malware payload (njrat)", "value": "3278da5825f2fa9fe2fae3a9cb16d3d8e3c47828c2258153e02567c7bc423fec", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679547368, "uuid": "d9491139-4e14-44e3-a169-d55ca20a1e18", "comment": "Malware payload (njrat)", "value": "1dcc19bc5f4c2bc259b40c2ba2a92e8fb35ac288", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679547368, "uuid": "3d5faadd-4938-4891-a22e-ce8f91194cc9", "comment": "Malware payload (njrat)", "value": "6fd44dfbc023c003cd56c059c8c7064e2a757ea79e3ce9f1b88679801f73bb136aae57a39a3528e4bebb3d90efe881b1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679547368, "uuid": "934c880b-f082-4fa9-bc3a-621a4c767c64", "value": "T13613E78DB684E174D5FF8BF1B4A1B2890BB1A017A806930F99F114D94FB3EC09611EE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679547368, "uuid": "4e3140fa-ffa3-4fac-8d36-7926a31ef617", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679547368, "uuid": "80bd9bbb-a847-497b-a37a-52a26e5b90ec", "value": "384:68ZyiQt3VarE8yTH/fq5WKOEnsDay0+TzEIij+ZsNO3PlpJKkkjh/TzF7pWnB/gm:66t63MY5Tffq5hGDFuXQ/oQ3+L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679547368, "uuid": "690266b7-41b0-4d50-b1c8-b017fe8d3e2c", "value": 44032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679547368, "uuid": "cf83f735-cd47-4647-b6fe-aace05fdf477", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679547368, "uuid": "474289fa-6534-4039-a313-95790688c7b4", "value": "360feb26856fd5accc8e656c23edaf38.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "288a56fc-c9ab-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679597247, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597247, "uuid": "d54d06b8-1e94-49b4-9c94-43b94a683078", "comment": "Malware payload (Gafgyt)", "value": "9e700ff21dad4f0419bb6ed2efe576c5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597247, "uuid": "2bf3b64d-c879-4e19-99bf-e86495b1c354", "comment": "Malware payload (Gafgyt)", "value": "32945940c80b3a743799b7583521be18f29bb1ee2bafd57ebd9508bf51121235", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597247, "uuid": "cc153d6d-6c5d-4b26-b306-5a5dbdc48208", "comment": "Malware payload (Gafgyt)", "value": "9d06927c7c5dd944fc14201bd9a1618d50104c99", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597247, "uuid": "ae2da4dc-bb4c-47cf-a4bd-094a82cf02eb", "comment": "Malware payload (Gafgyt)", "value": "f1c724f97dbb962d6bfea9dec0e0c5eaea9017089f1ec4135e14ba39b7e95143a912c1a5fb7536a36540946190d69f96", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597247, "uuid": "11e20dda-c34d-4b29-8cb5-a92603c099c3", "value": "T106E32A09EA408B57C1E2277AF7CB424933339B64A7DB33095928ABF43FC279D5E22515", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597247, "uuid": "625da94e-b954-4dba-859d-992bc4c40bce", "value": "3072:fuNaNpF4uVN++dkhnx0QennF4M/9OD4bNWkE1kmpwfvRQfZn:mNaNpF4+NChnGQennCM/9ekmpwfvafZn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679597247, "uuid": "0c3634a7-a8b8-44cd-ac50-1d13ae631dd5", "value": 150385, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679597247, "uuid": "93836046-43ba-4a4e-a970-ae317e4793e6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597247, "uuid": "a87cbf57-fddd-489a-84b4-fa7b633befe9", "value": "9e700ff21dad4f0419bb6ed2efe576c5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f529bb5e-c97b-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679576974, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576974, "uuid": "6e09d07e-81cf-454e-b978-e2dc4f09b85f", "comment": "Malware payload (SnakeKeylogger)", "value": "b82c33ded247ce4919e5b51e35d89e59", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576974, "uuid": "60430aa2-1751-44d3-8d09-40df9ba4a9ab", "comment": "Malware payload (SnakeKeylogger)", "value": "3410fa8d5d96550f4ba38a38254f9726da14dde9e20e02614177d025959a9ce0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576974, "uuid": "84e19703-a866-41e2-999f-b82bec5178cc", "comment": "Malware payload (SnakeKeylogger)", "value": "6210dce10e8438b5ed9f845ce8e16ef94acc1e4b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576974, "uuid": "cc24fd0c-a989-4bf4-9d8a-e1934031949a", "comment": "Malware payload (SnakeKeylogger)", "value": "720cb87cba5f646e6f68371011b03324dda788864315fe84f40733f2f2545e771240687f17239f333365633ada5a3325", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576974, "uuid": "fb9b1bb6-3455-49ac-a63e-7f89c5311914", "value": "T15A154B40EFAA6460F11144BA216B7D1FCD51A88D98EDFB6E150FEF31F5E221D1D82E22", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576974, "uuid": "33912bef-5441-49ef-b741-205665c71283", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576974, "uuid": "2f850fb5-012b-4e05-b765-1d5dca4e9c2d", "value": "12288:LHYMouUYq7Y16BDKDHkUr4Ea9xzp4323SWYojkioltjWMDxPVey5rVhuvxiLATAA:LHYMohYQhBEKEaFN3SHukdlDDhQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576974, "uuid": "4619f342-5ee7-4ab0-848a-3f7fb0c12a48", "value": 914944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576974, "uuid": "87d26397-960a-4bbb-9348-2d98c62e115f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576974, "uuid": "25b2e4be-e29f-4522-8e1c-a64fe6d766dd", "value": "PU Request Form Hardware.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d4edfb4-c989-11ed-88f6-42010a9c006e", "comment": "Malware payload (RemcosRAT)", "timestamp": 1679582786, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582786, "uuid": "4b34ea28-59bb-49db-a5bc-9a97d04945e3", "comment": "Malware payload (RemcosRAT)", "value": "243246dbeb1aa00dc9a83d72e6b3f1b4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582786, "uuid": "98b0dfa1-b4be-419c-a52b-10a358240522", "comment": "Malware payload (RemcosRAT)", "value": "341185818150baf930d9c84730c53eb6e0b5a392431283089c830c379b3aed0f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582786, "uuid": "14295ad2-3f26-443f-b49f-6f8d625d4109", "comment": "Malware payload (RemcosRAT)", "value": "afcd9f5b22fdc2c06c80d44b259caae356931d96", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582786, "uuid": "b58816fd-1336-48c0-90c7-cb4c822fe68c", "comment": "Malware payload (RemcosRAT)", "value": "5421ed1ca25b7d41590e208644e380c86c9175d760d759c63cd16f9fad29bc4317107c76ddaf277ab6d811d698ba24e1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582786, "uuid": "428785ab-5245-4c15-be6c-d9b0532c1dcb", "value": "T10845498983896A66E1FE4A33D4F0275F47A3DC60DF9FE30F158439A81C76B265E01693", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582786, "uuid": "5c7a6fa0-8606-40fa-9c29-bbec9169ccb1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582786, "uuid": "20ee4c79-9f8a-41b0-b528-f85b033ef19d", "value": "12288:XplvK1e/1kQ2G1LskHNIuLqfts2xnKiQmM6iM8VzgL4MycvGjrT5epSPcd26e:XpGotIuO9k/mTPIwyc80pZe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582786, "uuid": "4c211ef8-3fb0-4a8b-89ef-273838d6136b", "value": 1199616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582786, "uuid": "a908b845-10ad-48cc-9e40-04560935e0b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582786, "uuid": "06085092-7cd2-44a8-96a8-6bc61e96644b", "value": "\u00f6deme belgesi.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a7a7c7f7-c97c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577274, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577274, "uuid": "de5a2dab-969a-43fd-8a90-d5384eae8edf", "comment": "Malware payload (Gozi)", "value": "8e5d267b5fdbc5cc0b0dca317cd2106a", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577274, "uuid": "f4432e86-b969-4af2-ab0f-c47fa5e65891", "comment": "Malware payload (Gozi)", "value": "341398709f54091f6ab8a0dde5fb054c3ac262e1d0cef01d887c4dcfd3424ed8", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577274, "uuid": "39e3fe5a-b207-4006-8bf0-551625826a68", "comment": "Malware payload (Gozi)", "value": "30bf5203e14fcfd4d241927f5f688e1ab057e375", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577274, "uuid": "bc5cdbc2-82f5-4a93-a184-9ca0acd1a0c6", "comment": "Malware payload (Gozi)", "value": "3673d82ec54f6d7ab1515ed4624ade0790e9ea3708133fbec3246e887298f5be5ea164d8d411098418f05ec3312eeced", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577274, "uuid": "eb337bb5-8816-4cbb-948d-e9f15375b062", "value": "T1C0E19A7692582FBF787631AC081842B725B2953B7BBF1DF6B47004A9750CB1081B6EDB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577274, "uuid": "d12865b7-6a5c-41d6-bc0b-1c58483bb24e", "value": "192:M/fnUwLR8EzDM9a9gJ3txMHj3ObxYKpP4cifPLrFaLc:dY4fCn/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577274, "uuid": "6934d8de-c92d-4f17-b1b2-18ae92c9e96f", "value": 6781, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577274, "uuid": "1f54903e-ef51-4212-ade0-ea21ceb27423", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577274, "uuid": "a1ce42be-2626-427f-916b-c4c6fa40a7bb", "value": "Fattura 3588 2023-300955.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6b83a16-c942-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679552469, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552469, "uuid": "fd2aa7b8-eec1-417d-9a57-5d1b6ccdb16c", "comment": "Malware payload (Heodo)", "value": "9dd2c1651246d19aef620ca9fe1e9729", "object_relation": "md5", "Tag": [ { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552469, "uuid": "fa089551-4b87-4947-b692-3916341afafe", "comment": "Malware payload (Heodo)", "value": "344ec1b265c241d20decf42b5586feaa2b59dd1e472958bd483a133ed7f8e742", "object_relation": "sha256", "Tag": [ { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552469, "uuid": "b0be6e3e-7121-4c2a-92f8-2270bf5bb9e6", "comment": "Malware payload (Heodo)", "value": "a6d61324b291d382a0cb6b33ee4bf9f4fa3b598f", "object_relation": "sha1", "Tag": [ { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552469, "uuid": "b9790b0d-6ad2-40cf-8567-68a80e0596c2", "comment": "Malware payload (Heodo)", "value": "0e7091b59b9ad73c736d9e8da6d06df824afbe2d4616b1009b9e64ccb26dbd1e34eee126d7a69bfdfe375804eab0c537", "object_relation": "sha3-384", "Tag": [ { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552469, "uuid": "d3e2bef3-41de-4fd0-a19f-c39fc8b42c9d", "value": "T1F744F9CA6B97548CC060A3FE300476E6433947E3E970ED34E4959C2E8D66F8E61F4A9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552469, "uuid": "0333220d-f711-4014-a86f-bac9dec16a40", "value": "3072:kNjcvQx377FjDDRX4UzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaO:kmvQp1DRXKXm5ZGa3vRXm5ZGa3vuV9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679552469, "uuid": "083af8f7-1800-4858-afb1-392f3a1d3581", "value": 268308, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679552469, "uuid": "5c1d383d-356e-46e5-8e46-71bdf536973c", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552469, "uuid": "d507b2bb-69e8-44ac-8303-3b291a9c6c13", "value": "Copia Fattura.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d7bc7cb-c97d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577579, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577579, "uuid": "8d2e9e2e-5ecf-4b64-9097-014c5a06b557", "comment": "Malware payload (Gozi)", "value": "7fe3a539ee8b81c55ad6ad69e4e49101", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577579, "uuid": "0b3c727e-e579-4e67-bce0-72d5db54263f", "comment": "Malware payload (Gozi)", "value": "349d47be4a38242b25549567438628126f32f8ab236762d804b578bcbadbaeff", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577579, "uuid": "1569d0ff-c596-4ec3-9883-876b4d053ae6", "comment": "Malware payload (Gozi)", "value": "725df0fb6b973c443a4b62860ae6bde13a57d1d7", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577579, "uuid": "25c04588-3220-4990-9580-8f3f91acff13", "comment": "Malware payload (Gozi)", "value": "6860e86439980179be335094025117c87562e1093c42f036036fc8c9bd64bf4238ffa594df4189f8c8ee455af16994cb", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577579, "uuid": "2f6119fd-e7a8-4cb9-b37a-eeed7ffb4d71", "value": "T13441EA4DA5BC8508DBC287735EC28FC7717CB3191F14A1FA901968802B61334CBA2A65", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577579, "uuid": "abc7569d-595c-4f61-a987-668b5394e2b1", "value": "48:9O6Iru/6nf2aZkHYFpL4gfpdruM5wxpeM6IKAQpBIOUlLpG449Z:0zq/6f2WkH2pL4AbvM6O4tUZpG449Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577579, "uuid": "25dbbb2c-7d38-438e-82c5-1ecc86017c8a", "value": 1960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577579, "uuid": "9255937b-2e2d-42fb-8e25-f4a27c25dc62", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577579, "uuid": "80907c00-8e6e-4171-b4c8-f1e71094da0d", "value": "Fattura 2203-23_012(9).zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6bf8d115-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679583187, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583187, "uuid": "28befaea-9927-4ce9-a45a-237532d3455e", "comment": "Malware payload (AgentTesla)", "value": "6701a52ba86e179743f5d8d17873f4d0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583187, "uuid": "ab6bea7c-ee9c-4b2e-b8e1-6b21ad500df2", "comment": "Malware payload (AgentTesla)", "value": "34d05542d5b1dde781f7d1057c1de7f263de27e55128c332824d3b206b2bfc7c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583187, "uuid": "20f6a536-a9a4-4625-9a4e-df86ce801eb4", "comment": "Malware payload (AgentTesla)", "value": "375cc0e47a3ec92473217d0e32e4e3eaeb96904f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583187, "uuid": "05e067a8-c700-4336-8117-d24ba01684f3", "comment": "Malware payload (AgentTesla)", "value": "867aaa804cf853680b19990804b2bd95a1e2659e05534964fd946f4ebd96f2bd42dd269c43376bbbde446ee6bb26a370", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583187, "uuid": "fc1f6970-689f-40a5-807c-653d575e081d", "value": "T12BB4E002FAD284B1E5721A325939AB11697EBD741E34CE2FB3D83D6CDA311826135F63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583187, "uuid": "d972124e-22bd-4985-9ee9-bd474d8d6f28", "value": "00be6e6c4f9e287672c8301b72bdabf3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583187, "uuid": "51a42259-b7b5-47f7-9746-0256dc78a751", "value": "12288:NcrNS33L10QdrXjcDnwRQ3bFXFMSC+YHCIEFK5:wNA3R5drXoDwe3h1MS94xJ5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583187, "uuid": "f6569e77-b012-43ef-93e7-442038f65e8c", "value": 510886, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583187, "uuid": "9ffdb35d-d708-46e2-baef-f2e1129aaf25", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583187, "uuid": "5bbc5b31-e5fe-4061-8fc1-fac2ab0f860c", "value": "Odeme232023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6b12747-c990-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679585916, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585916, "uuid": "97231b3a-d2bc-4554-bff6-49f2290c00dd", "comment": "Malware payload (SnakeKeylogger)", "value": "6fcc7c4cd4132b36b82f39dfa355b318", "object_relation": "md5", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585916, "uuid": "bf2e0dea-59d7-4e6d-8ec2-69bf9eef3aa3", "comment": "Malware payload (SnakeKeylogger)", "value": "36d316939aee0556877f24d79783a56b31d9b0b3b7c371be59c0074683d77430", "object_relation": "sha256", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585916, "uuid": "5eb1ca6f-64df-4f5c-a8fc-23eb98d8c75e", "comment": "Malware payload (SnakeKeylogger)", "value": "c4d8ae4d8092a2cd4e5f996fbfab2fe31f2c3147", "object_relation": "sha1", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585916, "uuid": "f18a1a4f-6d2d-425f-9e63-87bfa31f6b46", "comment": "Malware payload (SnakeKeylogger)", "value": "a5056177323a8198ae2852997bd96f2de39164952c181079dab5b0d671d5b813b0fbf8db4e740795bfc9afeba5dcf827", "object_relation": "sha3-384", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585916, "uuid": "c009f382-031b-44f6-91f2-5598f46fe376", "value": "T1885533602462B9111FD5D40BBA92637343C40FEF2B34FE499244AEA0D67AEE5BCF6741", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585916, "uuid": "5057a057-7b2c-4c60-bdeb-0e2028b659ce", "value": "24576:vXc/I5k63FOIIn7EeC6wwA9bAt1TCUSyjYKHptClvz7lcS7WH:x5k/hn7vC6S9bAtdCLKJQvzZcQWH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679585916, "uuid": "50ff2a85-306b-4de1-bbd0-7fa1c06c00a4", "value": 1283742, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679585916, "uuid": "568d96aa-3951-4dac-91ce-34b2beaabe85", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585916, "uuid": "9ed85c08-2f5b-4d09-8fb9-d6695293a585", "value": "E-Ar\u015fiv Fatura 800-388-000-279990-80555-8888_1.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75ece959-c979-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679575902, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575902, "uuid": "448cf8f0-ccd2-4d52-a374-b9875dbce18c", "comment": "Malware payload", "value": "e9ff00720399b0968769d23765fa892a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575902, "uuid": "05dc2ac5-bbff-4eb8-9b30-fde240b30953", "comment": "Malware payload", "value": "385553e41c14b6528713ef6dbda053ca0c890e50ea99ad9134da90e31e2886c2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575902, "uuid": "60b19abe-95ab-43c6-9f48-b4c013de272b", "comment": "Malware payload", "value": "39a9b4cd9b235ecef2c4ead60d6b4b7523361a6e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575902, "uuid": "5b5d1252-0188-4019-ba97-c266926e294e", "comment": "Malware payload", "value": "a0d2fc963cbbb4ba68c96f21b3e76ab607e57e94539fa93e6f9512b1a648f1d76c55ea56369318ee5315a09d14b03b37", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575902, "uuid": "54807578-2bd4-44c7-be7e-494f8f555c31", "value": "T1C9058C8B5952884ED4D1BE746CB5558B39379CBA0018D183EEDFFE2CBEB134461CA29C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575902, "uuid": "1f318c1c-1a0c-4f31-8d74-e0d744d03974", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575902, "uuid": "0dcdde52-f2b7-4b80-874a-3aba36b02005", "value": "12288:2Y3mobjAGn41OMImQxhrwdkvzohytwtVmzvoo:2Y3HjAGn41NIJxqGzYytwyLoo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679575902, "uuid": "c20f8097-a49e-485d-9bfd-94033814c0c4", "value": 817508, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679575902, "uuid": "0a2cbff3-b570-4219-a707-93f8318cd31d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575902, "uuid": "c174b401-6e0b-49e8-a946-b157659909da", "value": "INVOICE 771001413904.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "728506aa-c91f-11ed-88f6-42010a9c006e", "comment": "Malware payload (QuasarRAT)", "timestamp": 1679537242, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537242, "uuid": "75eb7f73-a94b-482d-8614-83980aacc4a0", "comment": "Malware payload (QuasarRAT)", "value": "7f515d05fb17932adbbcbd0c2aba18f1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "VoidRAT", "colour": "#5449B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537242, "uuid": "39001bd7-1887-4290-94a5-965729c8d353", "comment": "Malware payload (QuasarRAT)", "value": "39dd5339fa37de30a494a9995744facb01ed2ed446d8c2041d4817000ee8f357", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "VoidRAT", "colour": "#5449B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537242, "uuid": "a6373b98-9a67-4211-b272-a5748776d977", "comment": "Malware payload (QuasarRAT)", "value": "9220c765e0dd0e7fa30af6823f3f382ef12a5dde", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "VoidRAT", "colour": "#5449B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537242, "uuid": "3e7fd4d2-50df-4119-9b79-285b2bde08ad", "comment": "Malware payload (QuasarRAT)", "value": "1c9430618391da6ddefe0812332164b07849150c2dfad2040c612a4a0aba8c592998a937d182ca316df81ac5243dc18b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "VoidRAT", "colour": "#5449B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537242, "uuid": "eb7d5dd3-78fa-4994-b76d-4c6d86d39774", "value": "T14E748D1373A4EA3BD1FE177AE43246054BB0D883B617F39B6A5856B86C133868D513B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537242, "uuid": "2c73df3b-8d7d-4335-b222-8ffe70da6c7e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537242, "uuid": "f1bd9018-5309-408e-9185-18f7c0f3e84f", "value": "6144:kg6bPXhLApfpvKhECGiwru41w8wbfb3EA+6sq5FLT4rN6:9mhApdKhEC8SOw8aQRCFLTo6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679537242, "uuid": "d25f02bd-6712-4246-893c-7192827cddc6", "value": 356352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679537242, "uuid": "875c3896-770a-49f2-8796-9228459b10a3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537242, "uuid": "286ad77b-04a4-44e4-8e7a-18f1e5121f1c", "value": "bKJ7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25280463-c9ab-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679597241, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597241, "uuid": "5859561c-2d1a-4021-9974-3b187d986c30", "comment": "Malware payload (Gafgyt)", "value": "7f40335c7190a342472a28fe5836fe49", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597241, "uuid": "7462873d-7016-4e4c-b311-f90afe5b56fa", "comment": "Malware payload (Gafgyt)", "value": "39ffbe0e5bea141483c7c41496eef72956d0073f3439fe79b1562da2bddee8f7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597241, "uuid": "f6c8c645-5800-43fe-8b61-d0648ae931c3", "comment": "Malware payload (Gafgyt)", "value": "07f4c5a3fe9636286f8afb66b1bc04733fb985d1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597241, "uuid": "0dd199c2-5e13-4894-8ec0-ed3a8d40a973", "comment": "Malware payload (Gafgyt)", "value": "882d5ecb907d587d9f6855ba49e368ffdc7871c34db30dd1e0393d737325df7424fedcda4c02182c32e517d1e349c082", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597241, "uuid": "3bacee12-33eb-48b8-905c-732d9be4244c", "value": "T1E8B32801D5508B67C2D2277AB79F825D33332BA8979B33125A24BFB42BC27DD1E39521", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597241, "uuid": "073d8deb-fd9c-4c21-a8f7-534cd8d7cdde", "value": "3072:b6an17WtsWhdgYJx0D6mbPbmTQOWsXAOn:Wan17WPJx0D6ibmTQOWCAOn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679597241, "uuid": "307ebc81-d496-4a8c-9068-2915d0f56371", "value": 111512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679597241, "uuid": "172c4ab1-f7e0-46ec-a63e-86828982e7db", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597241, "uuid": "6d2943ec-a4cb-4eaf-978d-3d62fb7b2bfe", "value": "7f40335c7190a342472a28fe5836fe49", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a10592de-c914-11ed-88f6-42010a9c006e", "comment": "Malware payload (CoinMiner)", "timestamp": 1679532595, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532595, "uuid": "127785c2-378e-49f3-8f45-0dd4a3ae88f9", "comment": "Malware payload (CoinMiner)", "value": "d7f53022587d74f11cbad526caa33ff6", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532595, "uuid": "f05001ac-9907-4398-a1c3-5e107aedb87a", "comment": "Malware payload (CoinMiner)", "value": "3a0f118ace74a4cd70e285190a4456812efadb5f0e000c0f71aa0ad9f439c44f", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532595, "uuid": "70c13fe3-c266-43da-9b40-d52ada993b11", "comment": "Malware payload (CoinMiner)", "value": "0f0ee018383497a83a50d56727b31c23d6913d72", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532595, "uuid": "f00e5936-411a-4c9d-a712-c17e6d5fd6db", "comment": "Malware payload (CoinMiner)", "value": "48310316587e30a39ce4b791e1b45d9be906933ac428b175e949144ac61631903432606adc3d073161f88eafb58e1e9e", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532595, "uuid": "2079a64d-0cc9-481b-b5f4-41243896c923", "value": "T15D6533E929A12E46EE3E4230552054B60526D3795CE9C967F87C10E93FF3BD0B53C2EA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532595, "uuid": "822471ea-cb50-4c81-83e6-3e0a41acce59", "value": "4e7985092d46eb55f0c6d62c8dfe0bf5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532595, "uuid": "e7bc34c3-655e-4794-bc86-23a6bc917f7d", "value": "24576:8PK2rFv42rkotEqqaOspa7ce99XL5Vl2Fgb5048cXfoe8UP:8PK2b9tWaEVBL5Wyb5LdfC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679532595, "uuid": "170dce50-57e9-4867-8313-3dc1bc494418", "value": 1524048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679532595, "uuid": "abef5998-cfcd-4c61-8abd-139eff4aff85", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532595, "uuid": "e448b258-e01b-4458-a0c0-d1a5df1a2aec", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "37ab3c3c-c95f-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679564631, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564631, "uuid": "c5e7cc98-6737-4ad5-9bcf-459370f9a67f", "comment": "Malware payload", "value": "7158d38ca5141701d75ca000a7501fd9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564631, "uuid": "bc4d5546-1a54-46a1-bc8c-7637482f149d", "comment": "Malware payload", "value": "3aac811cea31d85addf591a79e59441373476238716c04e5cc20d1d7239f18cc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564631, "uuid": "bb251d98-885a-4d39-8939-93baa3c01a39", "comment": "Malware payload", "value": "cacf75237dd0190ddd4f80583fde6d3384c66300", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564631, "uuid": "35ff636d-6fa7-4790-a45f-f8f7c3bb3271", "comment": "Malware payload", "value": "3245e50c3ec9dc9bf8f7215814439c47fa6cda2d35419d72c26efaedc68b9572553586ba472419ab32e2996099e8a665", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564631, "uuid": "7520c376-d97a-40fe-88fe-567118c754d2", "value": "T1362633AF1D92F14DED20BA34A3C622F8217561399300336B781C1DADB76ED1794958EF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564631, "uuid": "68d00bc3-190c-44b6-910a-8cab5e8cf2a5", "value": "9aebf3da4677af9275c461261e5abde3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564631, "uuid": "87baf7b9-844b-4cea-adbf-4780a20b3f12", "value": "98304:OBF6+ogwEMfNV1HtUsmxSUF8CQQJk52nQiao5rig:UTYEiV1mLxSUVQanraOm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564631, "uuid": "22fd12d5-d133-460a-a081-b7600e970ef2", "value": 4509696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564631, "uuid": "ecf2f889-891c-43dd-8b00-f0851889864c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564631, "uuid": "7001c63a-c3af-4a20-9d22-3883ebedfb44", "value": "7158d38ca5141701d75ca000a7501fd9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1cc95223-c9c2-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679607106, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679607106, "uuid": "acb9b199-8f7a-473b-b07c-490a366db7a3", "comment": "Malware payload", "value": "496d52974a2b46f70f155b696814ad38", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679607106, "uuid": "962cd398-696c-49fe-9ef7-e4690f251e28", "comment": "Malware payload", "value": "3b462f4db0471866ee181d9443901bea858dd4cf75fef45cca8ab04dd197e94a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679607106, "uuid": "c370911a-149c-4955-a559-073b30a7e58a", "comment": "Malware payload", "value": "8197e6e087568ce455cfea832f9b5318cd8f4656", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679607106, "uuid": "0390dfd9-a55b-4894-bf01-355de69b54b3", "comment": "Malware payload", "value": "4e2d2a84babec075bcc43a447b4f3332138e5edab95b046a782463b3012ca461960b358733ca12dfed892ed3fcf6b05a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679607106, "uuid": "d66af70c-7dea-4475-9ba5-045f63cae343", "value": "T1E4C423B1BBDCC561C2065E709E958217586322092A9705F3FC1156CFAABAFD739CF3A0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679607106, "uuid": "ece5ad2f-8a23-414c-9301-128ad632b919", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679607106, "uuid": "0118e7f6-5316-4e92-8ccf-b5f3b4b53c03", "value": "12288:jWonrSWGOnKLDWqVnbijCwSFnT/uRlomeUfnGIh2qnXttukB:CzWXnKLCq1bsGFT/u1pflcqfuk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679607106, "uuid": "014a5256-8f68-472d-882f-913b07c8b471", "value": 555520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679607106, "uuid": "6d6a7a8d-87f6-40eb-a9ea-11d1489dd399", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679607106, "uuid": "d10101ca-a45c-46af-863a-4ee79bc3b744", "value": "SecuriteInfo.com.Variant.Marsilia.29066.692.14798", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ddd95078-c989-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679582948, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582948, "uuid": "dc1dd731-01a0-403f-a680-086604c73da3", "comment": "Malware payload (SnakeKeylogger)", "value": "2812ace16f2157623659d296332a812f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582948, "uuid": "85cbc24c-3097-4cd0-9dbf-76d114930f47", "comment": "Malware payload (SnakeKeylogger)", "value": "3b961c415aab8bafde4c9ec0a7d0ac512f4b14bb5a4128de965222d9fc96b178", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582948, "uuid": "c94fcac6-5187-49de-850e-5e9b9706e35d", "comment": "Malware payload (SnakeKeylogger)", "value": "125e5fe5e713193552cb79866908a1db67ce9e55", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582948, "uuid": "d6f6afca-07be-479f-9802-9fc6aea54625", "comment": "Malware payload (SnakeKeylogger)", "value": "257c4a592fe29efc78a5bfc37978951e7ec8dc1ecc52b65f7618b9bde519d4d2c50d723329cd68d161ec69c2fa42bb62", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582948, "uuid": "ddbc37e2-f95a-47db-9707-ac8d025393ad", "value": "T10DE4236063A1C4F5EC504735AE2F6E236C96681F68A1DB2F17B83B4838B31D2561F72D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582948, "uuid": "da25ba81-bfdd-41a9-bf5b-510320389a1f", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582948, "uuid": "343813d8-10f9-4285-987c-0ba010218520", "value": "12288:vYmGpqpRHXVgyhYOMTZ5B05p08tbeF9LzSsue33iVySaBKBfmEalD3F7x89Pg5:vYmGOJyyhYvTLCpRbuz5FCVGBKBfmEUl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582948, "uuid": "eda42a20-acdb-4416-837e-9452752c85bc", "value": 702541, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582948, "uuid": "8fe80565-277c-4aa0-a682-ea4c837d6171", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582948, "uuid": "a6c7a496-fb21-41a5-8789-c42456a3983f", "value": "New order from Delo Techniki.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c233a9c9-c989-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679582902, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582902, "uuid": "935050ca-c03a-41eb-acfb-3e04a4601bc2", "comment": "Malware payload (SnakeKeylogger)", "value": "6fc1ebdf6f441f25394ea72676f7428e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582902, "uuid": "5d951f9f-db3b-4fd8-99a0-daf39c81286e", "comment": "Malware payload (SnakeKeylogger)", "value": "3d6efa4c776b98a784826dfd39c56d9e18398451752dcb9fd698735b9a6ac16a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582902, "uuid": "24ffefd5-a589-4745-ab29-95b51a6b7825", "comment": "Malware payload (SnakeKeylogger)", "value": "df80def60ef0975c6a7d58c7d9bec9cb2defd94a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582902, "uuid": "1ef24d00-e95f-4d21-995a-bf4e8cfae669", "comment": "Malware payload (SnakeKeylogger)", "value": "f71b97634fbc6fd253625c9778aa49e28928f6899aa9649afe827c8862e316ce722374d625814f56321a17da56065e62", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582902, "uuid": "caf888d4-7747-49bb-a85e-52d64512aa09", "value": "T115F4DF04BD7A0D73F9DAD7B45460233A0365BBA21062D6898EF9688E3CDBF6305D161F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582902, "uuid": "f83e8fbf-5b56-44e1-b46c-af1699aa6f4b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582902, "uuid": "69d97e9f-8d28-4459-a1b5-b9ccb21ecc7a", "value": "12288:U8QDnUZwdvta6pXclbjYGCg6B32OR6yXjbnXUDZZHiczFwcel:U8QDnUZGvt3Ols/R6yXjgtsi9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582902, "uuid": "3dc3fdf7-a7ad-4a89-8125-851012d2e99a", "value": 791040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582902, "uuid": "37502dfd-164b-4a0f-9936-376f7c7a49ed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582902, "uuid": "b97cf379-dc6d-468f-96ac-cb02e87204d4", "value": "6fc1ebdf6f441f25394ea72676f7428e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "212c1fd8-c98b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679583491, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583491, "uuid": "0be37f33-e1f7-44a8-a717-3bc31d0ae4fb", "comment": "Malware payload (Mirai)", "value": "59785e8bfd83f4a909f0246d22e5eed0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583491, "uuid": "b3cdebe1-9741-4c7b-9b51-4ad3db491553", "comment": "Malware payload (Mirai)", "value": "3d82fca874c21d05239a797cf46d4abf6ce2f2b83e962cf9be98df9fed918822", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583491, "uuid": "68bce1c0-98b2-4859-95e4-fd2daaa5d851", "comment": "Malware payload (Mirai)", "value": "1bfa1c7296113693a2f285e2a695077ee1183d22", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583491, "uuid": "d1ef3f73-08e3-40e3-8c14-58aaf1115c68", "comment": "Malware payload (Mirai)", "value": "612da47e4fb22c940901f24fd0dc13c71eb0c620f1f1f3555d52c9e8034099f3e71a59438e81a48c6626dafea670b3c3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583491, "uuid": "8fe6e998-c5c9-47b3-896b-7584378aba2b", "value": "T13B83A51E7E218FADF76D823147B74E25A69833C627E1D642E16CD6012E6034E641FFE8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583491, "uuid": "2fc1977d-4082-4bcf-813d-900c022a6258", "value": "768:2ty6IP7M/kq0INRhfuN2Eo9tl/deyLYwHuRHI0I4EH6gT47ZDYovZ73x/nL8y8QD:Rakdn2Eo3eQaV6T4RYo99Be037WIj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583491, "uuid": "f72625b9-731f-40f5-8925-e5f1b2d86283", "value": 84780, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583491, "uuid": "8e06a557-45eb-49a9-a95a-ec0d23952602", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583491, "uuid": "3b290a87-04ca-4512-9bea-16a42d40accf", "value": "59785e8bfd83f4a909f0246d22e5eed0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "367fdd33-c998-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679589110, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589110, "uuid": "98174ed8-14e7-4afb-86b2-14b9603c7eae", "comment": "Malware payload (Mirai)", "value": "c6fd21e7e962f653d6ba8f5b798bada0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589110, "uuid": "19069ef0-8665-4e1a-afae-99be8fea5a53", "comment": "Malware payload (Mirai)", "value": "3dd394299a36fa53077273490b3f5aa00fad864dc6ffd350b1892c4a1fb04320", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589110, "uuid": "96c60049-bf03-4e19-aa95-fec8688555f4", "comment": "Malware payload (Mirai)", "value": "5b288cf3ad06a6d9d85c50d2ceae6e2c69045aec", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589110, "uuid": "b23c52b6-facb-4e3c-bcd2-eba20c03d174", "comment": "Malware payload (Mirai)", "value": "868c732c1eec195d70e4254fe816af07127133ab6f89b165262b2e04970643f5b3ef8ec0d4b1644211da4e8a6f5f4080", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589110, "uuid": "a53e2fda-fac7-451a-a819-02e063bc6423", "value": "T13B33C7C69E533E3EE6C1EFF1E5E6E74428E645109B930246F2DA8E60953FA84781C34C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589110, "uuid": "3e185d52-e7b4-4aa8-a330-68e53dcdf531", "value": "768:/EuflGjdvt+NCJgxaNxyJ+0R+LQyHJd6aQzet:3flGjGC+aNUkA8Npmzet", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679589110, "uuid": "e437f056-1e38-4d2f-b0d7-e565ae4b4334", "value": 50132, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679589110, "uuid": "52008aae-37e4-43ef-80c7-fe8580cbfc9b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589110, "uuid": "1d81258d-25fd-43b3-9e4d-d15b8ca3d207", "value": "c6fd21e7e962f653d6ba8f5b798bada0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "634a6386-c99d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679591333, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679591333, "uuid": "dc05b573-5166-447e-84b7-3e81fda8c892", "comment": "Malware payload (Quakbot)", "value": "bdbc96baa80959b9567644cfd9cfa108", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "obama246", "colour": "#708AE4", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679591333, "uuid": "1e687142-1750-4673-9978-18c5335a5aa4", "comment": "Malware payload (Quakbot)", "value": "3ea11f515eb42ed351b3e53855097b35dcf00a9faf9fd868299b71fb4e34847e", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "obama246", "colour": "#708AE4", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679591333, "uuid": "8db34b20-a5f0-4126-8a49-3c95c82dc635", "comment": "Malware payload (Quakbot)", "value": "74454032b37ae698615dc3db4d7f4eb47a9aa596", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "obama246", "colour": "#708AE4", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679591333, "uuid": "c5b67e4b-818e-452c-989a-374d4d6683d7", "comment": "Malware payload (Quakbot)", "value": "891ac8b3acf2a536d5cb40f426174444d7aca064b5ea627796fc9629312c25ae6ac37b9b2e2ac0a8e509960af1811e27", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "obama246", "colour": "#708AE4", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679591333, "uuid": "3ef1d09d-3cbd-4a6a-9227-ac94666ac5ed", "value": "T1FF73A414562212111B3BBB2B932E5A51E9AB1B3783805017F47D7242FFFE94AC4D9EF8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679591333, "uuid": "3b56935c-5e22-4df2-a945-1760034e2c8b", "value": "1536:+GEcysfmIvfU3FGXpF266XPOBgtEc5zOdqBHcnyFfIruavQGWMaMfqRwqwcIkisb:+QysfmIvfU3FGXpF266XPOBgtEc5zOde", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679591333, "uuid": "84c7e281-f7c0-4aa1-88c6-8992edf0f4fc", "value": 78405, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679591333, "uuid": "49010e6b-fbec-4752-903a-33219f1732f7", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679591333, "uuid": "af62138a-f6ec-4bb9-9961-4424a1467f86", "value": "ClaimJ_K(1).js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "066d40b5-c95d-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679563689, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679563689, "uuid": "82ff77e0-3177-4931-a07e-4c35c1e27cad", "comment": "Malware payload", "value": "bbd04ea795c2f48efea24040f42730e6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "ftp-instantprint-ro", "colour": "#0566FC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679563689, "uuid": "57d6a2ee-f6ac-413d-8ce1-2145504adfc5", "comment": "Malware payload", "value": "3ed3150d077661daecb4389c94e46d6f247cc6fc7931428e35f85dd2d8abbb47", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "ftp-instantprint-ro", "colour": "#0566FC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679563689, "uuid": "14614d19-a9e2-42f3-8aef-e935383e15d9", "comment": "Malware payload", "value": "138fe68736b6e96d9a3e8bed710c643b0d6fb440", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "ftp-instantprint-ro", "colour": "#0566FC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679563689, "uuid": "e9afdfd0-f9c9-4ec9-8426-d6dfd82060ac", "comment": "Malware payload", "value": "3cdcfdd5872c7f92b54d3975fd54565984f77e17039a77810e444177e53366d1df348c26fcbb31d7acb749a09445d813", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "ftp-instantprint-ro", "colour": "#0566FC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679563689, "uuid": "4dcef5b7-5e0d-43b5-bb9b-1fc338d3c8fd", "value": "T17D25ED1917808E796BA626EC3B2F630D69C079D3DDEA35E0CDB076934BDD0E990C9748", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679563689, "uuid": "eb25a0dd-e346-4eb2-a41a-904a7b7a7aa9", "value": "12288:T6Pgik9pKI6PM6UtqXHeCzeIZVcGE/AaiK76GC8sQyk7:D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679563689, "uuid": "09ea9cbb-7fdf-4915-a78c-cf28d64b79fb", "value": 968658, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679563689, "uuid": "1f256c0a-c152-4164-b68c-50090775e857", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679563689, "uuid": "97537bec-2727-47d3-8557-7f94c91bb664", "value": "vx9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a2dbeac-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload (EagleRAT)", "timestamp": 1679564232, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564232, "uuid": "9d30bad2-e999-425e-bacb-9e4e44f3fbf2", "comment": "Malware payload (EagleRAT)", "value": "ca6a4db4964f4475bed525178ad92f0c", "object_relation": "md5", "Tag": [ { "name": "EagleRAT", "colour": "#48199D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564232, "uuid": "d7b8f9a8-ed10-42c2-b7e8-21f86930c3d7", "comment": "Malware payload (EagleRAT)", "value": "3efee23e062979685c1efb87ef9c739630c4da1e7a7ad22e8c45da66ad0f4b3c", "object_relation": "sha256", "Tag": [ { "name": "EagleRAT", "colour": "#48199D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564232, "uuid": "9b94470b-df31-440c-aea5-6eee0527ff5e", "comment": "Malware payload (EagleRAT)", "value": "66eb56d69006dd3df2ae8aef566bd8a7f70a0cb1", "object_relation": "sha1", "Tag": [ { "name": "EagleRAT", "colour": "#48199D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564232, "uuid": "cc2df9f0-b307-4a7b-8ca7-7146637aefa6", "comment": "Malware payload (EagleRAT)", "value": "8bb1df8434dfb2181b3994681b6886b3d40df01ba7bba67b3ee8c7e630a389d6759bcef69cde0921f9e6c50e2501276b", "object_relation": "sha3-384", "Tag": [ { "name": "EagleRAT", "colour": "#48199D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564232, "uuid": "b441a570-23d6-47fe-a041-d199a987e134", "value": "T18853F22C3B978158C875463982E3560893F1C3AB5607DB476CCDF42DBA262C794037F8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564232, "uuid": "0f63ed60-a10c-441f-9ccb-aefdcb9a6940", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564232, "uuid": "d8c24c5d-9abf-44c2-a96e-a4436e124ef3", "value": "1536:ih3HaMmkefuYjsDAiENQVseNbIB2Cdoo:i3GNjsD8YNOtCo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564232, "uuid": "9a1ee7d3-9273-4168-b63d-ef42e7880acf", "value": 65536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564232, "uuid": "af4084ca-bfd2-4d50-ba67-19393fd4843b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564232, "uuid": "a47df690-83e7-41f6-b637-746edbbef18a", "value": "ca6a4db4964f4475bed525178ad92f0c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c87e93b5-c920-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679537815, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537815, "uuid": "43e18f7e-2601-4d07-a64d-3e5b4355ad57", "comment": "Malware payload (Smoke Loader)", "value": "0be227f84b9a2300836fa5b24ac35e27", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537815, "uuid": "02221e82-017c-46aa-b72d-29feb7514a08", "comment": "Malware payload (Smoke Loader)", "value": "3f2a744ffcc0b40dd989812714bc1d8aff95873df4594a0bc62383f258a75d22", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537815, "uuid": "e8cac117-86b5-4b61-a98e-763fdb3d57ca", "comment": "Malware payload (Smoke Loader)", "value": "1736ac49d3fedc9c8e022f68010ac6d490f39958", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537815, "uuid": "4a35520b-47d3-45ce-9697-f257b055bb43", "comment": "Malware payload (Smoke Loader)", "value": "6b3f9e6f9ca7a5493b657f59e8e0bd5555f6855a5d578f1ae1fbc6585f1c31199201c2d66c307f7476114bc278989257", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537815, "uuid": "409f6720-f52d-4fc1-ab3b-b1bf833c4668", "value": "T194447E0253E37860EF2787328F2AC7F42A2EBC609D5BBA5E175DEA2F0D741A1C552711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537815, "uuid": "91516e19-16c7-4ab5-8b7b-eef098f71ea4", "value": "0c7d5e3cc418522bc761bfea9cf074f4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537815, "uuid": "0b275a4a-fd71-429d-85f0-2406ba2ab53c", "value": "3072:EP2wyO36XRYg8bNEj87XVUt7lLVFAd9WP00PHKBve2NrU9NMa:uqXZGNv8lLT8WxPqBve29U92", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679537815, "uuid": "d8624c27-5636-42bc-a40e-bae63c4653fb", "value": 253952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679537815, "uuid": "c1ca5a41-75dd-4e17-ab2f-d6f9824dec93", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537815, "uuid": "aa92992f-5e05-4b1c-bd6c-5bfab6e8a49d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c53709f6-c989-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679582907, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582907, "uuid": "2bb19952-3a73-47ff-91c5-0146b82a3520", "comment": "Malware payload (SnakeKeylogger)", "value": "5fdc6540a40ac238032a5abfb37c320d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582907, "uuid": "5ec11d90-fcbf-4175-80f9-51bdae9589b9", "comment": "Malware payload (SnakeKeylogger)", "value": "3f380f78cc986824f49f8e5f4a93f6a4fd5355f5086ea15948fbafcb5e7ebc31", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582907, "uuid": "4fa4c1b4-80dd-422e-bc1b-613af6e3405a", "comment": "Malware payload (SnakeKeylogger)", "value": "216b7f1e181c4eeff7c2b6950b98126e5cf3ab45", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582907, "uuid": "8b1c33d7-a077-461e-a6cf-6de90f50cde6", "comment": "Malware payload (SnakeKeylogger)", "value": "3a006063596f7ca684c6968f5defc19ce0d32223ce0bcefbfc0759d9e9cef5f144e8d8756c618fe6256620b796f7eee5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582907, "uuid": "e0bb35bc-82ea-44c0-9180-546a6cb39020", "value": "T1C435F111FE3A4977F8EAD3B41064173E07B9BBA16021D2898AFA68893CDBF5304D554F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582907, "uuid": "a7055fa3-e86d-4245-adf6-c163f8a21641", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582907, "uuid": "bdd981ec-71bc-475e-8393-828a3389c084", "value": "24576:08QDuUZG/qnQ88xgw0zFkQ5m9hEv49a1ojIHeUOdV7x4OqlEiW4z:VQDRZ1Qt30zFk1hEvjokHbOdV7G9Gi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582907, "uuid": "c901c71c-18e0-491c-8afd-799dc4205209", "value": 1163776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582907, "uuid": "906da46e-4e3d-44fa-8cc1-67e00f6aa644", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582907, "uuid": "946c568a-568e-42cc-b2d3-dc7674dd7049", "value": "Signed po_000165.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6aacb51-c98f-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679585540, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585540, "uuid": "7dfedeba-916b-4f5e-b138-93a4ff03b5b6", "comment": "Malware payload", "value": "648219dd7985eaa6de6610c688a58070", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585540, "uuid": "96be3d0b-9ba0-47fc-a84e-7f382deadbe3", "comment": "Malware payload", "value": "3f6a0ee17f24285fea7a32bb660648d4d680674bc739cebb3d23187fe579a818", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585540, "uuid": "2913ae0a-b04a-4adf-90cd-732b62fe55e1", "comment": "Malware payload", "value": "f89728fe49aa728c374e3be882e77413c1673c6d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585540, "uuid": "736876db-781b-46f6-bc41-0f499b90fb81", "comment": "Malware payload", "value": "687a58056d7d4bf530fa42678a23cd73ac50353144876cd5bfab874568d33ed90f45e3f8788881fb016adab2ab64bcdb", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585540, "uuid": "4ad93e06-97b7-4171-9a79-81589375d877", "value": "T1D1947C00E8119176F4EF00F689FA57FE562CE8504B5539DB63CA2C6E5FAE8F22B39015", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585540, "uuid": "b59806c3-d658-4473-a3dc-7a567e10ffe0", "value": "c6c8817870c2a249021f0d134027d3f3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585540, "uuid": "d04f0f77-b7fb-4f8c-b0c4-c099d9dc9a85", "value": "12288:q26DEDIcoZ/CtsPEe9Hd3+6LRv5RI6UodmXz0qjJRz8xv:PMgXQqjv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679585540, "uuid": "77aeefda-a316-453b-9b6f-87e9fbb9eaf6", "value": 438272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679585540, "uuid": "7b4bd86f-1b32-4738-9b04-712519d8f6e0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585540, "uuid": "f35888c2-1fb5-4265-9e73-9ded9c0ef6aa", "value": "SecuriteInfo.com.Variant.Zusy.444498.27445.6082", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57598bd9-c967-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679568120, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679568120, "uuid": "594b2e63-9e05-45cf-a064-539f78a8c8de", "comment": "Malware payload (Gozi)", "value": "7e2e5850b42df62d2f3f1f0f9292ccd6", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679568120, "uuid": "7c4cf2cd-c0bd-4060-86e9-d9feb87e9de9", "comment": "Malware payload (Gozi)", "value": "4016c0c592d893396bec7ed3ac9897f20d90cd996e6f5fcba2bfc0bbe8571e04", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679568120, "uuid": "663f8f8e-2687-4fd2-b048-961388e1d306", "comment": "Malware payload (Gozi)", "value": "b84cc18f004d1137cf275878f6604c4c3a89d783", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679568120, "uuid": "9ef10b3d-0bf4-40f8-aee8-f3bab16cf1fc", "comment": "Malware payload (Gozi)", "value": "7255407fe3aac2ee21907ba4fe6eb994cafe7b95dbaf3801d6dc28c229f30e993c7eaad5a4dfa69958b408dc1120bb86", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679568120, "uuid": "65ec7410-f7b3-4319-8cd5-8478e81d6a33", "value": "T19DD16836825C2FFF297631AD0C2842B325A2953B7B7F2DE7B46005A8251CF5051B6EDB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679568120, "uuid": "3251ffa7-828b-43f6-877b-30c6b217d90f", "value": "192:M/fnUwLR8EzDM9a9gJ3txM+m53zbfPLrFaLc:dY45+nn/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679568120, "uuid": "c079a485-c06d-4fb7-9e1d-0600eb9c423e", "value": 6696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679568120, "uuid": "a79370d3-f9c7-4495-acc6-7352187573a3", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679568120, "uuid": "64aeb102-7461-4324-9bac-ea9d11559856", "value": "Fattura 3555 2023-300922.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17f70326-c98b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679583475, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583475, "uuid": "969190d6-db07-460d-918b-c36ab8ea36d9", "comment": "Malware payload (Mirai)", "value": "ab271fd3a8b6973bde6adfa089a18158", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583475, "uuid": "d44b7d8e-e526-40ea-807b-42f539870a10", "comment": "Malware payload (Mirai)", "value": "40d74090253f36b6a22ac291e39d31d16a3ef428b0d06dcb116604426fdec514", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583475, "uuid": "e7fdd2d2-40f7-4368-8659-0d5eba20123d", "comment": "Malware payload (Mirai)", "value": "cc87365d0826e49695ffe0d2237db5b147537914", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583475, "uuid": "b94cc735-e133-44e7-8420-56b9240fb184", "comment": "Malware payload (Mirai)", "value": "96beb2ffaea19e5b4ad2bcd26bcdc19bd7e4ab250b60e506ab315627302bf73e25bce1f1d3af41a04c86007bff7589a4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583475, "uuid": "f646b840-6d7f-4cea-96b1-e7d8e70adf18", "value": "T1B3633A21BA761E1BC4C1947621F74B25B2F143CA26ECCA0A3DB20D9EFF71A446543AF5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583475, "uuid": "ca026be0-444e-454b-90e8-868e2869b1b2", "value": "1536:lGBVg7AOotXhGIAsQ/VJAcQhQm75YH/tatUl:lSCz5LiQmVN+l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583475, "uuid": "108eebc9-9739-4e65-bb7f-25d2d25df282", "value": 67312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583475, "uuid": "6d648a22-cfd9-4033-8716-38e03ae37b37", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583475, "uuid": "383ab840-3749-426b-9542-df33307f34b7", "value": "ab271fd3a8b6973bde6adfa089a18158", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3dbed6de-c967-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679568077, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679568077, "uuid": "df299c06-727d-48cf-a785-a5ac48044f54", "comment": "Malware payload (Gozi)", "value": "f5c43674b4886c96cfd1f591c516940b", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679568077, "uuid": "6f4ed8a2-6d57-4d96-8491-1876f4cdcc33", "comment": "Malware payload (Gozi)", "value": "40f3738836644afeba85448d8366253e964fdcb112c949649f0c595833cd3359", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679568077, "uuid": "d3a28711-cfec-41e0-851a-9d64a68b4cfb", "comment": "Malware payload (Gozi)", "value": "02c1962e92c96c00cd425622f6364783506c0a3b", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679568077, "uuid": "4c26e352-7e78-4d93-b54a-ba416aa2e14b", "comment": "Malware payload (Gozi)", "value": "35c0507c7bff7468a87e3f0d2908d8c573ef87e8e0d2efcb1ad8bcd3374fb1843b62ee2c75bf5072be32692ed6bd785d", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679568077, "uuid": "f4b68ed5-4f2a-47c0-9838-37f3f3ef983f", "value": "T1E8C2E04F6836842EC1628B41D907329867DA35B29DD104F6197DED9F2CA7140F387EFA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679568077, "uuid": "9749a58c-a22a-4bcf-908e-714f25b48059", "value": "768:hJ5i1ov+mNFBpR73dL5Yl4pLPrR3+2Ui0I5I39aX5jI/Bi:P5gmzPRTdvpLl+2UiT5IuI/Bi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679568077, "uuid": "cbfa0173-909e-4374-a84c-57aab01d692b", "value": 27257, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679568077, "uuid": "337864ea-15cb-480d-ad22-ce5b8be2205b", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679568077, "uuid": "6a0edb92-6060-4b73-a8d6-6f76ee909c34", "value": "Fattura 3742 2023-3009124.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e850a9cc-c989-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679582966, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582966, "uuid": "4226ad4f-6692-4ce6-9a30-18daf4605e30", "comment": "Malware payload (SnakeKeylogger)", "value": "c1725abc0b07660d9d6311eecad9fa6b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582966, "uuid": "13919ed0-8b90-47ed-89eb-0bd9f00514bc", "comment": "Malware payload (SnakeKeylogger)", "value": "41250460b0bd531bfc6dbfd7e442e9039f3041f293591fc283bd831ea1d25dbc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582966, "uuid": "b34ca0c0-59ac-40a6-80b6-8d638c8ac89d", "comment": "Malware payload (SnakeKeylogger)", "value": "3bc25f102a09675954457a95947ff8c22d52be2d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582966, "uuid": "ef985997-adf1-4da9-a3b9-6bf474d5f8de", "comment": "Malware payload (SnakeKeylogger)", "value": "58cb8fb86b8d48b2d0def69ab83f766734a6e0148cda6a7091d2f57b221a22f42a7ea5e3a9e1dbe29bf66dcd9210b052", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582966, "uuid": "445789c8-0d88-48aa-87ce-9786874a03b3", "value": "T122254A44138D6E16E1FECA33D8F06B9A8B70F460E7EEE30F34A059AC5459B5A5D01E1B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582966, "uuid": "b580375f-84a6-43b5-803c-2ad4bab176c8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582966, "uuid": "106c35bd-0ddf-497a-8eb8-d4f3df96596f", "value": "12288:H6Rbr16aA9l32v3Vz4coGdREEf8sz6RsU+TLhkM6iM8pTnRkF0lyFZFW5nNf6phs:H6iarrh0s2OU+T+TPMTnRkjZVhW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582966, "uuid": "c982e23e-0365-49e9-9fd0-723938ba27ea", "value": 1047040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582966, "uuid": "359dec87-e418-4a8d-b55f-9c1cdd63ccd6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582966, "uuid": "fa5a00d6-848a-4656-8f00-917813cc20cf", "value": "Freight Payment.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a440faa-c955-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679560340, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679560340, "uuid": "69e57157-2e3b-46fa-9c2c-d746f4cb6c34", "comment": "Malware payload (Formbook)", "value": "64557121d459383777f4c4f5c611e59b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679560340, "uuid": "f30ce895-45da-45d8-886c-6f1a7540330e", "comment": "Malware payload (Formbook)", "value": "415368c42994976a96d870c801364a58a56ace26be19dab123bb0c45f788c105", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679560340, "uuid": "57e3c315-1040-4309-a4ed-b8b45946b968", "comment": "Malware payload (Formbook)", "value": "c59a07cfb7f6268ed914137528fdfa857d20c1d8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679560340, "uuid": "47812eef-8f12-4e7b-ac1c-548a625c5a6d", "comment": "Malware payload (Formbook)", "value": "44538546d6439a3537fba764e12fa6576d587c82c3422652491ee31e0edaf59e60f7946f52159e20130fd9809f54461c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679560340, "uuid": "8dd923cd-ab14-4ceb-9cb4-d7068ef1e3b1", "value": "T12333199533E90222EBEEDAF44D7393070739B5139926E74D48C601AE57BBF9289403F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679560340, "uuid": "aefdb309-a997-49a8-b5bc-fe90e6db3635", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679560340, "uuid": "76a9a179-670b-43d0-a20f-e4b97603a15b", "value": "1536:5MZ6O2pAM4xs2P0IK5us4o9Fb2WPsM+Ofnxcx4v:Tj2PVK5us4o9FlPsM+OZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679560340, "uuid": "9f51b15a-667f-4194-8044-929a07e79963", "value": 54272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679560340, "uuid": "027e0b20-66b1-46a6-84c9-3b807a4fe4e7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679560340, "uuid": "ade35bf5-949e-4624-8119-2c056b5cee04", "value": "SecuriteInfo.com.IL.Trojan.MSILZilla.25629.12905.1460", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b1e1d1b-c9c5-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679608391, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679608391, "uuid": "f7ceab3b-a8b6-49d1-8ee8-1bdf7035c53b", "comment": "Malware payload", "value": "660d960a924c99676a36040fc2c641ce", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "smtp", "colour": "#E64C5D", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679608391, "uuid": "5a917794-e993-4240-83fa-0cc7882af017", "comment": "Malware payload", "value": "41acb9b5d9b87e1a5f5ccec2114478f2806127a609d27e6e4a78ec3202212fb6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "smtp", "colour": "#E64C5D", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679608391, "uuid": "f5b50c32-7bdd-4c27-a139-8f76184f8c6c", "comment": "Malware payload", "value": "41dfd3b2e2f5aead8843edd8fdd9cb3005f2dad3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "smtp", "colour": "#E64C5D", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679608391, "uuid": "57c76c81-c4ab-4f8a-ba08-c7bfeed4c10d", "comment": "Malware payload", "value": "0a546ac2895126abdc799b7c124b7e27ca0cbbc9bb7b7d2b3f9c60f5e34c52968f8893179f6f7f1a17ee59dd667e7eec", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "smtp", "colour": "#E64C5D", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679608391, "uuid": "9fe4b3ef-f695-44c4-85ff-088cb991c3cd", "value": "T13E5533CDB9BEF9F532923AEEE975AC19B4604845B961A4C33C687470C200E065766FF3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679608391, "uuid": "c93ad2e1-60c6-453a-b1f3-d29c503e3183", "value": "24576:Q/amkHv/F65gnAFLpudSaoRs+AMDv5UqKoqPHUmUiG1ytePdhk5D4f7I:GamqvYpRaoh/v5Uo6UiG1ytewp4c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679608391, "uuid": "428432cd-a105-4490-914e-dc8dae1053ae", "value": 1355352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679608391, "uuid": "64fa11d8-7aa0-4e77-a576-b6e109ada6b3", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679608391, "uuid": "7e9d2eeb-9676-4544-8c29-2e0b97e6b7a9", "value": "New Prices List.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a71acbe-c91a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679534946, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534946, "uuid": "07371607-890f-4358-875c-9c3674e7a1a3", "comment": "Malware payload (Smoke Loader)", "value": "5b80d4b584aac8f2bda0bd5556647de5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534946, "uuid": "8431b86e-20a2-48ed-9795-4ea5d308b1ef", "comment": "Malware payload (Smoke Loader)", "value": "42afae2918c95a8ce5079d88cf52a7251d2bdd44242a17ef5882586261d4a858", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534946, "uuid": "aa05a29f-4a4f-4772-afc7-8a77b4d5d196", "comment": "Malware payload (Smoke Loader)", "value": "480217e0afd50e2f580eccae75a435182969b8eb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534946, "uuid": "ef6c7430-dc4e-4aa2-961d-02e1786bad09", "comment": "Malware payload (Smoke Loader)", "value": "39207a2af37c1dc8edfa8cac26ee2d049fb9f6252739759e057c81e5578fbb55438d1a66fdd7add3e8654327337d175a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534946, "uuid": "30aad0f8-e59b-452a-a3f3-e199bd602b84", "value": "T17E747DC293E06C60E1164732BE1FC7F8261EFCA19E597BAE1359AE3F0970163D162719", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534946, "uuid": "bdb01324-315b-484b-913d-8aad2e5a9f2d", "value": "c3df3d0d993bdeac73a0f5fd62093e4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534946, "uuid": "1d67392c-a3b4-4d7e-a0ad-160e0f35fd5b", "value": "3072:6Qujln06/t4hjuaDtyNtsAMdGqDfI9Q1ATnzO1siEgwn0JV:Ert6RIuf5kndV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679534946, "uuid": "1cf82513-bf5b-4aca-9309-1f3b78abb095", "value": 368640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679534946, "uuid": "6a3501e1-6ed8-4a41-bf90-0b2ad0a8eb33", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534946, "uuid": "220fdafd-b035-4cce-97f1-a9b54f58b691", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73b92565-c987-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679581911, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581911, "uuid": "d1e1d5b2-da3c-480b-9de9-1a8565f8670b", "comment": "Malware payload (Mirai)", "value": "64fa200da545740a185de78da59e1b7f", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581911, "uuid": "39123c75-cff9-4a84-a2a8-ba5eb2cbe220", "comment": "Malware payload (Mirai)", "value": "42d8ca959decbd2f678136e9274691b7086cd0150eaa4410d84f6d70ad272b02", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581911, "uuid": "ac359e9d-8bce-44c9-a585-cb3868f68f18", "comment": "Malware payload (Mirai)", "value": "0a84077c5b71bddb7767e4f9dc5f57fead191532", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581911, "uuid": "f721b287-616e-4b3c-bb28-e31d9ec88557", "comment": "Malware payload (Mirai)", "value": "aacb7557ac60fde4b31f2caa6fdec282420df7383ea3e30d93c8ed5e715ef04e17d82eb9db3c823bf7c23b3916004eb2", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581911, "uuid": "414e52a4-a9f9-4d86-bbe3-5393a88897a6", "value": "T127534B17B58280FDC09AC1744B2BBA3AD93775FD0378B2A677D0EB262CA6D211E1DD44", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581911, "uuid": "1f3bc1fb-02e3-4e5f-88e8-83b5ea701b31", "value": "1536:dpmbSQ6U3q7cCBT/lZsK/XDiQ5ILiKimfFoktCe3fYRMz:WShU3q7cEDlCK/XD+9i8Fok06fYRM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679581911, "uuid": "e31f9e07-f9aa-44d0-ab80-fca5d7468096", "value": 63296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679581911, "uuid": "403ca512-e4f3-49c3-afcf-52be5d349ae5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581911, "uuid": "8d7e1d08-1aa0-4d38-ac98-6662bcdfcb69", "value": "x86_64", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f827c8b-c9ba-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679603782, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603782, "uuid": "6cb16ebc-38b4-4fab-b8a4-adc201a9e91b", "comment": "Malware payload (Mirai)", "value": "d3306038659c8276bcd095d8c8587448", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603782, "uuid": "929af205-ea96-4de2-8107-caa5137d2932", "comment": "Malware payload (Mirai)", "value": "433deee4c2f6dc611ec522163ceb70a513a0ef5bf9f7829082f49127009ac66a", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603782, "uuid": "4c2053b6-0117-41ca-bd24-fc28fb3dbb4d", "comment": "Malware payload (Mirai)", "value": "e4bfecf0f6c618be961e5062826b5d500a775185", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603782, "uuid": "9a4006c0-c218-4b61-864d-fc731b35345f", "comment": "Malware payload (Mirai)", "value": "3721991be44585d18ed0e20ed4f79ba9337d1e392b7b0d13f06ba1c5ea5a0f9b1aa9cdeb4960181cf2334bf70b71ecfd", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603782, "uuid": "ae0ce73d-f020-4e4d-9e35-c83ac5d1caf0", "value": "T18203F656F8C28A67C2D11376BB6E5B8C372173E8D3CF7213992457607ACA61F1D22E41", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603782, "uuid": "acbe95fe-53aa-4048-bb24-9a4f34a1c893", "value": "768:4oJxiRbbkG56P8v9OAZO1nk0xSDuon5yCULzq3b1EkMew3MqlWfov7wgJ2:4aUbYG56PIB5J5+zq3C7MqlWTgs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679603782, "uuid": "6c951626-7663-4cbe-92c2-d6fc892724da", "value": 38144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679603782, "uuid": "0ff598ad-f07d-463e-b3ae-8e9775c4bd43", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603782, "uuid": "3d6edea5-b62e-4bbb-8917-72f465ad0fd6", "value": "nigga.arm5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "feeea49f-c917-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679534041, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534041, "uuid": "adafcfd7-5dfa-46d8-8d7b-1dde1de189c1", "comment": "Malware payload (Smoke Loader)", "value": "2eea95e15f31b27dc0e88204d6947af5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534041, "uuid": "6fb89163-b8e1-417e-8cf9-9b709d1d800a", "comment": "Malware payload (Smoke Loader)", "value": "43432bb7198d636737aa127e77c175e69232bddf6df0c52ae364f43b9b8bc54e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534041, "uuid": "0232798d-a600-42a7-9cee-39ef38d6182d", "comment": "Malware payload (Smoke Loader)", "value": "52f3a164b9f677c0c88cf0ddd45d0d96b177a921", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534041, "uuid": "a58bfc7d-b880-4c9f-89bf-9a8e3930fb74", "comment": "Malware payload (Smoke Loader)", "value": "7ca097bc264243a5398e24e1587c75fd354e8f7403b7bff3a665439892dfe69298144fa6b26c5260ed414a611b9c3772", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534041, "uuid": "cad64d37-fe6a-4ea3-b3b5-3d291c90dee5", "value": "T1FD845D0253E36C60EF2286728E1EC3F42A2EFC519D5B7B6E134DEA6F0D741A2C562715", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534041, "uuid": "a13f84c2-d30a-4be9-81b2-7ecfede12bf5", "value": "05d87b5aa905cc75972feaf183240d59", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534041, "uuid": "5f0a8fe7-14aa-494b-a6fe-e26e19203ac4", "value": "3072:eud0Ya/nP8tGt8cSj3Y9hp27uTegN4lbJKdJ92Qadkoo8cQrpB3vWoEOMa:euNJQ9HUuQKdJ8QHooYrpsjX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679534041, "uuid": "3fd2d234-b98e-4277-9e37-eb722d78c6e7", "value": 372736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679534041, "uuid": "62cac519-f451-4ea9-9021-6633edcd6e59", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534041, "uuid": "05e9885f-9b4b-4eba-b0cf-c21feae89d93", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28aed36b-c949-11ed-88f6-42010a9c006e", "comment": "Malware payload (Fabookie)", "timestamp": 1679555157, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679555157, "uuid": "3609bf58-bd0b-4ce5-abfd-58e2d4b5976e", "comment": "Malware payload (Fabookie)", "value": "44d59cf2b7e4700b703e95eaa7fdbdc7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679555157, "uuid": "12145000-8b98-4131-b113-6478f35e215b", "comment": "Malware payload (Fabookie)", "value": "43e4574bbe757104766b7299c8ebf76026f0932b079e6a0ecd4325f6c0ddb36f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679555157, "uuid": "86814f48-96bc-4ac6-9c63-469acc172c47", "comment": "Malware payload (Fabookie)", "value": "879ad987dfd297aa23626ff824da3fd43a09f32f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679555157, "uuid": "0ef12ab1-bfbe-47fd-aa14-3732e2d59262", "comment": "Malware payload (Fabookie)", "value": "06c70305fa0d66cb2e3ec8d5c218e97233c2fb889f313c18a030e4b3ade0ebe5f7ecff0c68363dac0cdba0909fb47318", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679555157, "uuid": "b4ad38f0-c1a6-43b6-9638-65d06946c584", "value": "T1CA156C5EB66C00E9D0B7C179D5439A03E6B6740B03B15EEB139147A63F276D88F3AB12", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679555157, "uuid": "af45f064-a31f-4d42-8f2e-28b3c016e699", "value": "ca4024c0e7ca045d1b257058baf9658b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679555157, "uuid": "ee6c4fb4-eef1-4c87-b4f6-502ab04fac40", "value": "24576:6yE8JiMHd/BieyIMZR9ejI21FiWOnoxkNMu4dXxbfat6Z:kCiMHtBiez+Rb21FiWOnoxkNMu4dX9aE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679555157, "uuid": "1d32f088-5c84-4f67-af63-278497a82440", "value": 886784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679555157, "uuid": "3e13037e-3812-43d7-b166-105d6db18838", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679555157, "uuid": "b915fd2c-acad-4bd0-be5b-335e7113a2bd", "value": "44d59cf2b7e4700b703e95eaa7fdbdc7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1bfee126-c9c2-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679607104, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679607104, "uuid": "c197d99e-c5d8-4cf7-b376-268084e60b01", "comment": "Malware payload", "value": "70d695075826843cc3038c80f6a8180a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679607104, "uuid": "eadc2cf2-377d-4ac1-9d07-1a128c552859", "comment": "Malware payload", "value": "43ef093bd74e97ee55e1026c5a5a18709f43d439a30ad54f779b70a280b8de3a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679607104, "uuid": "64d12b20-d792-4125-b4bb-0dd94fb5333f", "comment": "Malware payload", "value": "0d31dcf577358d5fac6f537c88b6ae87081c9eee", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679607104, "uuid": "b7a097d1-9782-4851-ab40-e5ff7e439f0f", "comment": "Malware payload", "value": "3a82e2cc34fe26c4c83010bc80c697520408bab25c78787b7ccf646686946ea94bed7df4c380fac2311635041f8d0cb0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679607104, "uuid": "ccff44d1-3471-4988-9e42-8b435b573781", "value": "T182A422FAC7E5B831EF3241FD3C3145CAC0291722660ABC99B98F399A0F254576B563C6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679607104, "uuid": "a16ae83e-390c-4bb8-bda2-7253ab3cb529", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679607104, "uuid": "7ebc574d-882f-49e8-8e55-373ba376945b", "value": "12288:zuxDOY26KPGVwZXuzGOPYg3e3xxQNelV:q34PswZXmGOjox0elV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679607104, "uuid": "970a34ae-c1b3-4d2c-a99b-f659c2550815", "value": 492544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679607104, "uuid": "79340bd4-8fbe-439b-a1be-f4104be00b35", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679607104, "uuid": "36686ddf-e2f3-47f5-8e71-5180241c0e5a", "value": "SecuriteInfo.com.Variant.MSILHeracles.71936.8001.19372", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d57a2720-c990-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679585941, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585941, "uuid": "e1b88d11-9f88-4972-8cbb-0201598c6c61", "comment": "Malware payload (AgentTesla)", "value": "e25ba28c98fd19bb246b053547482982", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585941, "uuid": "bc5af931-b347-421f-b347-738c8a999102", "comment": "Malware payload (AgentTesla)", "value": "4413fb6a572458453c297b8e4a45c52d91b8b7ffc969668d7bdc15a501e475ab", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585941, "uuid": "1498e4cb-95f3-446a-885d-0d9d02c27a1c", "comment": "Malware payload (AgentTesla)", "value": "bd0fb38c5bf323a7a888a5b953b230289063f2a3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585941, "uuid": "a2c12f96-db50-4188-ac21-a6715ab67881", "comment": "Malware payload (AgentTesla)", "value": "7d8b191ccb5fb0450f54c5d4763be1812961f1189a378833c0ce3f0788878fbb7a0e65020ce87a51c75a668e867e0d2b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585941, "uuid": "e525be99-e7c9-4008-8e59-148313d8b63c", "value": "T11BF423EB4EE523877829E5A70252D1B807D091E2DF3FB9372A24F4C65E3A9702C93157", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585941, "uuid": "869a49e6-b822-4ee8-bc21-5ab15e5b9e26", "value": "12288:Xu/IG2qZDsgbBzGF60/5h1notYz3fsJPcL+SA0B61sYmBgcSL/W4LTlJBkMkwjaL:+/IGtBsglzR6RPrI2RA0B6WBo/zlAvuC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679585941, "uuid": "cd4ac25a-ffe0-4b51-aafb-5383e9ff8676", "value": 734445, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679585941, "uuid": "7ef315b1-cac3-4406-aaaf-937e76a2245c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585941, "uuid": "e88ac3b7-0a82-4605-b02f-c8ac6c904bb4", "value": "QUOTATION REQUEST 2145575777.PDF_1.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad776a79-c993-11ed-88f6-42010a9c006e", "comment": "Malware payload (Guildma)", "timestamp": 1679587162, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587162, "uuid": "e418e01f-8e1c-4712-9995-30fbdbab8b88", "comment": "Malware payload (Guildma)", "value": "6ce3cb2d27beb798f1addaf900fbfbf9", "object_relation": "md5", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587162, "uuid": "4ac609db-6bea-451b-abc3-eec27e2f9d4b", "comment": "Malware payload (Guildma)", "value": "444b15b51f5a695c2dc63f4b8d76a0081683954843935ac55516525ec7f853d8", "object_relation": "sha256", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587162, "uuid": "e214ad6f-9ad3-43d8-88f7-aa2761be40ac", "comment": "Malware payload (Guildma)", "value": "1b9cda342c5446398fe37bb86eba86b0aada3aae", "object_relation": "sha1", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587162, "uuid": "d7db4f03-0c12-46be-9c8a-1de4e4610375", "comment": "Malware payload (Guildma)", "value": "cf7e3f654e694f7643025f58d8a97d0954ffeda0f9558bcd16c93f080e67cebf2dfe11687f554c65fb57aecc918a5964", "object_relation": "sha3-384", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587162, "uuid": "93e34629-1555-46b6-a91c-d2f686f6a0d6", "value": "T170E07D0DF2922E02107D10604D5B1E68488875831954249BBD5607831E18EC18A5D3D2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587162, "uuid": "b3575aa9-cecb-4385-a2ce-0cd82d6c3204", "value": "6:SGIfGlkfqjnciof0MIjdoxLR4OmpomsXeRHM0n+RXpCpDWgBABSS:QgkfqDEijdKLeOmpom73+dHpBp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679587162, "uuid": "02b44b86-39e7-4bae-91cf-fd29d10cb272", "value": 309, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679587162, "uuid": "b891dfdf-30c4-4f6e-a474-07f8f92c58ee", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587162, "uuid": "c61cf862-95bf-46aa-80f8-b112cc0d586b", "value": "Visualizar_CRLV_2023_4142619_406.42766091.234780.48945.cmd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40982026-c97b-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679576672, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576672, "uuid": "495f2a2b-a7ae-4a0f-bc73-43c94caa1708", "comment": "Malware payload (SnakeKeylogger)", "value": "9f488e91936c3e39d4c8d9923d067cf6", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576672, "uuid": "75afc426-dbf9-403a-93bd-f0dbd9469700", "comment": "Malware payload (SnakeKeylogger)", "value": "445b1f82727b8efd01c1270643deb6bc69ef1654ed8f53499fe06fe4be77c977", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576672, "uuid": "204270b1-dea0-44d4-88a9-4d6661fc0ccb", "comment": "Malware payload (SnakeKeylogger)", "value": "441ab47e76bad211060e7d7ef4a58911a98a3477", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576672, "uuid": "2abb2d3a-42ef-415e-b1ed-582458622946", "comment": "Malware payload (SnakeKeylogger)", "value": "a6341b7dd5c3982c8666e335b862a368f635d87fec8fec096182e155977cf7a58263a1c5d7073586409d09e09ea435dd", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576672, "uuid": "172d40dc-3a11-4261-ba5e-77a32081b23a", "value": "T12345394923866A5AD9FE5A32D4F12B5A47B7DC60DB9FF30B2480B5A80E36F521F01713", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576672, "uuid": "60aa9a6c-262a-41fe-9a9d-ba4bc5a97025", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576672, "uuid": "8214be53-66cf-4bd1-a438-f2bb881cfed2", "value": "12288:mQMZ/k1OHC+BNRz8knXWG4DIWLt5Y345yOEmmTM6iM8ltt9fkfhSPc+3GYNsMJ:mQM7tWdDIWZ5Y57mCTP4lk5SBNsM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576672, "uuid": "f299a8f0-4f1e-4f2d-80f7-11538a2ed7f6", "value": 1254912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576672, "uuid": "ba4a38a3-eaaa-4ded-94b7-ceb12bde0156", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576672, "uuid": "d9f6298d-3409-4178-8237-bb68c8deb7f1", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2cf50a57-c977-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679574921, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574921, "uuid": "0f4c6112-6055-42ba-87f8-30e923b5b081", "comment": "Malware payload (Gozi)", "value": "1932d5cf05220872391eb16b5c76a2ec", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574921, "uuid": "ffbee5b9-e9e3-4080-bebd-67f7ff705e06", "comment": "Malware payload (Gozi)", "value": "4585a02b2bef0f4ee03c05eb71a713d2635e1ec0d9876e263fc45d01f1b2dd79", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574921, "uuid": "bc6ed3cb-23dc-47fd-87b0-43c107c1ffba", "comment": "Malware payload (Gozi)", "value": "8cf0bc6bcf316afa4090cef6c248849b8f418bf5", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574921, "uuid": "98abf73b-2390-4daa-b3e7-f17a78356916", "comment": "Malware payload (Gozi)", "value": "605a985cc67ae1a013c610c898db9f21482c5978f5ec6ca1f763559bedeb4f5f79f3f0096af3961b4869bdec41adcd0a", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574921, "uuid": "5a21bac0-f07b-42ef-8787-3da0651d8bfa", "value": "T1C1D2BF96CD47EBB6C967272405A429CC41A5E621F098B9C8C9BB362021E62CDF0D3D7F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574921, "uuid": "84bbbd52-0d32-4252-9490-172a45db35b0", "value": "768:b7LFLZE1uSE7SuePrHrwrL2wFDF7FeFYFnFCIKp:fLFLi1bPrHrwrymxJ4uFC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679574921, "uuid": "26d52bd2-f77d-4d82-8f8b-dec3b7e19ff7", "value": 29237, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679574921, "uuid": "0c7aec4a-d66d-4323-8773-ddb98b6ba2ac", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574921, "uuid": "db1e74ed-9212-4ee8-8fe5-86d1788d5e52", "value": "documento.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2fe0e0c0-c94b-11ed-88f6-42010a9c006e", "comment": "Malware payload (CryptBot)", "timestamp": 1679556028, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556028, "uuid": "05566bf5-a4c9-4d16-89e0-099833555b2e", "comment": "Malware payload (CryptBot)", "value": "c66baeff16af16f24789b728391b0b91", "object_relation": "md5", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556028, "uuid": "01e6c98f-1b04-4ac7-aa00-5d55b6e3dc0d", "comment": "Malware payload (CryptBot)", "value": "470d8301ac8d7e12baca136b154e146703c74b32bb495f4c5487339f570405d6", "object_relation": "sha256", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556028, "uuid": "9ad7c8a9-0df6-47c8-95b8-740ce929d08d", "comment": "Malware payload (CryptBot)", "value": "1a5cc9d0bb2dac69a4b44fe453001d5cc7833064", "object_relation": "sha1", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556028, "uuid": "2047666d-2e34-438c-8b1a-818452263b34", "comment": "Malware payload (CryptBot)", "value": "6a80305200515b77a8f167d2d95c8435761522d33ab69bb725436330e93675763b1fa97bee71ef585be1a350908a6935", "object_relation": "sha3-384", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556028, "uuid": "8b15e339-0fde-4abc-8d4b-9f78829e7588", "value": "T11B66232372663455D1E88D39A937BEA932731F5D89538C387096BFC6187B8F1F202987", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556028, "uuid": "3e9c5947-824a-435a-8e0d-bc02454a4cc3", "value": "36d75ecd818f0c5cde41f4ee2b1e9296", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556028, "uuid": "d95a0268-6246-435a-a9f2-9a3830ea34f0", "value": "98304:bO8KntSM3PAU0VIuZ6Q8ef3ReeBb2HPP0ooAE8oLjJ/NhZv6FJS+Zh1MXAG:pKntS9U0alef3Rp2X1F/sjj6/SYW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679556028, "uuid": "c392af0b-23c1-4947-8cc6-1d89733175cb", "value": 6542848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679556028, "uuid": "2344d93d-eb2b-4fdc-8757-1aa4ed397525", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556028, "uuid": "c521b244-2a79-4caa-99b3-a8239b9e4815", "value": "c66baeff16af16f24789b728391b0b91.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef79923d-c919-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679534874, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534874, "uuid": "443927a6-e4eb-40ee-8f2b-b7440fc5c41b", "comment": "Malware payload (Smoke Loader)", "value": "aacb013c0ea0b28ee8fd1ab2d7d4a807", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534874, "uuid": "3dff3bc8-a7a3-4a2c-92eb-5efa8f9a2803", "comment": "Malware payload (Smoke Loader)", "value": "474856f7ef590ba16ca96c9455a3468b0a8bad7603a27db82601b625e3f69e1d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534874, "uuid": "839cc298-5f10-4a00-9797-372d51aff691", "comment": "Malware payload (Smoke Loader)", "value": "e2fa587784b7f4a5b4c58e57746e49f0f65ba34d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534874, "uuid": "405e205a-9b14-4480-ad2b-73392ff42980", "comment": "Malware payload (Smoke Loader)", "value": "ed949e68526c5de91a9402866a0e59512a073a38d54800afdd5915472b39787072e638ed5ddef3918e5749d5e77fe6ae", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534874, "uuid": "840ff9f6-7869-4aa8-a9a3-c54eacb93e76", "value": "T14A745C0252E36C20EF124B738F1EC2F42A1EBD619E5B7B6E164DFA6F09741B1D162706", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534874, "uuid": "c84b52c9-b72d-49e2-873e-52e9fdff23fc", "value": "314565592a4a5f015f9741680eeed0ec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534874, "uuid": "43d6d033-c8d9-4e45-9341-05bac4bbd304", "value": "3072:hxKLYlkopqecj4YNGqeL/Z7jww8OH/5sCxbUJjOeMODJJ:hAlRN/OX0mkye9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679534874, "uuid": "7301e289-4396-4c45-9edc-0cfc707778b2", "value": 368128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679534874, "uuid": "d48b6cd6-c5dc-42de-8ddd-d24fe59e95c6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534874, "uuid": "45687f7d-a711-4a77-a556-c144fc8119fd", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bcba769a-c940-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679551539, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551539, "uuid": "04acae2d-a46b-4b0c-8684-b6549173d0fc", "comment": "Malware payload (SnakeKeylogger)", "value": "0600fd383dfdc1c13eec78c11c9a848d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551539, "uuid": "14d51197-b7ee-45f3-a135-a15cd74196cf", "comment": "Malware payload (SnakeKeylogger)", "value": "47e8a43a5dfcefe4d6850764bb413ffeab6724be3a37620853b686c9fb23db34", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551539, "uuid": "f890a7d3-a838-4159-9a69-f5f4d020cce3", "comment": "Malware payload (SnakeKeylogger)", "value": "f26e1ed9f1e4a926e613de202318652cdba076ec", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551539, "uuid": "d0f2cd7d-6008-4d5a-8f04-725868ab5f77", "comment": "Malware payload (SnakeKeylogger)", "value": "e95858db4997f891f26b496b5701c4bf5d0bca146770d6316fd1fcb7e69430872828a60ed49ceb08f656219732fcf708", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551539, "uuid": "aa7ce211-a92d-4c8d-82dd-fc38179926e9", "value": "T13C9401797A63C097E5413B7438B6F76AA730BE487E18770332407BAE3D336465D0A682", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551539, "uuid": "c89c2554-499a-4f9a-967c-36536c705b96", "value": "b78ecf47c0a3e24a6f4af114e2d1f5de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551539, "uuid": "05688844-8ed3-4769-a790-9f7631fbdf03", "value": "6144:8BeMoZqMFv+k0Q8It5gUqJ3PrYx4ePqAeHdKLAdXKEPHihu:ioZqMpB0Qwn3seeuKLAvf0u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679551539, "uuid": "800a7900-76bc-4dba-b75d-3ee3411c65b9", "value": 420886, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679551539, "uuid": "bea05fdc-7a1d-4ecf-96f7-49bf690b4d86", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551539, "uuid": "ddd43ec7-7431-4eb0-a7fb-d7001770e4f7", "value": "clip_image001.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd8806e2-c991-11ed-88f6-42010a9c006e", "comment": "Malware payload (GCleaner)", "timestamp": 1679586357, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679586357, "uuid": "b018006c-755e-4f0c-8e67-091ed2494108", "comment": "Malware payload (GCleaner)", "value": "339ccdd61e4dcfc1c73ecb33cbf6703b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679586357, "uuid": "2cf16d3c-395b-4498-9899-29d60f4b1e98", "comment": "Malware payload (GCleaner)", "value": "4891929d328a1b84f6c6b6f0b08a7b3e1c245e77edfc9c48f4b13c703cbafe9b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679586357, "uuid": "7de6ce44-b496-44d4-9f94-f55f5a7b1dcb", "comment": "Malware payload (GCleaner)", "value": "179b6883624d8f2513c3054947c226bff95edcba", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679586357, "uuid": "b84cb1ac-a55a-47a4-931e-8cc8943da341", "comment": "Malware payload (GCleaner)", "value": "0352cc78b03e3a3ff06b7a3bd152da15a58c34d8c0c0fc0dfc5c191882707ef235b20a628f73b3fdcbeb43bbe2ae03aa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679586357, "uuid": "5157b9e4-0e5d-4ecf-ba89-9b0a9bfce807", "value": "T1BD953317C9284471D2C36DFE9EBCEE516B0736A2063EE978604A2F4F0B765C78D8A711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679586357, "uuid": "4ffcfc67-e2f8-4d25-9c6b-c0ce434bc098", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679586357, "uuid": "fd09341c-0a22-4b54-bc5c-80eeafc0848a", "value": "49152:EGlJfsqdTiSXpAhiRzRdEgoOVaS+j0nLqTB+gUVtKl15dlLYp:5XiqjRpvrmghk5PYp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679586357, "uuid": "83cafb03-9b63-4b67-a794-af764b6bef3a", "value": 2012735, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679586357, "uuid": "8caf6963-65b2-4ae2-8268-c9dc278e4369", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679586357, "uuid": "8d642a7d-fbad-4ef9-9c58-e81719d43425", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "877f6ca3-c995-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679587957, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587957, "uuid": "6c597c6e-3ef8-4fa4-a2c8-310c63a5f12a", "comment": "Malware payload (RedLineStealer)", "value": "6b30714e2d2ed3b58ef41c3391a0292a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587957, "uuid": "240da042-44e8-4277-a0ed-86ea6ba6e1db", "comment": "Malware payload (RedLineStealer)", "value": "498c270d2379322070b1e104289d9338f374f85acf0f48c74d33f84da8a98e8c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587957, "uuid": "3d8c0dff-3e82-4297-834b-fce2ed9b9cf6", "comment": "Malware payload (RedLineStealer)", "value": "4bbfa272a39ddea6cdc715d9d8ea61abf97075a1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587957, "uuid": "30b9e259-4e1f-4c82-a5cc-0c18d87fa14e", "comment": "Malware payload (RedLineStealer)", "value": "6f22dd9aa00ee2260aadf383f238725f9eb178e9cb877ff3e00a6672dff739086186ef27077bafb8c0357f90df04116b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587957, "uuid": "8e7241eb-db2c-4f8e-9d64-d028a39d382a", "value": "T1B0252361BAE8C132D8E923B04CF546D31B32BCB36EB517172381AE194C71798A53A777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587957, "uuid": "388f1703-9143-4261-aea1-4eee200ed458", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587957, "uuid": "dab5e7a1-8cfb-49f4-93fb-5bb96724bd56", "value": "24576:7yGtOyuMBfUjuPTiITtKfSHbjA8KPL4bBMvWkjGzIKeczp:uGMuUjubiIsS70pD4Nfkadb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679587957, "uuid": "37f29486-a682-4cc1-9cc6-35be74194f84", "value": 1029120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679587957, "uuid": "dc966c6c-b253-408d-9ced-49742494a455", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587957, "uuid": "57be16e6-9739-4ddd-9573-a34a74b84939", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb6604c6-c9b8-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679603184, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603184, "uuid": "7ea77322-d3af-4244-91da-9de33f0ba50c", "comment": "Malware payload", "value": "8ec772a1c6a1a4dfb337cdcfb361d611", "object_relation": "md5", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603184, "uuid": "47398c38-2d43-4a05-9ad5-3952e06d753f", "comment": "Malware payload", "value": "4a2f657ea1c8c19d5297b0f5bd807e552ac07dee4e0fe871911dd54fb212874a", "object_relation": "sha256", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603184, "uuid": "651405d5-a610-4f24-8791-9a177bb8eb07", "comment": "Malware payload", "value": "eff61f6ff7203090ccaf44c2647f0e9f333c08c4", "object_relation": "sha1", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603184, "uuid": "01e89053-f756-4d36-b21f-e0f2099c3985", "comment": "Malware payload", "value": "ded5d8c98c641b287cf460b1d6d3e93addb2096f6b9159d349f1252878600f96c73a91eaede02870e6d9fb934d0c0861", "object_relation": "sha3-384", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603184, "uuid": "3ee18eaa-842a-49fa-8d78-5ab4e9e727af", "value": "T1C6F43335D0D3133AD366CD0AA3AF5BA13FBF45BA815D3798359699100DF022839B61F5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603184, "uuid": "d3843545-4fb6-4923-8f8b-6a6431cba77f", "value": "12288:yH2mdVCEqXND6fLgP5FWge+MzTGx7qk9oGDUzIEjEw+oQ8NfbS2FwQyCwxjLiH9G:HmdVnqXR4Ui++GkkWrtjWoQSfhtyFLig", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679603184, "uuid": "ccbf3143-4a92-487b-86e8-eb82886ab9bc", "value": 742264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679603184, "uuid": "107c3125-870c-4ad8-be5e-f34e8a7b0fb9", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603184, "uuid": "6b1aab52-2d11-49c1-9de4-151e4f533f62", "value": "customer's Scan-Copy.ace", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c697e22a-c999-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679589781, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589781, "uuid": "3d948236-4a2c-47f0-9de4-9dad2cc8024b", "comment": "Malware payload (Mirai)", "value": "7ac6f4a85880ac1d069512e199573893", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589781, "uuid": "5af03723-fbda-45b4-b87e-fa0bb7478462", "comment": "Malware payload (Mirai)", "value": "4a5f14939f3fb49453b2df8c421272cbc6f045091b362c7b392509c5baf9ab53", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589781, "uuid": "54fd59d6-e84f-4d95-b554-af4bd6f8b2fe", "comment": "Malware payload (Mirai)", "value": "ecb2643099303dd7033f3b3711a6f87e58de24f2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589781, "uuid": "837bb4ca-9dd4-4d90-aad1-d1d9daa92cb3", "comment": "Malware payload (Mirai)", "value": "925ea149a353ea3e54c497ee9d0d3d4a5b66835dcd3b71533ba3a35b1bc186692560a5563f6daa06afd2d2596760ac0d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589781, "uuid": "b5bc9b43-4fe8-4c54-b930-b788054b9544", "value": "T18B43A6C29AE27D79D2C2EBF0E9A2D07417E78900A7430E77E1D98A51846FECC345A35D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589781, "uuid": "b1f79e24-425c-47d0-acdd-5998da9054eb", "value": "768:JS742ZopdOTPFJAjYMern+YfeufpfvWP41QCXBn:EE2CpdY5rn+YfXpv+M1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679589781, "uuid": "a5788138-7b0c-4211-9580-7e848bd9d1b7", "value": 56727, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679589781, "uuid": "bc001f19-5b4b-42e6-b596-ea2caa0d125f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589781, "uuid": "760fffaf-7ae3-411c-a140-c08f3cf5777c", "value": "7ac6f4a85880ac1d069512e199573893", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b09d4823-c974-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679573853, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573853, "uuid": "6fa50465-a05c-4946-a436-ceded62d5fb3", "comment": "Malware payload (Gozi)", "value": "5db097161a059f2e4763d606b2fa25f6", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573853, "uuid": "49eaab7d-9b35-450e-bc0a-061b1f41d522", "comment": "Malware payload (Gozi)", "value": "4a658f49bc680e3f8d07042aecde68a357f65e1c72ed7793f91c8fcd39dec53c", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573853, "uuid": "84aa780b-7eaf-4c83-9080-f00536da1af8", "comment": "Malware payload (Gozi)", "value": "cd3ae5ae40834064c0e36f663f0a302d78fe09fa", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573853, "uuid": "65d063c2-fce4-4068-8596-7ebf0ac28c04", "comment": "Malware payload (Gozi)", "value": "515658c750f7538ea5cd97cb33534fe2e689e9f1125be70dacdd1b0271d46ba4b4409b7e42a670d4b264a1ec7c5312b4", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679573853, "uuid": "8344e9e3-a57e-43ae-b485-920b72683d95", "value": "T1FBE2C0DBEB5BB5C8DD1C3D92208747D019082C57E424ECF8941B1685FF8B66EB3464BA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679573853, "uuid": "1889156d-d34b-4075-87c6-613485eef1bb", "value": "768:9puzvtUSU5Z+RHlFirGTT07vpbsssz1HD:9iUSUUFirJ7+j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679573853, "uuid": "58789fd0-d683-493c-b077-165d5152d1f0", "value": 31208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679573853, "uuid": "c11255f2-06b8-4940-b104-4c664f2bb98e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679573853, "uuid": "c7da5484-1c0d-49f2-95aa-9de7be4b0c0d", "value": "documento.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73f5ee53-c985-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679581053, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581053, "uuid": "7c9b5b6d-bb85-48b2-9adf-44d0deecadf9", "comment": "Malware payload (Gozi)", "value": "467e98745c4927c7474f52ee4568bc09", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581053, "uuid": "535c9fb7-618b-4258-9418-a293e48a851b", "comment": "Malware payload (Gozi)", "value": "4a8cbdf05fa87e002fd7d90b570d3ecd1ae91183059d4c7959677b5cdb9fe804", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581053, "uuid": "dfe3101e-8ed9-40e7-98b4-cd8d7b0fd3eb", "comment": "Malware payload (Gozi)", "value": "6a3ac845a8f158e4ed4b68ccc0f837548dfdb02e", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581053, "uuid": "27f0ad09-deed-4bd5-8faa-407a95221429", "comment": "Malware payload (Gozi)", "value": "1ea2f137b4005e8a3ff1045b779602712a56b62ba27f9626ae613c2e53e5079687d2fc74e730e08acf7859d8eb49f79b", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581053, "uuid": "84bc49c6-89a0-4e00-86e2-f7ae17d5c786", "value": "T1C1C2BFB50221660F117F2E1E104C6E4EE56928D25FA4BCB052FBF3E1E54632E6712C37", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581053, "uuid": "5143a1d7-7218-4725-aa15-8b14ddd0486b", "value": "768:M282Y2w2w2w28TVH2h2lyGHATE3AoZWEdecC5pLlIKvQ:kJHwIHAbIecalO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679581053, "uuid": "f9ebc1f6-4fd9-4512-9f96-c9463b4e25b1", "value": 26269, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679581053, "uuid": "456239bb-e086-4e27-ba18-c122b9e01d84", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581053, "uuid": "e18ef817-5e21-491c-95a3-4d036e2e2db6", "value": "documento4.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "387cda78-c955-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679560337, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679560337, "uuid": "18e50f92-e5b8-4a3b-b6d5-2f34ea0db24d", "comment": "Malware payload", "value": "f1171757917bda367914537dec2e5ef2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679560337, "uuid": "4db9ac29-9f81-41f2-bb94-9019ddab7741", "comment": "Malware payload", "value": "4b4c5bb719c694d00ae228c4ed3a86d97b848ef231f80aff9a5a3facdf579643", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679560337, "uuid": "f72a1078-b505-4784-9d44-1fdfb94aa43e", "comment": "Malware payload", "value": "ad5541aa6cab114b16a0c2a672f5907f427fc4a5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679560337, "uuid": "2b9f940b-7985-41e0-a7a5-0808d4b725d9", "comment": "Malware payload", "value": "34a1e49207cd030f45bbfd618692e2f749108a65867f5557b7b28a69abb112311b4d87377cec6cfee8ba45074693a74a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679560337, "uuid": "8d3ee12b-39fa-4bef-88a7-893a35fdf6d4", "value": "T11DC20706E39C1A62D1CF47FD6923D10B0AB0C1861477876A849D62E73F71FA45EA37A3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679560337, "uuid": "a0f8282c-fb2a-45dc-b8c6-141c07650ef4", "value": "768:U34fTQjUSCsjyDg7ZSqix9+WCsW+yEKn4ij0lXBcGNb:Uo0FCayDgSBv1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679560337, "uuid": "a60f27ce-5be7-4560-95c6-340989c3dd29", "value": 27648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679560337, "uuid": "09896eae-a608-411d-87a9-bb9f6cf8165d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679560337, "uuid": "9dadffa1-da3d-4dfc-9d91-841a45dc1d1d", "value": "SecuriteInfo.com.Variant.MSILHeracles.52322.6803.9652", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "870edbef-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload (GuLoader)", "timestamp": 1679564334, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564334, "uuid": "cc57f2d1-134e-4259-9765-73af2f67f7e1", "comment": "Malware payload (GuLoader)", "value": "d7a1ba40cef151a55fe25e469c2b8db1", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564334, "uuid": "d005330d-8236-4bf0-9861-433fdbcc7d8f", "comment": "Malware payload (GuLoader)", "value": "4b57d3356f6e737fc9ee61764cd17e7f51dd426d1d487f2b9b19748e40657956", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564334, "uuid": "6c02c392-261f-4cb0-a589-a6818f75a479", "comment": "Malware payload (GuLoader)", "value": "f22b5271e7024b59a7c7f50e8f20b6080819616b", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564334, "uuid": "88a253b5-f7b5-4a45-a213-35e4112f788d", "comment": "Malware payload (GuLoader)", "value": "8b5e73c19ead5c054149d13d2a1dc54330d01719f7486b0f16770358ae44cf2e45d87d70e24377198553e8812b1212a2", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564334, "uuid": "d0966ff5-3b2f-4761-87a8-09dc6c8c83a1", "value": "T12E44231AA134D7E1CC3B27CDF8C0FA853D54C7C81C60A63CD9B5677A9A1B694A91C2B3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564334, "uuid": "3f088872-b5ec-42e8-b978-f8f532e35133", "value": "6144:+7Z2QUHo2LvPIM1xeOBKiXfWLx4QK527wVKkRI48vu4P+5Fl6B2:+94Ho2LvPIM2OBKiuqpIEBIl25FW2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564334, "uuid": "db4ff377-9f0f-419a-9985-b2887b7ef459", "value": 265120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564334, "uuid": "fe4ac869-8d85-487e-bd64-dfca6ebc3d83", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564334, "uuid": "b18e341c-817f-49ba-8a14-172b42f4ca65", "value": "Justificante de transferencia.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bdf4831e-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload (AZORult)", "timestamp": 1679583324, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583324, "uuid": "b3603175-7ae8-4eed-8fcb-a2b430faa713", "comment": "Malware payload (AZORult)", "value": "ce84573aa1706cc43cc2fea8a1c98447", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583324, "uuid": "ca3805e4-669c-4acc-8600-6502f1d03f81", "comment": "Malware payload (AZORult)", "value": "4be5fa9ac61777638bf7550de77fffee6aa150b0e5c55612753f5fe3d931d885", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583324, "uuid": "985c3e69-25fa-43e8-afff-83540a4eaad4", "comment": "Malware payload (AZORult)", "value": "71af640bba2e156311b277f62faa49af184a864b", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583324, "uuid": "a7ec39c8-8a3b-442f-99e3-8ff37fe89419", "comment": "Malware payload (AZORult)", "value": "558f5ce73880e363556997cf310835939c0a21efcb809f1fa45c132af971750fb38416517593e6fbc2222ec2c31e3815", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583324, "uuid": "1b091032-b3c8-45c7-b787-f14dec513e58", "value": "T110F3E0121BA9C3D2D4660D311C77AB11623BEC7A69FAB70B12CDB02EDF73B81584174A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583324, "uuid": "ec0e9247-5f5c-4820-bd6f-b61768f382dd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583324, "uuid": "75f16f1d-82e6-4bb8-acef-4ffc87bed0a5", "value": "3072:Gc+LTYERpkurjMNT8dG8LiykZrFMM/j0dRDaUmwb:kLTYm3XsGG8uykxjsDaUmw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583324, "uuid": "d678dc2c-340f-4df9-a2fc-7d37127bdc31", "value": 161792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583324, "uuid": "712da76d-7dc8-4d6d-af50-b88402bf6acc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583324, "uuid": "405fc82c-5b3c-4d7a-89b1-76f9ebca1867", "value": "PURCHASE ORDER.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d675ea3-c979-11ed-88f6-42010a9c006e", "comment": "Malware payload (GuLoader)", "timestamp": 1679575941, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575941, "uuid": "a4f3f6d5-f0ba-43ed-8060-d5bc09e7603e", "comment": "Malware payload (GuLoader)", "value": "8d2e9406accfc4e70e8717acd1acac0f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575941, "uuid": "b4c332fe-9f40-483c-a9c9-6ee4399db9ce", "comment": "Malware payload (GuLoader)", "value": "4bf75ced5431972bf4d34227e7fbf107f16ca9879bee1d0b225321ee100e3a11", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575941, "uuid": "5c6a2b7a-473a-4cb0-a16b-dbba9c0df4d5", "comment": "Malware payload (GuLoader)", "value": "879ee79717775fc82af2f34875be6d3953454221", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575941, "uuid": "a2f91bb7-72be-4ebd-993c-44df19ce3616", "comment": "Malware payload (GuLoader)", "value": "c9ae2f0e31ac7b034148493371151f8737383070a3c5ccb189293119a8a9ce39bc5ec0a54028a7b8d212b353bdbf4ab9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575941, "uuid": "accfbec7-da70-4685-8484-3a3b45ba8a8e", "value": "T11E5412563543A8E7CE7A45B72C38271596AB3F678125978FF786B3293432A53004EF0B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575941, "uuid": "2c558aee-ab5b-4ac5-9f0c-1016bcc84ab6", "value": "7c2c71dfce9a27650634dc8b1ca03bf0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575941, "uuid": "6ff78a67-376f-4670-8f9d-27520bc485fe", "value": "6144:kQLFhHAzxhDJh/xAm2g2bh5jMko872Ed+7RKlOLRkpT4c0hM9egWlgy:xFWVhDT/R21172wDC6p8298gy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679575941, "uuid": "16b42c8b-7a65-411c-8856-91fc65b266a4", "value": 304818, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679575941, "uuid": "da69b8bf-1905-4d41-a38e-ef2c64f16658", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575941, "uuid": "cb45577f-55c3-4d40-8582-e10ce363be2f", "value": "QUOTATIO.EXE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "782df232-c976-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679574617, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574617, "uuid": "b4c316f3-fe14-42b0-abc2-8ff4a4e12ad0", "comment": "Malware payload (Gozi)", "value": "723b6ebc17158d6acf30d46b0d9a7c4a", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574617, "uuid": "1206869b-87d0-424e-b6fb-42878873faca", "comment": "Malware payload (Gozi)", "value": "4c2f079c64a99c0574536d91f003ae1e24ad2f8f279c56d0581aa995944b0e91", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574617, "uuid": "d33a8ca3-bc68-48b9-a9e5-d13908958778", "comment": "Malware payload (Gozi)", "value": "c313f8a2f6915af4aff52ff855fe0ce0d4f0157e", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574617, "uuid": "158878ca-324c-4db0-bdd5-5ce8301e9881", "comment": "Malware payload (Gozi)", "value": "e0f1953752a073e1ff0019486eab854b963327f61c9f6323f290fbc7631e9ee0f69089ddaa4f36485300d73d79151109", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574617, "uuid": "095a6bb8-19b8-49fd-a7a5-0050a83aac13", "value": "T1EDD2BF4296748D1931FE95CC675FAF6C094499383C08DEEAAA7BF6C309A442E21A1C5D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574617, "uuid": "bbb09db2-bb13-4b2f-be4d-119759a69016", "value": "768:z6n9U6n9I6n9ELXnqGMANFA/2dBFawY3eLHW6UJf:o9p9N9ELHMAN62za73eLHW6UJf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679574617, "uuid": "a96b66fc-054e-411b-bae1-cab7370e220c", "value": 29799, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679574617, "uuid": "5a59f8a4-d42a-400b-908d-89ce465dea5a", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574617, "uuid": "eb0ab060-29cd-4574-a06f-462b9a2600f4", "value": "documento.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "881fbd21-c99e-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679591824, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679591824, "uuid": "62046f57-f883-4382-85a2-b5733d07dd6c", "comment": "Malware payload (AgentTesla)", "value": "1207e0b55db1b38405c49fc57209fc38", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679591824, "uuid": "1ff8802c-8349-469d-bd5a-106d14d29cba", "comment": "Malware payload (AgentTesla)", "value": "4c4afc338f36282d6254874f9c2dd987ef0df5649807e02c291cee5fec4d35c5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679591824, "uuid": "bbbd9a2a-5742-4397-9b18-1b1d0232e279", "comment": "Malware payload (AgentTesla)", "value": "e4952abc3a0f0ba0476d6fd06f163c3fb66f9665", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679591824, "uuid": "6d2ea963-38b7-46f4-a241-58a6bfe7065a", "comment": "Malware payload (AgentTesla)", "value": "bd62bcda5fcfc054fc512b824597e9117b1488eba9806073b5448d57052f0fbd08734f65c4323d4d439a33c75a5867e5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679591824, "uuid": "5660b12a-0db5-4538-a0f9-bb09b5a28ff2", "value": "T12C256C40EFAA1460F11144B9216B7D5FCD51A88E98EDFB6E090FEF71F5E221D1D82E22", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679591824, "uuid": "13b790ac-3202-4419-83c5-234ae999216a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679591824, "uuid": "278c6c51-46dc-4607-8fd5-201e6745e41f", "value": "12288:JQWPmokGU3R3TZHhddLjCLZORtBrxEcPIBoWWJRY4m5BTRayRUNDQrYixiKDnqpX:JQWu1ZBffuu5LJRYzTRamGk11DqwG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679591824, "uuid": "48e0ae8b-0e91-48dd-b07b-74a2a27a8acd", "value": 1016320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679591824, "uuid": "355c604c-1d85-4a45-807f-175733228790", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679591824, "uuid": "faef88b5-ec86-4f71-ae49-92302dd199cc", "value": "krkd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68124345-c9ba-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679603796, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603796, "uuid": "ae02800c-3d86-4166-a5af-f9bddbf01f8e", "comment": "Malware payload (Mirai)", "value": "b31d17a8202314dd08a2bb3765d58286", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603796, "uuid": "938290b6-40cf-46a9-80d1-0390c3bad83b", "comment": "Malware payload (Mirai)", "value": "4d2e99b8773275515e777aa107b54d3e76b36460b44645f6249f86e474d80b7f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603796, "uuid": "3d314fce-a197-442c-b18a-647c52fce630", "comment": "Malware payload (Mirai)", "value": "56bfb5070a36d79f03078b5d93d1b7f521b045a3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603796, "uuid": "27936ee6-9f73-4f83-a9ae-8385f1cc77a5", "comment": "Malware payload (Mirai)", "value": "d2d0a3df406572c6f677b6661f0611d5093fc366e0a39bc77fbb76793bc0db3006b3611e32b6eae8ad48661dc278af74", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603796, "uuid": "ccb4c709-6797-4e92-babd-6116da382fe9", "value": "T176F2F1E9E5F42806DABC5EBDA1CC21E02F0772D1B11F0B9D03225D549A7A52F30BC166", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603796, "uuid": "a049cc87-d7f7-4b4d-bc1d-2ce1330654e7", "value": "768:BQUJiFBSveZxk9Hf/6h8ge+ZMc0MAjTru8CIlriHqrnbzpWi8:liF8vgxc/r+ZMc0M6T+IZiKnbzJ8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679603796, "uuid": "9dfb447f-147c-4f82-b75e-f74d68a77a40", "value": 34704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679603796, "uuid": "7d85a11d-b598-4ea2-bc11-8a9f54c06d9e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603796, "uuid": "0d150582-b7a7-44b9-8c32-419823c9eb15", "value": "b31d17a8202314dd08a2bb3765d58286", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87d0f924-c979-11ed-88f6-42010a9c006e", "comment": "Malware payload (GuLoader)", "timestamp": 1679575932, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575932, "uuid": "95a02c39-dbda-42f3-80a3-d4ade048bde7", "comment": "Malware payload (GuLoader)", "value": "67af8edb947d5ab076070d3f29b2b214", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575932, "uuid": "c523a456-6489-4cf5-9fc8-ba09ad9697cc", "comment": "Malware payload (GuLoader)", "value": "4dffa0a1637bea5da5c1b417cc54ae5558ebdcdd6f897e0d22c4568d32c545ca", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575932, "uuid": "65359463-359d-45b6-a55d-08b4444ac30b", "comment": "Malware payload (GuLoader)", "value": "f99a28fdf4e1ac4d31492b182dc568f2ca38b0ca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575932, "uuid": "6b690b32-24a9-4a28-b87a-b730d9acc81c", "comment": "Malware payload (GuLoader)", "value": "eca05dfe92d5308e00c5291cc4812330830dcda42c2cbff9499578d038f58668ea238288eb3d51003e37288985f27b40", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575932, "uuid": "f13c3057-b121-4d32-a3cf-316207a0f179", "value": "T16A64123E5683D4E3C76B84B565AA4302AB5B4F4B4094A6AFF3D63E8534378D3052E783", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575932, "uuid": "fcb5a907-7e8e-4e72-9b73-814056fa8e32", "value": "7c2c71dfce9a27650634dc8b1ca03bf0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575932, "uuid": "0ef87858-7287-4d8c-b73a-d936a7016026", "value": "6144:kQLFhHAzxhVOGoYKIgmSiL3COCotUZ/lsjGBZ3+GmhH2Zfuvkj0:xFWVhVloJ0RTK5acOGsvN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679575932, "uuid": "dc11c4fe-1182-4018-b52e-0e84636ceabc", "value": 308056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679575932, "uuid": "c23f9fa5-f7ad-4b94-a077-698e3117dfa5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575932, "uuid": "6f0ef82e-31ac-494e-910e-6241d7155601", "value": "TRANSPOR.EXE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca2ff4c4-c990-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679585922, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585922, "uuid": "9921618b-10ac-4c34-bbd1-db1d02f2a4a2", "comment": "Malware payload (Heodo)", "value": "6442220cd9c95ad70966e922e4a57789", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585922, "uuid": "95788bee-31f3-46e2-924e-801560cf85b9", "comment": "Malware payload (Heodo)", "value": "4e947b80c994a925917433853efd26f8a2eb6fed085c2fbb04ab40c142499382", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585922, "uuid": "9e797612-a7d5-4614-98b2-670241711a7f", "comment": "Malware payload (Heodo)", "value": "e884a4e3c0bb11fa20f384cca770bf93a572e348", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585922, "uuid": "5866c368-681a-4887-a2f2-306681198186", "comment": "Malware payload (Heodo)", "value": "7b29413773ef4cad5c6b7f1e84f79e584ef4309f98e825159529ed7a97c2cd8675061bbd7a9e01f8a06a74fce7184dd4", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585922, "uuid": "e076e88d-4cb2-4696-8fc7-ed740466349b", "value": "T1AA44F9CA6B97548CC060A3FE300476E6433947E3E970ED34E4959C2E8D66F8E61F4A9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585922, "uuid": "71be7360-04c2-4d05-ad27-e5d382bd57e8", "value": "3072:kNjcvQx377FjDDRX4UzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWa2:kmvQp1DRXKXm5ZGa3vRXm5ZGa3vuVZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679585922, "uuid": "cb386ef3-a1ea-4d38-b517-bd7250434f61", "value": 268308, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679585922, "uuid": "47fa8088-f081-4f4b-82a6-0dae1532a39b", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585922, "uuid": "7923983f-93ee-40fa-a98a-843416111def", "value": "Form.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e8d2972-c917-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679533826, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533826, "uuid": "e40e0c15-9be5-49ed-a3ee-07d94c8506b9", "comment": "Malware payload (Smoke Loader)", "value": "1c3c6ca7b6b37a827b2383ca153fdab9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533826, "uuid": "3ce9c2a3-753a-4b0b-9090-bf4c54a1f9d7", "comment": "Malware payload (Smoke Loader)", "value": "4f3d7492bf2064e0d93253614d4b71e7b3a40fda85bc7433b65e5943c07af51b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533826, "uuid": "df3c08f3-90af-43a3-bbc5-030f95974b5f", "comment": "Malware payload (Smoke Loader)", "value": "ef8c338827509f9c8e3e48f4c1a89a1498b60317", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533826, "uuid": "49dd54d6-9b2c-4cef-b541-2e5591e6e076", "comment": "Malware payload (Smoke Loader)", "value": "a7f64161eadb1cfcef7c70bf18be84ef7446917ffbb1012dd4404d7795eca299630c9f6e8641327781bdc0e938e7c16e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533826, "uuid": "1ef450e5-2a01-4945-855f-07e3355febf4", "value": "T105845C0293E37820EF1247728F1EC6F82A2EBC619D5B7BAE164DE92F0D741B1D562711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533826, "uuid": "71e4f467-7a9f-409f-8e48-7cec446d9be3", "value": "05d87b5aa905cc75972feaf183240d59", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533826, "uuid": "0455ea7b-4c34-4094-ab3d-f92ffbbfab1e", "value": "6144:wutsha8GuBVpjVSTNLJOvrjAjS9Q/qAZ:FAa8/VpjETNLJF/qw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679533826, "uuid": "7b144136-ca2f-4d70-8adf-0b17ec5b0876", "value": 373760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679533826, "uuid": "03701f18-8462-4d57-b750-d2028dc5cb21", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533826, "uuid": "37e336ec-1fb3-49e1-afdb-478ffc769de2", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eeeb4b97-c918-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679534444, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534444, "uuid": "bc7b9d52-80b3-4c05-9aa1-cef014f9389b", "comment": "Malware payload (Smoke Loader)", "value": "1317d94f8128c203c467c24e78c9cae0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534444, "uuid": "a2735bb7-f14b-4bc2-ac20-281a879680e2", "comment": "Malware payload (Smoke Loader)", "value": "4f45c248f85309015b06c13c239f67c795fdadaaccf7869a4a088d6912c85c83", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534444, "uuid": "4e81215a-7cce-4069-9288-81b33a09a5be", "comment": "Malware payload (Smoke Loader)", "value": "ccf709990df418998579eb3a50092416e0f1b80c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534444, "uuid": "6d97eccc-6791-4955-ab0f-6cb3308bc40b", "comment": "Malware payload (Smoke Loader)", "value": "f803bc350d7947bd11787ecf497fac2589b84925cfb2dcb22b7d94d561d22c159e824d66c36a5640c21c6af2ae690d70", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534444, "uuid": "d31761b1-3270-426d-b514-45902486e364", "value": "T1AC745C0293D37C20EF1646728E1EC6F8261EFCA1DE1B7BAA234DFA2F09741A1D552715", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534444, "uuid": "cf758bc8-2267-4abf-b3ed-3c16ad09b5f3", "value": "cd10f4930e443428517f91868d83e9a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534444, "uuid": "bac64bbf-866d-4929-bf22-3b2be54c5a45", "value": "3072:OgrEaPOFiOAJtLnDYybyW7tfh+fukwIUOhFjIOwjwIuJJ:EW2yeGhifCn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679534444, "uuid": "6cf9831a-14a6-4725-938b-db9143147d0c", "value": 368128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679534444, "uuid": "f88826bc-4c60-4c7d-98c2-f7e85fca4f30", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534444, "uuid": "f04108e6-f79f-4208-b975-b66a02bc2e9c", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "218adba4-c97b-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679576619, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576619, "uuid": "5931feaf-93af-459d-8f6e-40b1cd29c264", "comment": "Malware payload", "value": "12a45205a6da702e56b6a07cbe162445", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576619, "uuid": "3f6bf56d-33fc-438b-a71e-bae022fd89bb", "comment": "Malware payload", "value": "4ffc2dd951674e0de58fd53188ec480ca5a2a2c4770e14d83b8ab3dc31028b65", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576619, "uuid": "9f7514c6-7532-411e-9a53-70a521194ce9", "comment": "Malware payload", "value": "44615ab26cd619cdbfaee7705b8830f334e0926b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576619, "uuid": "1f0182da-e24a-4c5a-b299-0e3782463248", "comment": "Malware payload", "value": "401cca997563ce4609ad5819a8f478a8a094871fcfd6b384cbd32610623011c7b49fc6cd3068607b98ff692fcb30f598", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576619, "uuid": "4bf481e1-ef68-4a97-b11d-dfcd9023dc1b", "value": "T1C4F68C92B69019A6FD77F17980574212E7B0FC26172093CB305CB2A92F377D21EBA749", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576619, "uuid": "bf5918bd-cb32-44ce-817d-df1118eaa540", "value": "1451d0da3602cfabee47afa17fb44252", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576619, "uuid": "1e02dab8-0ecd-43ff-8b9e-4cf517a2564a", "value": "393216:InI9kFhVMcq9yG1CPwDv3uFhwwzUrU2lvzaUY/CNTqP:4I9k9zSM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576619, "uuid": "48901eea-3b1b-4c0a-9d53-505f57e4082e", "value": 16011376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576619, "uuid": "0b2dbd90-87cb-45b8-8d93-02b5f517bd05", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576619, "uuid": "78051a13-df5b-467a-9404-8111aadb2188", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5200ebaf-c91a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679535040, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535040, "uuid": "f58bb66a-6fd5-4b27-b8c5-cbd8ea4d7bdb", "comment": "Malware payload (Smoke Loader)", "value": "3bca0e69bb58879143b706e6930a899f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535040, "uuid": "ba975204-83b2-4591-b6e6-9064c4685427", "comment": "Malware payload (Smoke Loader)", "value": "501cd175bc99bdb83a36385dddd3311a795216d8644671ec9c08f9165f099dee", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535040, "uuid": "c92c7fd3-99ad-4bd5-a949-fce351785f67", "comment": "Malware payload (Smoke Loader)", "value": "f05ffe9f2405bfdc71fe44a2bdc9ead90990048e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535040, "uuid": "2433f435-02f1-4206-91ef-1a5be8d16dba", "comment": "Malware payload (Smoke Loader)", "value": "33c335b563c9531c69d094a44434a23a0af24189bf7192d293a63cb93cf3a209510283eff0be982f3cbaa6eb5e29d4f0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535040, "uuid": "c32873a5-6f8d-4ec1-a571-8f26c807ce0a", "value": "T109745CC253E06C60E5124632BE1FCBF82B1EFC619E597B6E1359AE3F09701A3D162719", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535040, "uuid": "5fd4af6c-19a4-4cb1-a03d-d8c6d3d6499c", "value": "c3df3d0d993bdeac73a0f5fd62093e4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535040, "uuid": "4783167f-a5b2-4e73-bd77-0f624a73c45f", "value": "3072:2AjrlS0bY/04BjuajiKAOAAzlJgdIo2C0BXDMEFTCFyWTCgwn0JV:oV0am9GUdUC6MEoFyWTC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679535040, "uuid": "a70c9eb4-c4ed-4f4b-b64f-1d461059f588", "value": 368640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679535040, "uuid": "2821c4ae-5011-42c1-bd5a-7af19b995444", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535040, "uuid": "e48ca566-ff07-4368-b240-a4f0bc14968d", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c3f10c3-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679583026, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583026, "uuid": "bca27f76-0e84-4207-b630-023f8c164c9b", "comment": "Malware payload", "value": "7cdc9ed168ac5eb1adb254af0fccc4db", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583026, "uuid": "69207603-5441-4c16-b6e4-a14097d5de85", "comment": "Malware payload", "value": "503bf8961936fefb5778a07dcc8ca7deab5949d9934a8ee8e610bed1df81a7ba", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583026, "uuid": "6e9fa548-7515-4277-a050-aeac439a479e", "comment": "Malware payload", "value": "64e1bc93c7fec9e8d9b3d76432b2abc978cc2774", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583026, "uuid": "3b918a5b-381f-41cc-b7a0-c5e43eca2ac2", "comment": "Malware payload", "value": "3cc97d28d6bf52136ebdc5b3af37f8662f9dc04b180f4ed40a52c108098c9e5a8d60e7b1578f89e937020af87ab4695a", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583026, "uuid": "7afe0729-8c97-4464-8fb1-70084b854397", "value": "T14AA3F1263684E917E18991F60DE9E2D75526FDA1FFCD538FB2463B8F183E5A02106E02", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583026, "uuid": "6de7945e-5db4-4231-a0d5-c9876a718ac3", "value": "1536:d+tlI+dp6EXc2oHR/OOBCGDIcaOZAakE1KsuqWSDdpLS16rx3tSS8jL/:d+tldQGc2oHRHBNDIzOZYE9uh6tVYS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583026, "uuid": "874a9484-5573-47d2-bf23-dbcadf5822b5", "value": 105984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583026, "uuid": "ca362185-c5b5-43eb-b06f-06932b48922a", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583026, "uuid": "27e7f419-4768-49dd-b42b-39f500f5ff35", "value": "SWIFT.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "620e5edd-c9ba-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679603786, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603786, "uuid": "d644d221-e0af-4b99-a916-cffb00013e24", "comment": "Malware payload (Mirai)", "value": "8b8b8007cbee4dd640f63b4326cc5b71", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603786, "uuid": "0d281cb5-6e4d-4f23-b639-b16ba836c9d8", "comment": "Malware payload (Mirai)", "value": "513de6933a649c6e86f3c27c1f481bc498ebea402c65f14ae50d483ec679bb52", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603786, "uuid": "886db90c-5f52-4cf7-ba60-3509470b2298", "comment": "Malware payload (Mirai)", "value": "966df370848feb6d1f552981fef2ea826d95a6c0", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603786, "uuid": "a9ac4e3d-939b-4f2f-8ae4-8863f0f02eb4", "comment": "Malware payload (Mirai)", "value": "5699328116770bf5dce8ce44154482edec75bd879ceca8f2405fc9c4178cd7fa6e269fa1fec42c0980de0bc32409e77f", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603786, "uuid": "866a5607-61d4-4bc8-933a-916206baf737", "value": "T125438C77EC256E58C485817070288F796B23E5C482875EFB22B6C6799483EDCF605BF8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603786, "uuid": "69014738-2cb3-4540-b13f-2e3ecb8e6e1f", "value": "768:KayjufU3HSH/nlKFCY4AKgzcsaKoW76vCjC2Z6RVfKlhRwgJK/INp:Kaquf2k/stKgzcvtWNjC27logW8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679603786, "uuid": "64ec95fe-0cdc-4530-8989-734a9a120f27", "value": 55960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679603786, "uuid": "3f606577-f6a8-4c12-be6e-ddb2694266a6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603786, "uuid": "763e518b-4d7d-43c8-a297-7b60e873c29f", "value": "nigga.sh4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f24fcb31-c942-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679552488, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552488, "uuid": "292a23ae-aa16-4d9a-b7e8-d4944d4fe71c", "comment": "Malware payload", "value": "1464e8aa43f839eab50f955165453903", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552488, "uuid": "acec2428-5c25-4cc4-9a35-de98b01195cb", "comment": "Malware payload", "value": "516ec6c7328406f87710736d3ea1cb22cf5024924727bb3486e347e66a46ed5d", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552488, "uuid": "0df66549-2484-4a54-a77a-11e1d07ab654", "comment": "Malware payload", "value": "d831cdab2fb7b504bed3785014e30728b1084387", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552488, "uuid": "d98bdc18-9a6d-4792-a509-9671f66e997b", "comment": "Malware payload", "value": "0794c748ae12378549bbba9cc759e23a37c7cbcf56cf54a2e4a92af6e7a53c4157ebea35c258828d51b7ab4781256094", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552488, "uuid": "c60031b0-14c0-4213-a58a-39fae898026b", "value": "T118A3F1563623C246D20691F64FE8E1CB1F24BD16AF93CF473685734F29788E09423AAD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552488, "uuid": "df746f8f-8ef3-41a5-9a0f-ae166eaad0e4", "value": "1536:HDX+fC9M1y2ywmv16Jodh1X3u16nMIOvPJJ/dZTPUuoklDtNhscQjczBMflDgzU:HDX+fWM0T7vgJo/141hLOelDtf7Q4zB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679552488, "uuid": "0627a455-b61e-4d2b-85b3-45d39d773c31", "value": 99328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679552488, "uuid": "f61ec5c8-3f65-498d-8706-675023e74074", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552488, "uuid": "df6b5e32-56ce-42eb-8c10-d1c04b9a8186", "value": "SOA 20230216 - 53705151.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "335d3500-c977-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679574931, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574931, "uuid": "94cd3e6e-f12a-41a8-8a18-06c149cec38f", "comment": "Malware payload (Gozi)", "value": "e4eb34a511ba4c4cb3540b016d04719d", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574931, "uuid": "d6cee2fe-a7bb-475b-84db-05d711941fcc", "comment": "Malware payload (Gozi)", "value": "51afb2195e409f524c23923934d79ff7178ac1f0667a67c4a38df650b2668e41", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574931, "uuid": "2709f64c-ee5f-404c-ab48-d57dfc26aa2f", "comment": "Malware payload (Gozi)", "value": "306a8c5791d32f07e32e06d706e23eda3cc72f48", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574931, "uuid": "fa504397-7438-4648-9b1f-17a78b84cdab", "comment": "Malware payload (Gozi)", "value": "4018e3ebb06635e282ee2d871e5e26b5e0840cdae5e30cf679259d0607554daa82b2ba3c57057e8a0d7ad5e411710677", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574931, "uuid": "0d82a7cc-2c38-4169-a374-b8fd6eac4b4b", "value": "T114D15776825C1FFF687631AD582942B220B2957B7BBF1DE6B47004A8350CB5081B6EDB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574931, "uuid": "7910535c-8441-4765-a8c7-34cf9f463c30", "value": "192:M/fnUwLR8EzDM9a9gJ3txMUFKsIBnMfPLrFaLc:dY4/4Mn/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679574931, "uuid": "4fd02b5b-0877-4a3c-9630-d872f167584b", "value": 6733, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679574931, "uuid": "f624281c-9ab7-4529-aef3-2bcccc0d5a3b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574931, "uuid": "c06c916f-eef7-4ad3-874c-844062323e67", "value": "Fattura 3568 2023-300935.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "315f2ebc-c998-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679589101, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589101, "uuid": "0b73d6ef-b4af-4aa2-8b4f-c7d58b95d260", "comment": "Malware payload (Mirai)", "value": "498924eca1b36108f9090827ce6f1e33", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589101, "uuid": "e3a64b9e-dcff-4804-93ab-7f362650a96f", "comment": "Malware payload (Mirai)", "value": "5200cce7367e4c1f1bba91ea0a2caa99687ca4e450c7ab3b87dfdd8a810ded14", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589101, "uuid": "b7fd8974-fc88-467a-8b56-df380cf5a5ab", "comment": "Malware payload (Mirai)", "value": "29d55fffb85ce2be5e619077dd548da3da1f6543", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589101, "uuid": "2e796203-6d9a-4f02-929e-167b3188af0c", "comment": "Malware payload (Mirai)", "value": "5c8d414ff9bc73beaee58b7dab1f9ee5a16043e976dd33d9c3288a8107e218ca189b2acd5da41794d909bba2242ceb43", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589101, "uuid": "fb063322-0ae6-4f23-8f4f-1e4393c38881", "value": "T1C33395C2EA233D3AF6C5FBF1B6A5D6C417EFD54097960246E5CE9E50803EE81281879C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589101, "uuid": "cdb3d596-b061-4c5c-bdf5-2f5af4686dcc", "value": "768:GZ5RBNlnS/V2VUvX1hY4IqvRsJ0lwh4/by3LE9MZacBojYWi/:cTnS/V2Vo1h+qphle4TyHZngY7/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679589101, "uuid": "a6298c42-b256-4e99-aad3-67f60bd15ee6", "value": 53201, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679589101, "uuid": "88aa4ba9-b694-4533-a388-95445312d088", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589101, "uuid": "08262b69-dea8-49e1-9e73-e87d401b347f", "value": "498924eca1b36108f9090827ce6f1e33", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9dd73d7a-c935-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679546763, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679546763, "uuid": "1b4b1280-7a77-4436-98a9-13f188cdee85", "comment": "Malware payload (SnakeKeylogger)", "value": "b4dd38a4c9e24e8567fafdb787bb2935", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679546763, "uuid": "039711ab-de9d-4cdd-b7ec-46c5c874a68e", "comment": "Malware payload (SnakeKeylogger)", "value": "53048f6da9edf57141871657c336f845eb8c9b186d154d9e993b7572d7300857", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679546763, "uuid": "4c219fbe-d5c1-4cbf-9471-e58f798a9e36", "comment": "Malware payload (SnakeKeylogger)", "value": "ae7a4609b258c3bab77d159d76f552813dbbd8e6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679546763, "uuid": "c16c4622-4164-4b80-8d0b-db59efae83ab", "comment": "Malware payload (SnakeKeylogger)", "value": "f0e281ef556cd2c0e84513451284be3eb4ec789a57c3133c4fd3afb453c491c7dae789449e2dcc75ac6d265826521a56", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679546763, "uuid": "eb1ff5d6-f3c6-4525-a151-5c21b47b9ffe", "value": "T100455945138CAA16E1FE5A32D5F1275A8770FC60D7AEE30B349474EC9872B9A1D82F13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679546763, "uuid": "55313d6e-5e4d-4038-9d5f-f7d0796d1dda", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679546763, "uuid": "2768616f-0846-4e30-b57c-4ba88446307d", "value": "12288:YYJZ/jSu+Cpr6g2NvVKO0g8M6iM8UYLMb8/9otWsf99elWoZ2XQaAN99hVePwPCb:YYJdUCl6hNh0JTPX7tWs0LYGRmNsM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679546763, "uuid": "da9b01cf-5ef1-488e-8d2b-2eb55b80f254", "value": 1254912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679546763, "uuid": "352c69e6-3920-452d-937e-b19aa9a56c42", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679546763, "uuid": "edd016cd-e946-4aff-8ac3-a5129d56ce4f", "value": "b4dd38a4c9e24e8567fafdb787bb2935", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c10a064a-c989-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679582900, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582900, "uuid": "84f427d8-04c6-4c1d-a9ed-76ff9624455c", "comment": "Malware payload (SnakeKeylogger)", "value": "9ebeae2b3a6e13d00018948ae1f2080b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582900, "uuid": "26578670-e081-4988-a2c6-445af07b7e23", "comment": "Malware payload (SnakeKeylogger)", "value": "530d2fe4c0d4d3e34991cc1abb0cf12ff24f22d1cd3e49a23cf73cef6ab137b5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582900, "uuid": "02440c9b-83b2-45f3-8fef-3b4b7a25f990", "comment": "Malware payload (SnakeKeylogger)", "value": "e453e3148bab3856c3917d7e7b0249e95e8031d7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582900, "uuid": "45286966-3ad2-48d7-9788-8a00916adf54", "comment": "Malware payload (SnakeKeylogger)", "value": "6c17e4a08774a37d4eece092e21c75d6929d67d55b96026b13178d25c56fc1836c04baf8909159c8f792c496a971bf6b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582900, "uuid": "fb090757-0417-410f-b1f3-8279b2d64100", "value": "T195F4EF41FD7A4973F8DAD3B41060233E03A4BB625465D68A8EF968893CCBFA704D165F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582900, "uuid": "604caec6-8cdc-40fd-85df-10166dccaf4b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582900, "uuid": "5e5b15ac-c00c-4ae8-9a6d-1f9f73615ea8", "value": "24576:a8QQSUZGpSjd0StpL3E1CevlZAjv603O:jQQ1Zf4CeM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582900, "uuid": "8e1037df-3f22-4a43-85fe-bed9c22b51a9", "value": 793088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582900, "uuid": "54f0f11d-968d-4307-992d-50c9871fd42e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582900, "uuid": "28196f77-e289-4628-be80-c7b26bcf6d06", "value": "9ebeae2b3a6e13d00018948ae1f2080b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be1ee89f-c97d-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679577741, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577741, "uuid": "4cc486d0-f480-448f-9f60-31a857f29ea3", "comment": "Malware payload (AgentTesla)", "value": "f90d87222db82285ce87a988b372524a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577741, "uuid": "32c673f8-da39-4416-acfe-6f7db9a036e0", "comment": "Malware payload (AgentTesla)", "value": "53873190e732fcbe931729aadb3d4f878d74bd17dc64c282b4efa1f87d021b43", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577741, "uuid": "9bf0c56c-c64a-40bb-bc26-10e18943400c", "comment": "Malware payload (AgentTesla)", "value": "b4a571be12134d9ff6c91fc8fc46b8f53ba3d176", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577741, "uuid": "ec16505e-0b1b-45db-bee5-ffb5ab1395db", "comment": "Malware payload (AgentTesla)", "value": "695a742e76749999d436151afa7e72d083d76751d65797bf7f4b490210a6d70fc52c362452412ff2c973074e2cf916b6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577741, "uuid": "b6329ef4-7258-4556-93df-8518bd17922a", "value": "T1BF45492439FA501AB173EFA95BE878DADA6FB7733B07645D1090038A4723A81DDC153E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577741, "uuid": "af6a1706-67c3-4d5c-9e04-d19686360589", "value": "12288:00ZeZOUnaKuQdJFUbDLYqid+3eo9geDCknIfblyi7uDvOI8fpXVNLhc5LiJMUZCp:9KgoYi3ImgiSs/1cNQz9oG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577741, "uuid": "9d3d0b67-dfd1-4336-9afa-5ae4266eebf0", "value": 1189888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577741, "uuid": "cbc00c42-23b3-4f1d-bfb5-3adee9349ac7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577741, "uuid": "e141d740-0e98-47ba-b033-6aa05e8ef9de", "value": "p004575839574947.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cef6b9b2-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679583353, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583353, "uuid": "1410db24-737a-4008-ae57-1c53209b84b9", "comment": "Malware payload (Smoke Loader)", "value": "a575ee6f5285573a23b68f3c245b0a69", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583353, "uuid": "e6e789c7-5fac-4618-a5f7-01bda4d30b40", "comment": "Malware payload (Smoke Loader)", "value": "53c917dff75e6d8119759c3fdadf4a42cdfc29802eac12658c46cf684e2a361a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583353, "uuid": "043a07ff-d5a0-484c-ada4-979aedefbe89", "comment": "Malware payload (Smoke Loader)", "value": "080827ad97c35acb4258aa54afe27c4d4144b8e4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583353, "uuid": "aeb7afae-e125-4c66-a19c-5e9fd16aa5dc", "comment": "Malware payload (Smoke Loader)", "value": "459dbd1111b712155ab4af31d8ffcb753c647f31a42bde758bcd04a1a069d67f41429baec56342ed642f87a5c80cf167", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583353, "uuid": "15b819ab-277a-4234-a73a-98faef74b4c7", "value": "T19944D02272E1C473E95B45798815DBB4653FB8308B6986DB37806B7D1E303D19F3A38A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583353, "uuid": "e028b0eb-9afe-4990-afbf-05238a171d68", "value": "e33fc10ac8b1ad5a04646026b94890a5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583353, "uuid": "697098cd-f36b-4a8d-9d67-08f4c8ccfda5", "value": "3072:4fUSazlBMjkAcYKLMrcb6GBd3/KKvOYuE0lvUFKgyACFhdZ/5hYtv:MMlYKLMIbH3/KKvOY+UFi7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583353, "uuid": "3089125e-a224-4faa-8fe4-3b7cc10420f7", "value": 257024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583353, "uuid": "92e06a0b-aee1-4620-9839-fa056ec28fe8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583353, "uuid": "296b369e-beb2-49cd-869b-6d381d7d82cb", "value": "a575ee6f5285573a23b68f3c245b0a69.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eeba66ad-c942-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679552482, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552482, "uuid": "b1366402-71f8-4bc2-a39e-c5196e93320b", "comment": "Malware payload (SnakeKeylogger)", "value": "28b0d45e39366a324522c55f65f9b96f", "object_relation": "md5", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552482, "uuid": "9b0ea95e-aeae-4e4c-a308-3b6cb4740568", "comment": "Malware payload (SnakeKeylogger)", "value": "54178e9c8317b59d9a7398b2efe1d5b9f2175f5a8322af385810e45dc7c20955", "object_relation": "sha256", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552482, "uuid": "dc31d40a-474c-423e-8add-6f388839fbff", "comment": "Malware payload (SnakeKeylogger)", "value": "b618a313fa45208eba138d2473b795856c0ec72b", "object_relation": "sha1", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552482, "uuid": "f34573f4-a489-4865-854f-11a4aeaec20d", "comment": "Malware payload (SnakeKeylogger)", "value": "63662b55e4dafd8794900a1a687b5b62500fb7fa9c806e5885cb065cac8d6bf06654ddfd4b8d9396e114ca0addb319b3", "object_relation": "sha3-384", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552482, "uuid": "4c6160dd-2436-484e-9f0a-ea9eff5796d0", "value": "T12B350217EAC44D46D4424BF96EE3B9D8131EBC626BD6A2C723447B0F6F786E0864710E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552482, "uuid": "6b955fac-0785-44ba-b36e-8c73bc934b08", "value": "24576:sLKhWQmmav30x1+MXUu9ulf+MXUu903bV4+MXUu9s3bV1yN0fCfE1Jizo:sLKwQmmQ30z+MXV9C+MXV903bV4+MXVl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679552482, "uuid": "c23ea2ec-cc1e-4184-add7-9edb28baf85d", "value": 1149952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679552482, "uuid": "cb96bc04-b6b9-445d-9cd9-50e09546a813", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552482, "uuid": "def57f68-404f-4187-8bfa-a39a06e0bc65", "value": "KW FAHAD Order 22 03 2023.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4700edf3-c95f-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679564656, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564656, "uuid": "a716477c-d74d-467b-8f49-e0c300ebd417", "comment": "Malware payload", "value": "cd265d216aa729b1051f8631185f3520", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564656, "uuid": "0dd0b05f-3754-48b4-868c-152790d07390", "comment": "Malware payload", "value": "546549325cb53f665f2bc3bfd65e4ed77ca1edb80b349a54f1f68d11ed91ef25", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564656, "uuid": "fdb4034a-1faf-41cd-a66c-7b35be281980", "comment": "Malware payload", "value": "703134535747efd6954a9b3104e39ee0d4aeff06", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564656, "uuid": "c561cb0d-e5cd-43d2-861f-a40077253498", "comment": "Malware payload", "value": "dee0358456cdd6b9f374c8b1c87220d283142fba793a6d5946eb03754d9cf9bd672c540e7d0dab86b3fb5c6c0fc0bdcd", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564656, "uuid": "7089d35c-c7bc-426c-bd42-e6133077ceb0", "value": "T169227C32CF49FD14C25A64BD8D5A53E8F2489283561EB21E3105A3BDFE9008F0719B97", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564656, "uuid": "0eb917ba-5a25-4153-80a5-b49e3a760d7e", "value": "192:VOWmcDKb6QuB7L5bv/02UZ4Z9hCfC3nVCj9knEI7QaX0e:VDA6Qu74ZgOfonnlXX0e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564656, "uuid": "55b36b03-dfc9-4832-b19f-14c5eacbad52", "value": 10476, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564656, "uuid": "26a9af1f-010a-40bc-ae7f-c1bcad38c9dd", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564656, "uuid": "066579c5-2d90-452d-bdda-0fb7c3fbdcd2", "value": "cd265d216aa729b1051f8631185f3520.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2185ac72-c97b-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679576619, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576619, "uuid": "aeccc896-0c7e-48ce-a2e0-ed0a575ee673", "comment": "Malware payload", "value": "d77e5dea9da9ff78fd1d7130f533b17a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576619, "uuid": "e4813010-fb5b-4c0b-b59e-67592c253fc1", "comment": "Malware payload", "value": "5494a807b4fdc252e0797855d0204c47c16da1f1cc53c24c41fd6cbee1be279e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576619, "uuid": "c1d7a7e2-90e3-416e-ae3b-66f9b8dc8aba", "comment": "Malware payload", "value": "3278bf42a49286f4aa1bf788d2889426a520b648", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576619, "uuid": "cb784bc0-7198-44ca-8698-151e6ad8f5e5", "comment": "Malware payload", "value": "34d26279f04acc095adc4869f92c885a51547576fb916fdb07f0ec85b5b21eb3421367d55cbed798c065117e7f14a36a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576619, "uuid": "ca4b4b96-1a26-4d02-bf24-ef38dd9a5015", "value": "T145D59D32BB049132F5D211F1981D1B6F894C993403B940D7E2D67AD929E0FE36B36BA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576619, "uuid": "68a05bdb-918d-466d-b917-2a92fad06d6e", "value": "4825ef56a06f7fb58d67dc608871939b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576619, "uuid": "b2eb1ccb-6cae-4c96-aee3-03f95b357a76", "value": "49152:D4gHBrqMeKtmTeapwBzozq+UVhsGI4DzIGek/j6/Vh:8gH1qJI8zq+UVhsGI4wku", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576619, "uuid": "d53a2e35-7fec-420c-ad04-039cfa77327c", "value": 2818048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576619, "uuid": "4adcd07b-e975-4eb8-9f9d-59e4b6812ff1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576619, "uuid": "28f94be9-ba0b-4f94-b818-99f3d56b5d7b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5db29fcc-c985-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679581015, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581015, "uuid": "b7714384-9359-4822-a589-3c85e1275d56", "comment": "Malware payload (Gozi)", "value": "cded5d5c5f38432550c0b39682e1f8ec", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581015, "uuid": "1712062d-9cde-4999-8678-b3130c45eb0c", "comment": "Malware payload (Gozi)", "value": "54d9ffe1477533b10577b72250a8b3184549892f541235f8d71586a284c0c362", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581015, "uuid": "30a227d4-8a75-425e-a1a4-6c0649bb0dc2", "comment": "Malware payload (Gozi)", "value": "2bdfdbcf45712c44726a77e99e056c63ec35b11b", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581015, "uuid": "5df3aab0-f559-446b-9a71-b2af118471ab", "comment": "Malware payload (Gozi)", "value": "6e238681618664bea59aab37f423ac467140110076037e29b8f3111f26333355063ac20f52264fbde6b3951806371139", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581015, "uuid": "fb02153f-0248-4e28-9161-8d326db81c64", "value": "T1AD4119620B3C14B5CE19F67D50238C84F101CA20718B8AEDD8EB05D04F276E3D9C502B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581015, "uuid": "3da55363-b7c0-45b6-84d5-66293f1203dc", "value": "48:9sCBjDGDQoH7ei0fA02vA91xhXmSWImsTZmCmh1P9QF93ZJ:2YjDGDTqPOA9FXddPmCmRQFlZJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679581015, "uuid": "e0fd74ea-cdf9-4748-94ef-db013234d868", "value": 1931, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679581015, "uuid": "bf5c9c83-0a1d-4cd2-bdb3-8341425aa301", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581015, "uuid": "a6173a6e-d930-4f95-a81b-0d159ecc8ea6", "value": "Fattura 2203-23_012(1).zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "602d9ec4-c97d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577584, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577584, "uuid": "05250705-a14c-4e8b-80d3-8725faf2a7b7", "comment": "Malware payload (Gozi)", "value": "162b2236d1b39888cf3d8d9e9ed0cc3f", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577584, "uuid": "34bb38ec-aec9-4ed3-9ad6-9848b93086f3", "comment": "Malware payload (Gozi)", "value": "551e1de58707a409b1b7d2775fd5e733f090e5a666f7376e5069c763d7f86ed9", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577584, "uuid": "c1715979-1c54-4e20-8cd3-083d081239a4", "comment": "Malware payload (Gozi)", "value": "c70b79e1baf39dc0c80edb8977622344e72df268", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577584, "uuid": "168c8157-ccd4-4901-8a96-2be39bf1d91c", "comment": "Malware payload (Gozi)", "value": "a8ba73159f546ffc5baa331a2c8575260f5b402ffd555f29eba4eac6618b2ae67ce2cca09d34203f93285ba7b44c8c35", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577584, "uuid": "df4adc45-e6dd-4320-9a87-8c45f8bba0c4", "value": "T15B415D208BF3C74FF71687A57F8B5F7EA10585642A41705F20058BE7352934DC152928", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577584, "uuid": "2f123379-b921-4102-a4ea-ebd122426b7c", "value": "48:9f3+aV68mDNuak7MRbkz7nEwi36CcdThKg+Xekwh5b3vaoJq67nH:V+66w70ObLCcdTYXj85zXJq67H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577584, "uuid": "c33f21ff-9e5a-46b2-b6f1-adcf9a56373c", "value": 1942, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577584, "uuid": "f7b56177-9964-4bab-a431-9cdfd613dc77", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577584, "uuid": "ed8e62ba-7e98-4d19-be7c-29962baa39fe", "value": "Fattura 2203-23_012(10).zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ee673fb-c91b-11ed-88f6-42010a9c006e", "comment": "Malware payload (GCleaner)", "timestamp": 1679535383, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535383, "uuid": "15a82e0e-951d-42c9-8fdd-0ec6cd59d991", "comment": "Malware payload (GCleaner)", "value": "c33390795c21a5074432d7b94205946d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535383, "uuid": "ba67364a-2c98-49ff-98c3-5db2fa8b4883", "comment": "Malware payload (GCleaner)", "value": "5621cd4a0de05cddb766e3cfb98392bf50f6ee2e9f9befc62e9961788e193c22", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535383, "uuid": "89ffd48c-feb0-4653-a18c-428834fc775f", "comment": "Malware payload (GCleaner)", "value": "07e45eb6b1ce624b48ca11f3a9dac4a7b9c98f74", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535383, "uuid": "316445db-ca5a-4120-a492-a3946c7fe5d7", "comment": "Malware payload (GCleaner)", "value": "fb401462c748140df047916bfe57266f6e4f931db75e44a93bba3759bbf6bbad77ceb7c927e5ea25729131c7cea44dd6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535383, "uuid": "ddf3b0fb-9253-472d-9dc6-e7784fd1af9d", "value": "T170A53313D20A8479D613D6F9EC2FD7650E2379390ABCE55CB1DC92AD6E33321991E207", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535383, "uuid": "533e3502-c232-49e5-9cf0-0aaedb258356", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535383, "uuid": "866f275a-b5e9-40d2-9d61-a3ab1e020529", "value": "49152:EGlJfsg0r9MIYviL2AKwX3Xb0c0hDfcCdicsGcxhSnTj6fgkBVEOM5dlLYp:5ArS9uKwwc5msGySHkBSOmPYp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679535383, "uuid": "478402e4-1361-42f3-8fff-b56db61ed62a", "value": 2241924, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679535383, "uuid": "269aa2d7-0726-4f1a-8094-6c22afc14a27", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535383, "uuid": "837f31bd-449d-4100-8351-8b98734f3446", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7273dda2-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload (STRRAT)", "timestamp": 1679583198, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583198, "uuid": "93507b08-032b-45d4-bbca-f8944ff971fb", "comment": "Malware payload (STRRAT)", "value": "9b23c48160b513a4351b5dfad0d5662d", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583198, "uuid": "30e0f5e5-bd83-4c35-a408-6a29312d9050", "comment": "Malware payload (STRRAT)", "value": "56839a52e1b4417b4ec48bdac54f2e20ab8dcd9b684cfd2f8a677ee390460087", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583198, "uuid": "f9af655a-5457-4989-8b5d-332174a83e21", "comment": "Malware payload (STRRAT)", "value": "099774e1098268ac97546fc748f291588a2c9978", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583198, "uuid": "dae0f208-7a99-49d1-a6e1-4ff273d82708", "comment": "Malware payload (STRRAT)", "value": "09f89c189284173c6aee7860bec7b89d3c68b0b45339e982f3013271c1bbb03f653bc017544c4a974a0227a07a774d7b", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583198, "uuid": "86173377-f129-4e14-a50b-f03ec0354ccc", "value": "T10A24F11BBE5BC5FDD047C83A09109726275D9699C042E35F2AFC0A8A5C72C787E46ECE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583198, "uuid": "b500eb66-219a-4784-a083-6b3379cdc89a", "value": "6144:dMxXJNIltIeXHCvv0Tg3SDk4TRQ7I31v7GL:OxAltJHCvv0Tg3WkqQ7Y74", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583198, "uuid": "ad107d07-6d9e-4f13-86d1-e1a75d132035", "value": 214319, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583198, "uuid": "1dd8a4d1-b5b0-4953-ba2c-e7033fee0b0e", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583198, "uuid": "a558528f-a7e4-45f2-a991-db4c9f651d13", "value": "AWB#00756543.pdf.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33d9cfc2-c98b-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679583522, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583522, "uuid": "80fdd212-d8d4-4c5d-8cd3-ef50bbdcad5f", "comment": "Malware payload (AgentTesla)", "value": "c3e8b482ed3986690fcdc9cbab9a0b7f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583522, "uuid": "a19d7a01-51b0-4e6a-b58b-8fd646b4fd30", "comment": "Malware payload (AgentTesla)", "value": "56a430942d5fb84a87534dbbaa517c1193504c2677e3ceb9009e41d75271785f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583522, "uuid": "d14144c5-6438-4a33-85a8-4b69d9ae255b", "comment": "Malware payload (AgentTesla)", "value": "2d12d302a7c537c9d84fd8ba97af28ab40a4ca60", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583522, "uuid": "0f381c6d-32f0-4cce-9bbb-0b7c01134350", "comment": "Malware payload (AgentTesla)", "value": "06b1478dca6d27c18975829eaf94a58d5e14a743d260ddf64cb7bbb6b9ab8ce98190ccb2d863a8ea04d88b2a0d77e5bf", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583522, "uuid": "d7f9c426-8af4-4738-861f-9a747df99b5a", "value": "T1845292401BCD94F2D328E1778229810E09FEF776389315DDB88DE6913BBD20D4AB91B5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583522, "uuid": "b99432cb-c7e7-44be-9ace-faa11398792d", "value": "384:re9UNiVKlM2d1iJB2XqVlOlrzgw12LVntOZnD6Ewbm1H:rzikbY7l+rkwenknD9am1H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583522, "uuid": "d18b3f1a-a2dc-4900-85fc-deb4db984fca", "value": 13567, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583522, "uuid": "1d611a78-e9ca-40a4-b2e3-1933d07beeaf", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583522, "uuid": "972c030a-d414-4e4a-9067-7e5e436a0764", "value": "c3e8b482ed3986690fcdc9cbab9a0b7f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fdabb4b6-c97a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Fabookie)", "timestamp": 1679576559, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576559, "uuid": "b01e5898-a024-40f9-bad6-962eb5a8ca1c", "comment": "Malware payload (Fabookie)", "value": "6906dbf68862964a9e9437b57a553037", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576559, "uuid": "0eca0f1d-344f-423d-95b7-4ac009786595", "comment": "Malware payload (Fabookie)", "value": "56ceb04bd9480368c02b14d4f944601c2f67116f122d8856e4b2118000634cef", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576559, "uuid": "14eaed19-469a-4777-8cc7-8d3d5af748a2", "comment": "Malware payload (Fabookie)", "value": "2d4839df012efeba7c515d51489070eea1b2a83d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576559, "uuid": "5c958459-0498-40bf-bd98-8c6cf9eefa76", "comment": "Malware payload (Fabookie)", "value": "3d010ec2505514faba272006d561354099d5f5dd210b66b69c0d7f7ba1247761c7a660549e007617983c7bc138ad25a5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576559, "uuid": "2c4fabac-277e-4380-b95c-83b9221556d0", "value": "T168156C5EB66C00E9D0B7C179D5439A03E6B6740B03B15EEB139147A63F276D88F3AB12", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576559, "uuid": "156a8d0b-9533-4415-8ab8-1751930a57d5", "value": "ca4024c0e7ca045d1b257058baf9658b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576559, "uuid": "1b8feff8-eba2-4f39-8630-11f1d071bf0b", "value": "24576:6yE8JiMHd/BieyIMZR9ejI21FiWOnoxkNMu4dXxbfat6Z:kCiMHtBiez+Rb21FiWOnoxkNMu4dX9aE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576559, "uuid": "c3d3fcc8-ae6a-4d2a-9b50-b72f27ae09fd", "value": 886784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576559, "uuid": "898ba706-88b0-4f43-863e-dcaa75b76384", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576559, "uuid": "7c52e53d-2d00-4ed7-9e81-0d0c6ee9320d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5cfec3a6-c9ba-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679603777, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603777, "uuid": "5f6005dc-d767-4d53-abbe-8321261902b7", "comment": "Malware payload (Mirai)", "value": "a4461c59f721a98a1c9463940ffe508b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603777, "uuid": "7eeb0baf-8f1d-4fd4-8fae-81c6d8f08535", "comment": "Malware payload (Mirai)", "value": "576345e85d2e6162c6dd42effb69c6f6ab5039ebe8c8b4c1f83f0b86d54ae424", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603777, "uuid": "de5f7b57-97b2-46ef-a852-81ef61f30539", "comment": "Malware payload (Mirai)", "value": "dbf622c66a35078f610670cf8252b046569a9fe4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603777, "uuid": "f7d14b3e-268d-47a0-bf76-115509536791", "comment": "Malware payload (Mirai)", "value": "e6e269a6ed57db10f10ac1f590d1f205b6989926c327836b27f93ef82103dbf1df18a3b249cc59e90d6d4b80e2dadd60", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603777, "uuid": "4e263fb1-a462-496a-bcbb-f549caf223ad", "value": "T19903F1D6E0930C03EA7118379BBD9FC863254FF0D51975EB2292894633E68235F7CA42", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603777, "uuid": "0455f0c3-65b5-4ba5-bc93-db35d54b60e6", "value": "768:chsOEJFOxItsB43vPPfYjIDH69D9mns1S647xhU03mNK/TwA9q3UELjo:mGJFOxDS3vPPftHcD9mFxhR2NK/TwJLs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679603777, "uuid": "2e49f71a-b331-415a-b6dc-9e10300a1c49", "value": 41012, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679603777, "uuid": "1a74e0f7-5700-4f57-80e6-efdbbabc23c7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603777, "uuid": "df49ab9d-45a1-4b22-a173-dcf459f86d36", "value": "a4461c59f721a98a1c9463940ffe508b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a412a68f-c97c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577268, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577268, "uuid": "fffdd5ef-4658-487c-a3d3-0a2208270d56", "comment": "Malware payload (Gozi)", "value": "53ce07f9561bf18ccfe3e58bea758dc1", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577268, "uuid": "a0f571b3-876c-4462-9371-19246c0abfeb", "comment": "Malware payload (Gozi)", "value": "579bd737d21c98e0b59436ef8d2254042f45792931fb7f4de0e1f8a8c45572e3", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577268, "uuid": "c902feec-74dd-4fb9-91d9-ed5da4ff5c77", "comment": "Malware payload (Gozi)", "value": "afef9a62236472775b0886f586ff9c43680ad45f", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577268, "uuid": "ecf78e8b-db31-463d-9d98-fc4a77faaed8", "comment": "Malware payload (Gozi)", "value": "1cb7c0e9fac367af3d63d364098daefa280f4cabd97c4808230fff629acc8d8fbcd78152df317b679e17d97693bf8663", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577268, "uuid": "00287d20-45e2-4782-92f8-8b5336ddbc3d", "value": "T117D1793682181FFF697631AD0C1846B225B2957B7B7F2DF7B57005A8241CB1081B6EEB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577268, "uuid": "5bccc84c-9c47-4c75-831b-4d27d3a04c10", "value": "192:M/fnUwLR8EzDM9a9gJ3txMMC/SfPLrFaLc:dY4oSn/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577268, "uuid": "2f41030c-2a1c-4c06-9e94-b088ade64f80", "value": 6558, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577268, "uuid": "1798d3d7-3be3-4e48-b52a-e8aab3eff0a4", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577268, "uuid": "8ed7edd0-45d9-45ed-9091-c28aa4e36782", "value": "Fattura 3571 2023-300938.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0adb2f7-c967-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679568270, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679568270, "uuid": "6c65c50e-0cdc-4017-bc96-d1cbf23799f0", "comment": "Malware payload (Gozi)", "value": "7f096d3454d8e6957afeb09b0068ab04", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679568270, "uuid": "76306c0e-46e2-4eaa-aafd-b4a0e0f39d5a", "comment": "Malware payload (Gozi)", "value": "58737f0c53c4bf24ab814eaf4aaf201fbaf7a3ab395f2fcddaa23909f71c7212", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679568270, "uuid": "1afefb85-a22e-4581-92a6-5717f931924b", "comment": "Malware payload (Gozi)", "value": "c71b4129381fbc4dbf6799d2b936ef5001dbcb0d", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679568270, "uuid": "abd35072-4fcb-4061-8fd0-cced39151c4e", "comment": "Malware payload (Gozi)", "value": "83fb55fd7bfa14db070fe6a57b035e5f700c120c972bb841d5b6ddcad96016ac28e059d854fbfafa4a657fdb12ee56d6", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679568270, "uuid": "b018154d-c32e-4d91-ab51-431e68d3a14c", "value": "T16CE2BFDC5876BB6EE93CAD048DFE292077788BA8B000F850961A12436E3454E77EF1B0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679568270, "uuid": "53ddf1ac-22cd-4fda-839d-b8ab0a1089b1", "value": "384:GGa8da8ga8Ea8gkcRx7GHfmK1m8xxTzncr9dOA3A0XpzA0XplktwNKNPN7NNNNNO:GBCHfDQTOuPXpzPXputse1JjjjjedDF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679568270, "uuid": "9e93d6bb-0e34-417f-a433-a9ee1ad85780", "value": 32942, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679568270, "uuid": "c4cb26df-0d1c-4322-b355-07f5761f289b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679568270, "uuid": "0ea2049c-c713-4ed7-874f-928445f247b6", "value": "documento.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36ecd8fa-c98b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679583527, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583527, "uuid": "18a6b8ba-408b-49c1-ab96-e61bec00d362", "comment": "Malware payload (Mirai)", "value": "aa4b027af2302427f8f0cc5104999c6c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583527, "uuid": "152af327-e2b7-4c15-bfa4-880e921af7dd", "comment": "Malware payload (Mirai)", "value": "58919bdb32774645163f19df8c173eda098160247f7d843e44faef0438d8aa8d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583527, "uuid": "ac55b144-82d5-4628-bda9-278c289ceff5", "comment": "Malware payload (Mirai)", "value": "9a9ab178639b41b09b0554c464c8185b3bcfc597", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583527, "uuid": "89549fe2-f74a-4b46-afd0-1314a7359d34", "comment": "Malware payload (Mirai)", "value": "431410890ccc9cf36b9faccfe7f58f45791c27ddfe6c1d4df145cb1735f3a715ee18e5e31d775151905d8cc78de62538", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583527, "uuid": "272ed0aa-0e76-4782-b940-1bdd040d918a", "value": "T130438D36E96E1E74C04641B074748FB56F23B5C883572EB61AA9C2795483E9CF504FF8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583527, "uuid": "b67c1fac-f76f-40c0-b145-a46204d2747a", "value": "1536:9aa0brW/Od9hlCRDeiDKQXACspfDCMx2+Ww:9v0brWGd9XJimQqpfDQ+F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583527, "uuid": "74c5ae68-66fe-4b26-931f-dd5a3d939ab9", "value": 58740, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583527, "uuid": "11bc86eb-d662-4e1b-8514-f18d404f6945", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583527, "uuid": "2e5cbc4d-a45c-495e-b506-cfc9a026568e", "value": "aa4b027af2302427f8f0cc5104999c6c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23e78348-c94c-11ed-88f6-42010a9c006e", "comment": "Malware payload (zgRAT)", "timestamp": 1679556437, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556437, "uuid": "5d718ad7-f946-4068-9484-092d1dcad92c", "comment": "Malware payload (zgRAT)", "value": "3285532e82c23fda46813ec22ac98558", "object_relation": "md5", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556437, "uuid": "a5be2da8-e38b-490e-b8ff-ff0325abfd76", "comment": "Malware payload (zgRAT)", "value": "58d22857fc24ae24057a040b6bd29c85cb59106da148cc6f88b333a5fc2db73f", "object_relation": "sha256", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556437, "uuid": "a40f609a-022a-45db-bc43-4f1f9f76f2e3", "comment": "Malware payload (zgRAT)", "value": "041fc019eca5a20bf56206cb47cced626f163335", "object_relation": "sha1", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556437, "uuid": "4cc21774-8d74-4292-a80f-34d3afbb4aa7", "comment": "Malware payload (zgRAT)", "value": "21c1c8002512782ce6346840ec35b0a535de76c81e0dabd611bcd120fc3b60695f11ab0fc5b7266db28fce45c6c21562", "object_relation": "sha3-384", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556437, "uuid": "f125bda9-aef3-4970-9084-2ce3017d710b", "value": "T110617B1457DA0608F7F3AB3AA9BE52954E3B3956E932C74E0059414E52F1A40DCA2F37", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556437, "uuid": "3f8c9e1e-376f-4550-97df-9c71804f7fb1", "value": "48:8wHaOU9Dmel0iglZ+WslpQfYj1sAT1rTRRSJxodgImcC:8wHIB0+W86YZsErTR0/ygMC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679556437, "uuid": "07fe8777-bd0f-404f-9b8a-2d15ae07668b", "value": 3460, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679556437, "uuid": "d358610a-168f-491b-8bb5-4311b0edf838", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556437, "uuid": "bb465734-294b-401f-96e2-046e7e7da69e", "value": "FREEAI22.png.lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5633469f-c9b8-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679602907, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679602907, "uuid": "db7a47d2-19d6-48f5-9e47-8ba3d25db50c", "comment": "Malware payload (Mirai)", "value": "6c28994a9f23d21fd779eaf0b9e2c8fe", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679602907, "uuid": "1c024ae7-f2ad-4472-a444-5344914876e8", "comment": "Malware payload (Mirai)", "value": "592d8adbd159654c86626eec83427a8ac4d07856060af1c099e2a749d1dd7f20", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679602907, "uuid": "bc8d7c4c-93fd-40ca-9444-f756102577df", "comment": "Malware payload (Mirai)", "value": "31f8e7deca2ed337ba90af0f733896225e9eae58", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679602907, "uuid": "79c74641-1f9a-4807-94a4-566a84a71fcf", "comment": "Malware payload (Mirai)", "value": "10f5803dbef0b356f7d8f1404d77466fba661096271b7b2c48819e7268c905a33a31752381b197661eb4b6028c5e3e55", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679602907, "uuid": "12fb7d36-ad17-4a4b-8c59-de657e03f94f", "value": "T17653F1A087FBC566873149BF795442EA71E787FDD0FA842E40958E015D82CCA8F7A50E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679602907, "uuid": "56df0076-fc6a-41fb-8cc3-602e61f7a312", "value": "1536:FdSDmJ0XmCiF4PwaRSkSQYTUcXcLsbyMWPc4N+:FJUmplaRSkSQYTUcMLmzWPLk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679602907, "uuid": "ce66c372-2e33-4f1d-b981-77e8e1c9fcef", "value": 60944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679602907, "uuid": "2e80d84c-ce16-4fd8-a213-74dfbd3b2583", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679602907, "uuid": "e05375f2-c4aa-42b7-a36e-1d95c41ab2e2", "value": "6c28994a9f23d21fd779eaf0b9e2c8fe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7eee9977-c91f-11ed-88f6-42010a9c006e", "comment": "Malware payload (QuasarRAT)", "timestamp": 1679537262, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537262, "uuid": "925fa751-f94a-4dfd-8345-c44fc94000d3", "comment": "Malware payload (QuasarRAT)", "value": "e3227ee81215e58ad2b59b277ffb79f4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "VoidRAT", "colour": "#5449B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537262, "uuid": "60270a9c-a6da-4b0c-a08e-422129bb3070", "comment": "Malware payload (QuasarRAT)", "value": "59917b4b4d1a67912f5896bfd274350cb4253cc2bf3c522781fda75ec72debf4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "VoidRAT", "colour": "#5449B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537262, "uuid": "e14aaeb1-e119-46d1-8248-c58c2bae5a54", "comment": "Malware payload (QuasarRAT)", "value": "cfc16846c11f280d907f151a3745827313e92fbf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "VoidRAT", "colour": "#5449B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537262, "uuid": "105343dd-d181-4fc9-a357-d43c48870f94", "comment": "Malware payload (QuasarRAT)", "value": "4e2e014e3aefc9a43fac3b4837aa8674a62c1a05cba10b051829b2b2e8f93d2acd35052e07725b8b49e681aa44dafcb9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "VoidRAT", "colour": "#5449B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537262, "uuid": "13005d87-8e99-49bc-9d3d-df77ac73faba", "value": "T113747B2373A8E67BD6FE173AF43206154BB1D647B616E38B5A5C55B82C133868D803B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537262, "uuid": "1c87a61c-7829-496d-9f08-774e80e04737", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537262, "uuid": "55b216c4-a595-4712-9ed3-9d42cac07682", "value": "6144:Aw6bPXhLApfpZUAlrmOW5bkjz3jnRBPtcW:xmhAp0Al8WjnRBP2W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679537262, "uuid": "2ff69507-dfdd-4926-b175-aec2715d8c6d", "value": 356352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679537262, "uuid": "f00609b1-c027-48ac-9226-12ff8e15b58c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537262, "uuid": "cf8899f9-813f-4a0f-97c1-aa6c13cf3cfb", "value": "bKJA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b8350e6-c990-11ed-88f6-42010a9c006e", "comment": "Malware payload (ManusCrypt)", "timestamp": 1679585843, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585843, "uuid": "9761604f-5cdd-4167-93b5-25f226ea9f37", "comment": "Malware payload (ManusCrypt)", "value": "7429ee8b83fcbb48fe5b383a6235ac1d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ManusCrypt", "colour": "#3BAA55", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585843, "uuid": "4b1c8b84-9b8d-4f0f-86ea-fe0935f37053", "comment": "Malware payload (ManusCrypt)", "value": "59a07e2c448afe8d96a5f79968d7ede52d409d9d36d7a77eaa190c5c70cf3f32", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ManusCrypt", "colour": "#3BAA55", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585843, "uuid": "1163846f-0149-499f-80e2-9785abed1b58", "comment": "Malware payload (ManusCrypt)", "value": "f225f686fe9027eb2527bc945895fead79e67926", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ManusCrypt", "colour": "#3BAA55", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585843, "uuid": "479aec1e-29a1-42ac-acc4-829e09b9adea", "comment": "Malware payload (ManusCrypt)", "value": "6dd98a8b0c8fd0c5b96d793de53111d39ccc30cc1a0965869b8a54aabd111a4f1b318df32deb853b8559d50d8924b5cb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ManusCrypt", "colour": "#3BAA55", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585843, "uuid": "0348e887-20e6-4f13-854a-95fd0a2ce5eb", "value": "T17BF4E003E646902FDC115B33D952BC71EEEEEE32DB255127268F3A4A1E321C1915F6B2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585843, "uuid": "764e5e02-d700-4a5f-9e4a-1e473afbe18f", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585843, "uuid": "d64ff423-42ea-4bb9-ad8f-d35888e9a46b", "value": "12288:VQi3IG+zy2Rc6m6UR0Ipp1hf39Wkv8xwJA:VQiYG+zy2RzHIppdUMA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679585843, "uuid": "9de0b619-c02b-4ec1-b724-77a2168cb574", "value": 770171, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679585843, "uuid": "6fc52754-bb31-433c-ba03-7fb039464e5c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585843, "uuid": "fc2ab92d-49a3-4904-969e-b30711f07d66", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2bd02986-c94c-11ed-88f6-42010a9c006e", "comment": "Malware payload (STRRAT)", "timestamp": 1679556450, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556450, "uuid": "53a2f666-ffbe-4366-b0fd-47947be9094f", "comment": "Malware payload (STRRAT)", "value": "f848c6207610f4ef28e26262a6b212f7", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556450, "uuid": "1a38e24d-e63a-4b01-a090-6c2fbf4006f5", "comment": "Malware payload (STRRAT)", "value": "5b1007697bf0bdebbbc3e2f5884e1b06990302b577bebe9b93e6e03e69545b2d", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556450, "uuid": "0b34bae5-17e1-49af-b65f-17cf8d4bada7", "comment": "Malware payload (STRRAT)", "value": "cc05af6ba80206a95380dd805b31e9c973165382", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556450, "uuid": "705ce20d-5ce5-4d66-8c0f-df0a1dc140ee", "comment": "Malware payload (STRRAT)", "value": "f87896cb55ffd82118af20c9e9e56df14137789aeec01ee39312850ebf4f4282998591a8ba0e3d4a09410cdda2ad4c2e", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556450, "uuid": "0ebf3017-c3a7-4ee4-9bf4-46759f5cced9", "value": "T17F24CF2DFA14A835D717717566BA4602FB6097DD82B1A72F18E023859EFBA800713FDC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556450, "uuid": "cb2d520a-91da-4417-a3bd-422ac9c416c7", "value": "3072:NXLE5U01voDQyA09eMOhNWB7+Sdmjg42wmrd2XSPnKtNOFc/9eKvQ4HW2nn:d69oDPeMOHA+oT43mrd2XmKtNOu/9FT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679556450, "uuid": "b32ed94f-b361-4ce0-85d0-ac76f368d6e9", "value": 213551, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679556450, "uuid": "e5b4989c-46a5-4a0b-bd09-608ee9ae0ac6", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556450, "uuid": "1b180461-d631-4ad1-8d7a-888db5c738ea", "value": "Payment_breakdown.pdf.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ccc82df2-c94b-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679556291, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556291, "uuid": "9277c426-b978-488c-b625-c4cd3eb611c6", "comment": "Malware payload (AgentTesla)", "value": "cf52142e72a8cae6f9f667b19d098459", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556291, "uuid": "49a068f2-e880-4361-b8bb-643c53170ccd", "comment": "Malware payload (AgentTesla)", "value": "5b30b08d05b34a4eb195a704e40efa8555e1985fab9886840c5f336a2e572671", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556291, "uuid": "b07148f3-670c-4fd3-85ca-088eba5e9615", "comment": "Malware payload (AgentTesla)", "value": "c2923e5a5f9aefebb037faf7841e777e6e81dfaf", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556291, "uuid": "ab9da232-77e6-42c0-9b9d-2cfb54995e06", "comment": "Malware payload (AgentTesla)", "value": "17dba80e296020c4754aadbd4c070026049c78b02065302181d0ef563162046d7ec519606c3d0f773ed2837d541c4283", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556291, "uuid": "14fc085d-9d00-428a-a0eb-b1418ebf13c3", "value": "T15976D489326069EEC6228D7BDD415D58E6E4AB66030F8633D4A7127B5F0F757CE880F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556291, "uuid": "038dbc6e-ecc0-4d92-a371-7c7abca21e80", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556291, "uuid": "3f43c004-34e7-4695-8d26-7ecafecd90c7", "value": "196608:m7aua541+uL+ZcHsjGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG:fus41+fcMjGGGGGGGGGGGGGGGGGGGGG2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679556291, "uuid": "49a050c9-6166-42d3-bd53-85c577026a1f", "value": 7192576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679556291, "uuid": "73149cb2-64c2-476c-b8b7-340072662164", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556291, "uuid": "4e2d1227-30ed-4417-8d75-f353558c4a41", "value": "cf52142e72a8cae6f9f667b19d098459.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "136dc8d1-c98b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679583468, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583468, "uuid": "a9019962-2f8b-439a-8275-a9623af49c3e", "comment": "Malware payload (Mirai)", "value": "6e2c3670577d140d9ac9ed450e5f2460", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583468, "uuid": "922999c0-592b-4521-98c3-7547edd1210c", "comment": "Malware payload (Mirai)", "value": "5badf02f86cf61971685cc074d180be26fd9d63e652b6f7e1efb7216e40db67f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583468, "uuid": "61c7ec0e-f4a6-4cd8-bf7b-bbfb05e29ba8", "comment": "Malware payload (Mirai)", "value": "dde1de2922ee41e6b732a06310064429d7933560", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583468, "uuid": "d06c2823-5ca7-460b-a4e1-e95853fd81ce", "comment": "Malware payload (Mirai)", "value": "62f7e724d7a4afd000b60c639ebd50582739e2213d41164382b2c4de9d92022da148657591336e77003bfaec40bdd711", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583468, "uuid": "c5cfe73f-4ecf-49d6-970f-99c3342ebbab", "value": "T17C83D606BB510FF7DC6FCD370AE91702348C594A22A97B367634D828F65B24B59E3CA4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583468, "uuid": "90c3f176-4654-418b-ab06-0e28f6217f44", "value": "1536:iVLymx1KZ9kj752dCexuV/8UZlDwfkJ4MYfWU:iVLyIUKFezxu5VD1ep", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583468, "uuid": "f5fcddb7-1b7a-42e3-acea-df8980e5f70f", "value": 84780, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583468, "uuid": "f5a58bbe-f64c-47bd-bb68-2fdae9406a15", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583468, "uuid": "0fc29e91-d94f-4c93-8fb0-8068b4336a29", "value": "6e2c3670577d140d9ac9ed450e5f2460", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "632652e7-c91d-11ed-88f6-42010a9c006e", "comment": "Malware payload (LaplasClipper)", "timestamp": 1679536357, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536357, "uuid": "e7979a00-44d9-44ce-9aaa-8849277b013b", "comment": "Malware payload (LaplasClipper)", "value": "d6303b5e2715697555ca0a3fc515cf9a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536357, "uuid": "01600dc4-f263-4a1a-ab61-ee4355c1fb28", "comment": "Malware payload (LaplasClipper)", "value": "5c7cb9a9b08fcef3597ee3c317d52e202895aaa9387727e7c68941740c8938b1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536357, "uuid": "4157fa93-727c-4b55-bd18-10d44bba241f", "comment": "Malware payload (LaplasClipper)", "value": "6f3237546882a9363184b5450cd9806e65be1834", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536357, "uuid": "ba421c48-936e-437a-b51f-3e25495b7fd8", "comment": "Malware payload (LaplasClipper)", "value": "317bb49934747acbf2d091ded321667ab3cf9b0125957475078230ee20612e99121b11b07fe74d1c34abb93c5fe720f1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536357, "uuid": "86b6c4ee-40bb-4b19-a7c7-bc24bcab70b4", "value": "T10B9523D1C3E19C60D1120A77BF1BCAF46B2EB8A06E49F69F1368AE3B0431163D167759", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536357, "uuid": "a0bc0d7d-135f-44b2-b1f6-35afa4d2051c", "value": "c3df3d0d993bdeac73a0f5fd62093e4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536357, "uuid": "0e37d7a5-9182-424e-ab82-b1f05439a368", "value": "49152:wyLf8FgO/T2/mQgLqaUO5EDkbw1etC8wZkg:jD8Fg//m3Lqa3AktKkg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679536357, "uuid": "9557fdc2-6e0f-4b79-8a71-6002fc198b99", "value": 2037248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679536357, "uuid": "a27097f0-eeb3-4cd0-9ae5-f06282186b40", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536357, "uuid": "5bcd4c55-b9d1-49c8-987a-c370cde7d189", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ebad2bc5-c942-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679552477, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552477, "uuid": "7a59efc2-656d-4157-b515-f10872785b02", "comment": "Malware payload (Loki)", "value": "d7419a8d35db35d00557ad454614a131", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552477, "uuid": "802112e7-3bea-4711-847b-a31f0a79a129", "comment": "Malware payload (Loki)", "value": "5c91c5324307437a1c2d3cc45173dde2e237a5da1d277625757cc7c60f994b8c", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552477, "uuid": "dcb6e35d-1233-4dd6-ad2a-b817859698c0", "comment": "Malware payload (Loki)", "value": "10e3847c7f0cfc751cb617f3bdbb4c0b876b9072", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552477, "uuid": "ab894051-b8a4-4b53-8211-23fe736b4ef1", "comment": "Malware payload (Loki)", "value": "afbb861f55bba5e71abf86093eb3405ca191db648e1a5891fd736bf7693dbe0fdb854362a185f89312cae51fe1806101", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552477, "uuid": "f5d74085-ec2d-4e25-9661-9c50b2c49f7f", "value": "T1F4350213E9C09D06D44247B57AF3B989131EBC626BD6A2C72748B70F6F786F08A4311E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552477, "uuid": "0196bb10-e244-484e-91f3-a387ed177750", "value": "24576:mLKmXWQmmav30xY+MXUu9uYv+MXUu983bVD+MXUu9l3bV+uOLydxaXwfL:mLKmGQmmQ30m+MXV9h+MXV983bVD+MX5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679552477, "uuid": "a957c663-c2f6-4677-bc6c-0b0e35a64c80", "value": 1149952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679552477, "uuid": "0d331138-3c1e-44f1-b1a0-a48affb230f0", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552477, "uuid": "cb6bd203-13fb-4ef6-b813-32219542146f", "value": "DRAFT SHIPPING DOCUMENTS.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8fc99ff-c9ac-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679597892, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597892, "uuid": "91530322-172f-4dda-8a65-085bdc459bf2", "comment": "Malware payload (Gafgyt)", "value": "177ad6834d95fd87828e5503a0be68d2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597892, "uuid": "6aeeec21-1c7a-4705-bc8a-571dde983022", "comment": "Malware payload (Gafgyt)", "value": "5d3f6980e151a1b4b8aa5d5158be6f47735015f1e5821309badc53d0a8ffcb87", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597892, "uuid": "8a7cc64d-a031-466e-aa1c-61c4be54f014", "comment": "Malware payload (Gafgyt)", "value": "4dd55722276c8ee70e5bbaca05cae219542e3859", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597892, "uuid": "bd27ed14-8381-424c-b63c-48c5dfdb371c", "comment": "Malware payload (Gafgyt)", "value": "001b0dc4914d51d36d1331cc3807c3bb274a2d81ef0124d895c284ef5faa51befecc59dfcc28cd5d9414a022d27aff3e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597892, "uuid": "70cccebc-421b-405e-9fa5-3686a61c5be4", "value": "T154831943B72D0B43C49B6AF12DF72BF08769F96117A76180A11EBFC44772AB02522F65", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597892, "uuid": "fc912d8b-73ba-4f90-ad1e-899441bbb0b1", "value": "1536:BQOc40ozMPjej5qckA39ikRFarnrWBfOEmQ9VqXjtWf2Xe:Bl+3y4ckA3BqrWZOEmQ9VqXBWf2Xe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679597892, "uuid": "a9e8145e-0fc2-42cb-9873-d7f187298533", "value": 84796, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679597892, "uuid": "5a8f73b3-c77b-4e98-97ea-542260a1c095", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597892, "uuid": "76d6e495-6b0d-4ded-a549-07430ff80fcc", "value": "177ad6834d95fd87828e5503a0be68d2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "698e7188-c999-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679589625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589625, "uuid": "94996796-4a77-4eea-a448-72dfec7f32f1", "comment": "Malware payload (RedLineStealer)", "value": "0accf3955609238499bf6b47994b4e5e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589625, "uuid": "37d5dda5-31c4-40c2-bac1-5bf0794181a4", "comment": "Malware payload (RedLineStealer)", "value": "5e1d5e8a9515f2eee1df200008a4740c47735a0566b5d085404de1c041ee82e4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589625, "uuid": "a5146b6a-4b03-4946-9831-74a0546facda", "comment": "Malware payload (RedLineStealer)", "value": "0b0619612911d49bf5ccbb9543584e97de9f5967", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589625, "uuid": "e0a9ef34-8993-437f-b35b-8918ca8af080", "comment": "Malware payload (RedLineStealer)", "value": "d7b352f625e0ad2d9cfc2f589fda6af9d727ffe427f1f47f23ff97b8b9382cb3e09bcca5556575bd10992fcc4e639528", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589625, "uuid": "dab76601-cd94-4a99-9fad-e8ee2502e105", "value": "T1D3643189A4EBD492D226C03DE558EF815C1C16869972E13DEEFBE7880632BDEC4C4DC1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589625, "uuid": "18636bd6-eb70-459c-8d49-561b57dd59c6", "value": "f553b8ac04465266a97d8a15318f0208", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589625, "uuid": "755ec6db-556e-427a-98a2-ddbff17f4247", "value": "3072:cJZrbI3lcyqFAjaERsMyvUOd/e4SB3ILwszrsvNrB2Oiecdygas:MU3iAj1Rs6OdGN+sSeCHV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679589625, "uuid": "753d2387-8654-4490-8b7b-d90722628bbf", "value": 336312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679589625, "uuid": "facba6cc-54d6-4ca5-aa86-6038159750ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589625, "uuid": "24662b62-f190-4fc9-a427-d334fa22f982", "value": "0accf3955609238499bf6b47994b4e5e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a4fca6e-c941-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679551911, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551911, "uuid": "50c05fc0-6aea-4852-8069-681fdfedff28", "comment": "Malware payload (Gozi)", "value": "4571c088033c1b952cc7a47d6d912ccf", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551911, "uuid": "1023ec85-8a83-4740-a204-3511c3abedf9", "comment": "Malware payload (Gozi)", "value": "5fff289b5afb58911385428f650b19eae8085e8261d283258500360b1747e0a8", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551911, "uuid": "bfe8f6b2-8621-44a0-a237-74bd8c2307bd", "comment": "Malware payload (Gozi)", "value": "5ea33a903ab401f3df83458270249486f10b5788", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551911, "uuid": "83dfeacf-341d-4891-a84a-c0637743b337", "comment": "Malware payload (Gozi)", "value": "fd1eacc31877378acbb02b59d7b2bd98bb2eaff7cf32fd4225138be1ed7b894cbe82e985c6ca8d0b363bd10e92fc6dd3", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551911, "uuid": "02dab191-e13c-475b-ba63-3406efa366f3", "value": "T1E0C02204C70E80A9C042480A9058BC08AD0EB00418EAC81C5280DA8B5DC00CADD08AFF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551911, "uuid": "e0d18de5-b8f0-490b-a0bc-b5678e2876ea", "value": "3:HRAbABGQEb5oQsQaGalpQKAXWkAoIvycAI9RyJ25YdimVVG/VClAWHn:HRYFJb5bsZGEQb7NIvyc1yc54vVG/4xH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679551911, "uuid": "29fe4592-6b45-4696-9ffc-60154cb616eb", "value": 189, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679551911, "uuid": "f57309bf-d1e2-4146-9720-0b0db4b203a1", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551911, "uuid": "c09e1fbe-e1bd-4055-abc5-dc191fbd9e93", "value": "Informazioniurl", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a9dfda1-c97b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1679576608, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576608, "uuid": "c3fd7aa9-f221-4809-be3d-09da2472cc95", "comment": "Malware payload (Rhadamanthys)", "value": "0da8ff86305920cfdb0ab123d45ffa9d", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576608, "uuid": "504af85d-3d3c-437e-9289-de6ef8075c6d", "comment": "Malware payload (Rhadamanthys)", "value": "60289bfd6a3a67726074cccced70f113419fea3b76c00855fb7dc5fa332d3f7a", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576608, "uuid": "b2ab058c-f5a4-426f-b402-ceb864d42621", "comment": "Malware payload (Rhadamanthys)", "value": "aa31cd0743a25e2f7b4f4f0a217553afdb8e2678", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576608, "uuid": "f2e09dc4-a6ce-41af-b3e6-96ae9259451d", "comment": "Malware payload (Rhadamanthys)", "value": "0e320fb7dc4f3943b94d278da7c1df72c51873f6e5a0d9eb2e56f45f5595dd3d0a891a35995b78e0ddff69e02737f286", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576608, "uuid": "698b05c2-3fd7-4ac4-8f2e-1395f3b9b91c", "value": "T1C2D55AF15283FE85E3BF1E61C04436508D2054A79BEED788FCC5299BA6A9720DF4C6B1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576608, "uuid": "ec59d867-f74d-4bc5-95bd-688f66470051", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576608, "uuid": "0b6849ef-bf8a-4e76-90dc-6ee41c9889a0", "value": "24576:cY1WguK2pXcwC2BTPDLk4U1sFq1v1ZsCgz/Ktu1Dze6HDpLCbJzl7PELTs5KzC9a:QeQC2BT7UeFqZsCgLTLOXfNMd2u6G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576608, "uuid": "41e25947-dd0a-4c6e-876a-7a19a42ea4e7", "value": 2925568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576608, "uuid": "b83337bd-856d-44e9-8bda-4153fc7554b3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576608, "uuid": "470cf42b-6470-41cc-9b14-b1d91f790e6e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae40a50a-c964-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679566977, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679566977, "uuid": "83491718-a7c6-4310-a364-95a16871e558", "comment": "Malware payload (Quakbot)", "value": "4c4d1b3f9a985bde0a8bf47bf75e9491", "object_relation": "md5", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679566977, "uuid": "bee68a55-7626-4177-8721-609ba1282792", "comment": "Malware payload (Quakbot)", "value": "609613d2c53d8c96de08d80555e0f2632712abc90891bbe27cce0398e9ee96cb", "object_relation": "sha256", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679566977, "uuid": "8d97059d-b8d8-4555-9710-615b960d647a", "comment": "Malware payload (Quakbot)", "value": "e1ceb0795e63b962873105aaecb8f74c88ace3f5", "object_relation": "sha1", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679566977, "uuid": "9c728134-7cf8-46fe-8acb-c7cb3fc69367", "comment": "Malware payload (Quakbot)", "value": "8ecb8914b00c13e64e5d36f923aa0b7f63a0f7372d6ac65619665dc94b892b49f17d157211a3d3c8c722565f5073f780", "object_relation": "sha3-384", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679566977, "uuid": "d82ee8da-8398-4c2e-ba69-7e2f0c722507", "value": "T1B773C66019B713111627B9A7572F9250D5EA1A338604E907FC0EB245FFEE81EC1EC9FA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679566977, "uuid": "2e9a7e90-b0eb-461a-9fef-2646f37ff9a8", "value": "768:raPHgmYgGHeovRGXUDWpHa3Sn+Vhjc+EHqJcxbHT6TOyVltxJVpCraImYYA6ZCeL:ozYg0fB40/EUGzgppCraZ1Rnb5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679566977, "uuid": "87af6182-4555-4db1-9122-e29a7f03cb6c", "value": 74028, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679566977, "uuid": "8eedd68b-c2db-44d6-865b-c3e76f8323e5", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679566977, "uuid": "595ff7d1-ade1-4ff9-a2a1-fc48247b2eb6", "value": "Zeo.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "072a15e4-c94c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679556389, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556389, "uuid": "593d5627-2f5d-42e7-8cbf-b0964422c66c", "comment": "Malware payload (Formbook)", "value": "d40c752afda958acd686a4cdc7d6ae9f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556389, "uuid": "3cb6fb2d-9038-4b3d-b542-7c32b286514f", "comment": "Malware payload (Formbook)", "value": "60d85cc9cdf5ea1c43d698843974eb8ed2a5acb05443ab1a0d24e237438a5b7b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556389, "uuid": "accffe56-89ec-4f62-93f8-d045bd4190e5", "comment": "Malware payload (Formbook)", "value": "026b08860087225aef946bf2d57659c9fb839287", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556389, "uuid": "4ab38c00-c80c-4f3d-b8e1-8cac79b758f2", "comment": "Malware payload (Formbook)", "value": "5f8f036119b7339b77cd9d0fa1ec75689eeda881365e2482de389d38a8084f1c2154fd3bc220a5e498feeb8fce49fb5e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556389, "uuid": "8720f2e1-5ec7-44fb-9509-1d45dd8d80c0", "value": "T1804412273BA1E4D7D6526E321C7A3B622FFE6C1A049CC30F53A25E8EB9115416C18B77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556389, "uuid": "0495fe2f-a575-49fa-b9a5-c7809fd75dae", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556389, "uuid": "b29b8e10-d891-4ddb-8fca-d03e12cbcd3a", "value": "6144:PYa6FB67K+gdNGetVdBOrpZWcTUDMDJ+p5lAlnTnc4gexmTnQvx:PYPBKK+ylrCpZWdADJYalTxx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679556389, "uuid": "f4541004-6124-438d-98d9-bde3546286d9", "value": 266130, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679556389, "uuid": "f038740f-ab28-46c0-8bf5-7ab487ad6bc7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556389, "uuid": "6f16d7d9-0f5a-4790-8138-8334a6b8704a", "value": "E-dekont.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6fc9e781-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload (STRRAT)", "timestamp": 1679583193, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583193, "uuid": "25ae16c8-5da1-41e3-9976-cfca90f04611", "comment": "Malware payload (STRRAT)", "value": "12e5635f742151f5c7763045822b9d7b", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583193, "uuid": "060ef926-e79d-40da-a82e-18d3739bbc9c", "comment": "Malware payload (STRRAT)", "value": "61a4a625537474db032acc1d9db990084b3d31103b06dc4dfadc659e167eb0f9", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583193, "uuid": "430626e6-cb67-4734-a0a7-9501bc0cccc5", "comment": "Malware payload (STRRAT)", "value": "341b0f6822e4b3a2311994d931b40c81bb635311", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583193, "uuid": "bd1a5c16-7512-426b-8cb8-7142bb0cfa9a", "comment": "Malware payload (STRRAT)", "value": "fd373d2f89e22dc167011519bdf362591cc8fec6b8dade1b64aa7907a1199853464227744e7a5a5deadcb4138b326529", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583193, "uuid": "42bcd04f-3892-40db-9436-a96952957e94", "value": "T1226302117FE282FCD00BD57AAC2DC5265DACA5C440B3AA375BFD82D4D86181E3B73895", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583193, "uuid": "7ffaaed1-55fb-4a56-87cd-b3c6b9089396", "value": "1536:LP9TprLUOfEYJFyKGpbTTr1WFpSoY6hHwbLDUGFwE/DSOkPg:D91LoY03r1WTSKqjHwYDcY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583193, "uuid": "e2e3c8eb-d628-4232-8158-609243acd904", "value": 71627, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583193, "uuid": "24b50127-5cb8-44e0-b3a3-d7eace21dac7", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583193, "uuid": "84b57d42-c8a9-4934-a81b-d33d6083477d", "value": "DHL75600876554.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28dbe22c-c9b1-11ed-88f6-42010a9c006e", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1679599825, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679599825, "uuid": "1b405152-c40e-4725-8fb4-8e29e00e2fd2", "comment": "Malware payload (Rhadamanthys)", "value": "fb94349c162808651fb84b58e6881eb0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679599825, "uuid": "6e8028f7-cc3c-472e-ae3f-bace26c37aee", "comment": "Malware payload (Rhadamanthys)", "value": "61c1afb652593943573304f3a7c94c40a68199f2f40d4c4ea55967481a182a8e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679599825, "uuid": "0cf6ec36-6188-49c1-bbb8-5f2a7d3014f5", "comment": "Malware payload (Rhadamanthys)", "value": "ae4dc3673f58fc25f5455d384e2a18f37a5abe6d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679599825, "uuid": "6401ce5f-3ab2-4043-b800-0ecf25ae2766", "comment": "Malware payload (Rhadamanthys)", "value": "fb301d069676d8ac7a4a717a4656b87108574c6e4b76d9a05ff3222200cb08bafe5c89e08f7c8da2645a9e94261a38b0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679599825, "uuid": "1e294451-8517-4b97-9fe3-0b22ccf12132", "value": "T10344CF3232A1C833E55705789862CAB46A3FB8715B5D82C7FB8452AD4E317F29E36346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679599825, "uuid": "73ee5517-eb28-439b-aebf-cd2b5d871357", "value": "1a1f360ce6c706ec6136d71fd36c1fc7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679599825, "uuid": "61f7a091-0296-498f-b530-312bc4a18d4c", "value": "6144:2KV+LtqiuSJ4TjY6qDvH+tK0ghjLRo8Ll/:NV+oiulw6Iveg0ghPPZ/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679599825, "uuid": "9ec17c1d-2fdc-4ee0-9083-1c77216ff779", "value": 256000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679599825, "uuid": "52571e77-fe20-4c40-ac6c-c1166f1a2465", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679599825, "uuid": "ad363b4e-9c09-4dec-b7af-70e453c7b5b9", "value": "fb94349c162808651fb84b58e6881eb0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b224892b-c964-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679566984, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679566984, "uuid": "77c0fe43-813f-48b1-917e-831f05c341c8", "comment": "Malware payload (Quakbot)", "value": "39332d5ae3d37b3b6a398d08d09a727e", "object_relation": "md5", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679566984, "uuid": "35f64ee4-1aaf-4db5-b0da-2495ee9940f8", "comment": "Malware payload (Quakbot)", "value": "635178b2a4f8644dd13d05d65c33ff801a5fda38bffaae838e2f6f994f48ded6", "object_relation": "sha256", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679566984, "uuid": "75169203-4a88-49ab-8d60-56c3578eec0c", "comment": "Malware payload (Quakbot)", "value": "51d88840bfa568139255c4442ff0f5ee5d15cd34", "object_relation": "sha1", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679566984, "uuid": "20992067-3de5-49f5-9408-fac90a4da0f8", "comment": "Malware payload (Quakbot)", "value": "a697bbde435f3d3a8d57ab592c1641880d83f669c6fc460dde3df4d6c5c5c8e22b0741d902392d84a511d4e52a111aac", "object_relation": "sha3-384", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679566984, "uuid": "110431ab-5f7e-4943-b2a2-ad80dd118df9", "value": "T19144D001F9C08232E4BF157A8EBECA7C965D75005BE199EBA798107E4F246E076305AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679566984, "uuid": "c50e4590-017e-4c98-a9e2-146c9b33035e", "value": "ecf8c50c00e92a66342ac4c56bc8d1f7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679566984, "uuid": "b63a8d00-3be9-4287-8de9-1b96e49ef167", "value": "6144:woGZATIJ/rRDAmZ0CI1jp8qTiAS1fW0PBJ+Y:woGGTM/hnZ0VayYv+Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679566984, "uuid": "43a2899a-be5e-4a78-bfdb-4f6f0d48a73c", "value": 270060, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679566984, "uuid": "ad274f09-b785-46ed-aa64-b201b73c2474", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679566984, "uuid": "7699afb8-0d52-4de2-82cd-970da3d6f10a", "value": "walpoleanAfghanets.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1044d15e-c91f-11ed-88f6-42010a9c006e", "comment": "Malware payload (NanoCore)", "timestamp": 1679537077, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537077, "uuid": "6ebc61f0-c45e-4ba4-8b50-dc3c6614d233", "comment": "Malware payload (NanoCore)", "value": "dedb988541ad7306237a7d5fd8fe3ebd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537077, "uuid": "7096ecea-5840-4125-948c-1fdd962e89eb", "comment": "Malware payload (NanoCore)", "value": "63cfb81660e9653af5355e501c2febe38e5fd01840e8ae389fb5750c1812d374", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537077, "uuid": "33597b20-d3c1-448a-b39e-c7bb82db2f6c", "comment": "Malware payload (NanoCore)", "value": "627284d05db3ed4b5b5d06dd16e8f1f50a5bc828", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537077, "uuid": "e3b77696-ed04-4c32-aca1-ff2cf3234ceb", "comment": "Malware payload (NanoCore)", "value": "526add67a2665832e87de124fdb0235afc3603a3aa76febb36d8acc8b72a9d080f4102382abad8e035156370e22f2ec8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537077, "uuid": "0f398283-4a12-4252-83cf-d1b6afb60bb4", "value": "T10C14CF5537A88A2FE2DE9679611242129338C2E3A8D3F3DE28D415B79F667E50A070D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537077, "uuid": "0131677a-cd21-4561-9c0d-512cbbe5c444", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537077, "uuid": "8d8c70f5-b3c9-43a6-92ff-3227c6c139ce", "value": "6144:wLV6Bta6dtJmakIM5ySxxV2Pvj3Y+w5AV:wLV6BtpmkY2PvTj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679537077, "uuid": "c84c17d3-8dd4-4f63-9041-0f95df72e968", "value": 207360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679537077, "uuid": "59e29ac6-6290-45d9-bab6-daa15378d3d1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537077, "uuid": "63761e06-10ce-4bb7-b430-5665e68db281", "value": "project v.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b9ae907-c9b0-11ed-88f6-42010a9c006e", "comment": "Malware payload (Guildma)", "timestamp": 1679599373, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679599373, "uuid": "9bdd442a-7b07-4616-af55-51bfe39c0310", "comment": "Malware payload (Guildma)", "value": "7194dffb659f1f774aaffffcfdb46d7b", "object_relation": "md5", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679599373, "uuid": "d7d5bc46-4e6b-40e6-8945-187a715b68f8", "comment": "Malware payload (Guildma)", "value": "64aa1c8bfa1fd4d8a64a70c4d96f8309bc69bbee997b7e83c3b70074c2823337", "object_relation": "sha256", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679599373, "uuid": "67cf96ef-ea81-44b4-8761-29676e61a547", "comment": "Malware payload (Guildma)", "value": "c616efde5e37453db533e512be73c88faedb7c81", "object_relation": "sha1", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679599373, "uuid": "b388b1a9-df4d-46e0-a97a-21a5dda4ef87", "comment": "Malware payload (Guildma)", "value": "cc651d255d40a467ac62d5a44115551f15827f7c75b1d37cc3d3fefe49d2991aecbb4059944063c57c1d81290a953e65", "object_relation": "sha3-384", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679599373, "uuid": "3c09d856-cfbc-45c7-b212-f1828004c098", "value": "T18FE0720AB0A43931888C2A08ABDF2F8318D9300218A0AC0B3FCFA322C064E84920CA41", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679599373, "uuid": "50f255b9-d7aa-4b0f-8a98-5531512327ff", "value": "6:SGIfGlkysncgGn8UsIjdjML2RAOmqr5FmsXeVGxogmWG4lSYj4WgBAznYqyP:QgkrnSBpjdjML0AOmqrLm7VGrbvIYj1K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679599373, "uuid": "96baf44d-41f1-43da-a84f-8fc589e06e23", "value": 309, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679599373, "uuid": "ab085428-abe5-41c1-be49-eb603e767032", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679599373, "uuid": "26f0a245-d53a-4d97-b069-643e1f597669", "value": "ArquivoXMLNFSe66444742_501.69308317.035207.41751.cmd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "46a4a866-c914-11ed-88f6-42010a9c006e", "comment": "Malware payload (CoinMiner)", "timestamp": 1679532444, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532444, "uuid": "0e822be5-1a15-4d1b-9c41-699a2b6ac5ba", "comment": "Malware payload (CoinMiner)", "value": "4acf787852c76b1d6f0d6a655e397599", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532444, "uuid": "e4a40a02-b9b9-4425-919b-ef908a0ae71e", "comment": "Malware payload (CoinMiner)", "value": "64c3309f6d6f124660b621afa2756e9bb38e6f5e0484296004d49af1a1a428d6", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532444, "uuid": "ce4cf7da-3822-4275-a283-e8df89c7431b", "comment": "Malware payload (CoinMiner)", "value": "ceb7f1081dfc1c8cb451556aa78e6b25d6989b83", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532444, "uuid": "b28c0de4-d713-4f3c-ad9d-6c847aae3773", "comment": "Malware payload (CoinMiner)", "value": "34d9ca54073b854383c55dcfdbf62978f106d08b025e1a7833fbb16e8e2275a8217ae743d9c50d7fd521b8516b14e05d", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532444, "uuid": "c2d2bd94-afe4-4401-8c8a-0b25184b434b", "value": "T1866533EA29B56D43EF3E4230552094A30936C3791CD9C527F87850A93EE37D1B63C6AE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532444, "uuid": "96a21195-b99a-43a5-b3d2-ba89898ab84f", "value": "4e7985092d46eb55f0c6d62c8dfe0bf5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532444, "uuid": "a63f9564-ea74-4279-a0a0-ca5cb4df7502", "value": "24576:oPK2rFv42rkotEqqaOspa7ce99XL5Vl2Fgb5048cXfoe8UPN:oPK2b9tWaEVBL5Wyb5LdfCw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679532444, "uuid": "b4db0bf4-584a-4bd1-80cb-7661bdefe68b", "value": 1535360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679532444, "uuid": "aff7b95a-f11c-496b-b910-8fb547f8fbea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532444, "uuid": "bd728a45-8b49-468c-9e18-12d9d00b74e7", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7b1382a-c942-11ed-88f6-42010a9c006e", "comment": "Malware payload (RecordBreaker)", "timestamp": 1679552444, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552444, "uuid": "5eab9536-90e2-4c9d-81eb-bd883217e73b", "comment": "Malware payload (RecordBreaker)", "value": "5581da534043fc10507cfa13357f2876", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552444, "uuid": "2d02f9dd-b5b3-43b0-b6ad-eeba13db0484", "comment": "Malware payload (RecordBreaker)", "value": "64dda7c8105120218fe71c334ed0bdc5690333c40699ec0246a0a8dde6804e29", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552444, "uuid": "8cc7ab7e-6de0-44c2-b70b-da94e1dd14ef", "comment": "Malware payload (RecordBreaker)", "value": "ddf9af0706ce403d94358e0677855974900a987e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552444, "uuid": "f4e0d96f-f37c-4868-bd8a-0e4245286998", "comment": "Malware payload (RecordBreaker)", "value": "addf909d872088b27b70cdca16b888242e6c796a511309dcb24f5b294b4e779c9a2e352f8e2b49f1bafeaa5752a20825", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552444, "uuid": "14801e84-ab55-41a9-8321-6065ffec973f", "value": "T1AE2716A8DC2D3BC6B3EB9329F81094749E944C7F99CA6017B0679B20043F7861A9D77D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552444, "uuid": "4ea43963-96ce-48d4-92a6-a030d2bc7702", "value": "00de631d57481fec13b7898c99324f13", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552444, "uuid": "b8684a57-278c-4c73-b655-3e7d5db389e3", "value": "98304:3Vde8FivCeGDRsiSc/XBgZrzyWGgRSL6O2jSk6adBNWuz+VRD0MbQe:HZFwAur6XBazEgRSSjS5aT1z+/D0yQe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679552444, "uuid": "b0a1d569-6a58-426b-9b35-431a3d9ad488", "value": 20967771, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679552444, "uuid": "5fdae43d-c503-4197-9352-a6229ac211d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552444, "uuid": "90dbbcd8-56fa-4d69-bc3a-cf4708b78c29", "value": "5581da534043fc10507cfa13357f2876.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09649de9-c94c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679556393, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556393, "uuid": "fd648250-b7b1-42a9-97ba-0500132337f5", "comment": "Malware payload (Loki)", "value": "e5987ab078acd465d3f07452734a49ed", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556393, "uuid": "b416c37c-c741-4042-8061-48a9a8f7bd94", "comment": "Malware payload (Loki)", "value": "65228e6fead76db6b9396cae42183af2700f2c1274f497b6d2579ffa77f2d635", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556393, "uuid": "d8f4394a-bec4-4a19-8303-5facd5810278", "comment": "Malware payload (Loki)", "value": "bbe72ce91ebaea623e6fb760522296bd12b8b10d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556393, "uuid": "906894cb-438f-4de7-bf45-acd93e12c8a1", "comment": "Malware payload (Loki)", "value": "5ec8d9ca4328e54858fdffb8c4dc4f4866a8cb7be86b2c3a4b9b72119c69466378e45787065eab949d70b8df44ddffc0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556393, "uuid": "1bed2a53-5974-4342-854f-ecd43919ef4e", "value": "T1C2154B40EFAA5560F01044BA216B7D5FCD51A88E98EDFB6E190FEF31F5E221D1D82E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556393, "uuid": "3c76e486-17fe-419f-bf1f-e825f5d47453", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556393, "uuid": "54b6cfda-50d2-458b-a6a0-e008ad15c0b6", "value": "12288:8QaP/nm3g6K31E5LetnmMwpXkHIhMLRrMhSRVddViRjP/XvxiLATAGn3WtNmBNaj:8QaHnm3iliLUmhtf0RnVjER7/V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679556393, "uuid": "6a806be4-366e-4342-a479-3304a0335619", "value": 891904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679556393, "uuid": "f1348656-0480-4036-b341-5b7c5bc8fe61", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556393, "uuid": "00b1a187-28b7-4734-b4e2-5d38036c8bbe", "value": "FedEx Receipt_AWB# 7715961460800.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1353481-c999-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679589772, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589772, "uuid": "18d2df75-8564-4078-a0d9-08fa61098907", "comment": "Malware payload (Mirai)", "value": "db83dad13a178858a1ce757e5465d00d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589772, "uuid": "a006e196-1351-482f-911d-9158bf475a7c", "comment": "Malware payload (Mirai)", "value": "65378bb25832ecd91b59d85241a9e3a1e1f56965a7ea8df8572f4528dd52f3cd", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589772, "uuid": "03c69796-59ae-4778-bd9c-f1b3bc5eccf0", "comment": "Malware payload (Mirai)", "value": "395ca7f857dbc9fb4b87e371179e953f834a98f2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589772, "uuid": "e52da57b-23b5-4ce9-97b6-d6479a38f86e", "comment": "Malware payload (Mirai)", "value": "df85e68b816718db597b357f7be133a2a471a61216fc47e9e58c515398ec40ec1a214cf87ee8318cd62ab4704af8a4c9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589772, "uuid": "b4570bc4-d3dc-42fc-97e7-4d84fd2eab15", "value": "T1ED5371CAAE613FBEF3C9E7B8DAF3DA0055E7129197E18181E0DCDD4149297C8684E358", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589772, "uuid": "940a0d9d-7047-4575-ab18-0b9f657dec46", "value": "768:rVcYpMQfnT2xOlnO3b3TpQXRn6iGNoFWFsXEaFkEdEBF0FCBFKAFp5ZfxiolqZOm:pcYfGWXGNnEsZsoKkB6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679589772, "uuid": "d38d839f-a161-4fd2-9c75-85c41ac6cdee", "value": 65135, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679589772, "uuid": "d0cb7065-1a30-4069-b2bf-bfe31cf4a7e8", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589772, "uuid": "1f0fe253-796f-480a-85fa-9a65df58261c", "value": "db83dad13a178858a1ce757e5465d00d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64cdf236-c9cc-11ed-88f6-42010a9c006e", "comment": "Malware payload (CobaltStrike)", "timestamp": 1679611522, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679611522, "uuid": "9cd8f1f9-49ad-41b7-a49d-4a7fb9e82d5d", "comment": "Malware payload (CobaltStrike)", "value": "1d1d39d7fb96291f3594fc6cacbe3c8a", "object_relation": "md5", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679611522, "uuid": "29cef146-51b1-4ee2-a8cf-8e9d0903343b", "comment": "Malware payload (CobaltStrike)", "value": "6545de8aaa1428dd634c31d5205360a32f0dbc3c81bf1322ee0441f97052b4fa", "object_relation": "sha256", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679611522, "uuid": "885072bc-7a66-4500-9d62-eace71a73c85", "comment": "Malware payload (CobaltStrike)", "value": "0140ae80d8abddbb12582ce734016833b2871e36", "object_relation": "sha1", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679611522, "uuid": "a1e114a1-3b4c-4c21-9d35-f67494aad0e7", "comment": "Malware payload (CobaltStrike)", "value": "4d2db20446c3abdda18c7581a92bf86bbbf70a3872618375108bd52dd80dc49b0550729efb62276501aa361bdade825f", "object_relation": "sha3-384", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679611522, "uuid": "73e8afa2-1823-424b-9b56-43daa8b6c90f", "value": "T101548DF67562358FD38C8A7D816FBD5DB389A4511CCA9121D7E05FBA1C313ABC239288", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679611522, "uuid": "5acc90e1-151d-4359-9274-3e5619e7a6c2", "value": "147442e63270e287ed57d33257638324", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679611522, "uuid": "c16e9a10-3f05-4ee9-a272-2c3adea2b6ca", "value": "6144:FOVvYTxgagIKrD8Pe3EbKS1aWk2/dS/UdaVHynV5axiNoZ5XHddG:FsYOagIcYPeMKS1arn8sVHynV5axiNwM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679611522, "uuid": "8315aa0c-d5eb-4561-93e5-b74d6d7f265d", "value": 295936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679611522, "uuid": "3350c8b4-c108-4fcc-b645-c5699dccc1ec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679611522, "uuid": "e6b71923-d876-44e3-b30a-16ba8036be41", "value": "1d1d39d7fb96291f3594fc6cacbe3c8a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "970b9fb6-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679564361, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564361, "uuid": "b9131a54-2efd-473e-ab32-3ef1c83bf356", "comment": "Malware payload (AgentTesla)", "value": "15cd1325eb044ad633c14eaf619ead83", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564361, "uuid": "5dd24d42-f353-414b-bb20-5c68fc150aba", "comment": "Malware payload (AgentTesla)", "value": "66bb9178e04735a8d6ed61d98dbf834332c4425f7d1858b613d1464e5b43eed7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564361, "uuid": "f08397b4-331f-45be-b00b-3b32337d33e9", "comment": "Malware payload (AgentTesla)", "value": "d5aff41be379cd63474d142debff88e4a74924d3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564361, "uuid": "51381f2e-11ef-4058-a88d-df1c7a2d7c68", "comment": "Malware payload (AgentTesla)", "value": "f9d237b69d793c120344d3a9665ca681a1c9bb8547b42579ddde71dbee5b407c718f0a06c433bf7cfbd674b885ff15ff", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564361, "uuid": "131a71d0-2cc3-4452-9a60-97eac8ce16c9", "value": "T12CE423D0F69976068ACFCB3D5C6922929608550E72749F2F3DDE1CE8D3A74024FAB135", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564361, "uuid": "fc65fa35-857a-42e6-8faa-a75ae260b16f", "value": "12288:WktAPpM2gK+AM/l52TC0teBVbPiOo6T6t+t8ikcOWOxhky:W8APpM1Tlc7yVbro6YYkcOGy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564361, "uuid": "e36ad084-7d5d-4fa4-a497-eb89b2c7fd11", "value": 720929, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564361, "uuid": "38361656-c1f0-474b-9779-20343b5d8e99", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564361, "uuid": "ade2cb5f-4eb5-4f10-8afe-728e509039db", "value": "QUOTATION REQUEST 80899567.PDF.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d438bdc-c91b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679535381, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535381, "uuid": "95daa017-8eee-442d-b2d4-5c5e83ac2ccc", "comment": "Malware payload (Smoke Loader)", "value": "fac44d1553d124a0a377e00558b67351", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535381, "uuid": "17603e01-b883-4217-a003-e6d90e6e6070", "comment": "Malware payload (Smoke Loader)", "value": "66d3dc4769df6c2742538047aac4512179a40343aec251a11af8d99be854df9e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535381, "uuid": "2277c8c9-c3bd-40be-a09d-4086c7d5b28f", "comment": "Malware payload (Smoke Loader)", "value": "10321b28897423361d7eaba6799f457baf78e254", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535381, "uuid": "0972c46c-70a3-4a94-bcf0-9da81854ac88", "comment": "Malware payload (Smoke Loader)", "value": "720f01cee91d2e764c8b4cee398d63fb8b0671a802a03a85671f45cc5d622ef878bcd228f6d016305f2102f69f5ff31d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535381, "uuid": "94e8716a-790c-46b5-a73c-02ce9f841645", "value": "T17F746CC253E16C20E6124632BE1FC7F42A1EF8619E55BBBE27596E7F08700B3D162719", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535381, "uuid": "869af945-bfc5-4c78-bee7-ece0d15f7cea", "value": "cc53b13062b266a67f6f160bc15b424d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535381, "uuid": "1378bef0-1b1b-412e-acd5-4b1a1a97ed1f", "value": "3072:T+lMlkw/wrkUjuEIouH4D/xyp+4fkXvUbmT5rO+3H1gwn0F:scAFIoqR+4Qc6TwE1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679535381, "uuid": "09969a1e-ae99-4521-8f5f-68fa8e69468f", "value": 368640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679535381, "uuid": "b44e6a29-05c2-4a07-9781-0aede568270b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535381, "uuid": "3710bbde-7795-4273-82b3-58c60d1f0ad0", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5750480d-c9c5-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679608492, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679608492, "uuid": "e51732b0-df0f-49ed-8e03-119400d91142", "comment": "Malware payload", "value": "b2c125312b7ffccc86d68f60ca12fa99", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "smtp", "colour": "#E64C5D", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679608492, "uuid": "6c14d1f8-3103-4961-9dfe-5041f667c3a2", "comment": "Malware payload", "value": "68c700799af4a02cb8497749156484e30999c45e4e4ea38a888ecf41f75b8c6c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "smtp", "colour": "#E64C5D", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679608492, "uuid": "1c61ed69-4ef2-4bd8-a364-06df37ba818d", "comment": "Malware payload", "value": "70200f37838ff5570aa813e7e942e99445b93810", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "smtp", "colour": "#E64C5D", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679608492, "uuid": "e718a3b3-bede-456e-8654-c0014e89f123", "comment": "Malware payload", "value": "0b37785b38874c064b5c689ed7e97f30a280dda3d968c55b2f5405cff762d9a33401f28d7c18928834b28d579bda3b04", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "smtp", "colour": "#E64C5D", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679608492, "uuid": "ea6e3224-a6bf-4131-9076-780c9acb90af", "value": "T17F12B024DF48079278666A15858350ADF66DF70406D2C2F8BBB547B3E0BCADADF409F8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679608492, "uuid": "4d7a9654-cfc4-4d82-9300-c13d5e97f9ae", "value": "192:0le7+yNX06UCyjRds4s7XcK2pHeV6z8ePfQg1GziwbEdUG4o/i:0linXxyXtp+sz8AQgiiIEmDoa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679608492, "uuid": "84d84142-d1bc-42ee-85ca-fc04f2aee780", "value": 9342, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679608492, "uuid": "11f0ec20-8814-4432-9c99-85aa91150cca", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679608492, "uuid": "0b914166-e86f-4b92-9646-7663574556e1", "value": "Prices.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4b150995-c9bb-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679604177, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679604177, "uuid": "a1d09b59-8920-49d8-b8e2-c1ceea40d83f", "comment": "Malware payload", "value": "e300a31c3170e1a9d6047f542a93caa9", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679604177, "uuid": "9ff42337-1253-4d4e-a56a-d95dceaaff31", "comment": "Malware payload", "value": "69f247656d4f7538c6e7e8200bb67082b3e84fbcfd6302c7dadde5f61a6f6c3e", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679604177, "uuid": "3c6e0ca6-d3eb-4f9d-9555-422e4b40d25c", "comment": "Malware payload", "value": "21a1d5d8c9508f0d67d82a2ca903f5c2bcb6f895", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679604177, "uuid": "544347f7-67a4-41e5-9fdd-a907e9aa923e", "comment": "Malware payload", "value": "46efd7efd164c3a5ae74582b9666e0446fe2a44244face843d1fc6c64c13868df7fb492a6d3cf45019c44b531a585fe3", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679604177, "uuid": "06d89415-8547-4207-8468-fe37de1ecf2e", "value": "T1B402D8F630C9A99873FE29B1EFA44B1DA70DC2C9230ADAED5C6462815C0EB67C861157", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679604177, "uuid": "c786d375-057e-4da6-a761-4786d1c3f69b", "value": "192:R+KTbcFcVQovkKIX5VS3MozuYnaFedgLWKAgib/BLirft/V:RlTccVQovdaRoqYpYSkrFV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679604177, "uuid": "dd60156c-1f29-4b22-add6-2c59ebab004a", "value": 8828, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679604177, "uuid": "3532a568-215a-4d74-823c-64e1fb1827fc", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679604177, "uuid": "56324b32-5cde-4491-9f73-64bb41034e0c", "value": "69482eb9-a63a-4e2b-914a-5f1a4e81ab92.cmd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f12264b-c991-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679586279, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679586279, "uuid": "9c526594-0cd1-4805-9750-1fbd88acc3ae", "comment": "Malware payload", "value": "37125863a70973be2270df522b047372", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679586279, "uuid": "9d0107d5-2089-4577-bbb4-324373395fd9", "comment": "Malware payload", "value": "6a37f2514c9270f8da4377297dff960fa1062e10d423712235a958c2f3b98c23", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679586279, "uuid": "524ebcc1-b770-43e9-9381-fc43452eb86c", "comment": "Malware payload", "value": "3a8c8a7e97e6458ab2bb1f63761da91aae44a5f2", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679586279, "uuid": "884422d7-b193-497d-a828-e68e9873c2b7", "comment": "Malware payload", "value": "c6c8ac343776582c5d37fcfb01fa702b82a6c070273ffce257d02fc743b5cc75bd34289223d2b0f22c8de9ba1c6bd1d9", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679586279, "uuid": "dfecb5bf-957c-437b-8e38-86bb44539848", "value": "T1E1D2D12DD5348439DB82863EE26A6BF5B29C14894BB0EC9E0531F0CD5DE4F137794E98", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679586279, "uuid": "6605f55c-b439-4bbb-93c3-270504a1184b", "value": "768:BRp5fbZRhROvziE8fpTARzEfZGHMym1oLam:BD9XTYziE8fpTARzEfZGsqum", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679586279, "uuid": "5895c044-3801-4bf9-b96e-33ef7c6e1d1d", "value": 28825, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679586279, "uuid": "8158a2c7-5fb8-4ed4-92c3-27815f6c5dbb", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679586279, "uuid": "e594d74c-fbf5-48d8-9806-ba8d60d630c6", "value": "Nizar_Java.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5a3c01b-c980-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679579069, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679579069, "uuid": "63c23373-8ac3-4a6f-a64d-dc2d7e6818f2", "comment": "Malware payload (Heodo)", "value": "dac7d0750ed42258de8d80aa478e9f93", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679579069, "uuid": "a3fe8da9-207d-4e3a-a5f3-0a2320300e9f", "comment": "Malware payload (Heodo)", "value": "6aea832b89c99fc342381a418d21ac9b06204eabe8c5459874c57bf8c54c197d", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679579069, "uuid": "a1fa9e30-4e26-4e70-8b59-18059b09b968", "comment": "Malware payload (Heodo)", "value": "a33969bf6233769bc05b090e1e7a59209a683b6a", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679579069, "uuid": "a82338b2-8fc7-4d7c-9243-75dafdc0a6a8", "comment": "Malware payload (Heodo)", "value": "682e088a6a63cff46f68f36adc1c2b3c5167026eb09ffd73f582b13755c23695dd60b1e3c256f3a802701176cd04dc9d", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679579069, "uuid": "ca8c38d4-108d-4816-a33b-81981cdb7d69", "value": "T13B2523E059F82941CD0E0C35E92A71BD92BC31666EDD15E633BC3CE5A90EF6842126B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679579069, "uuid": "96a5d4ae-b984-4060-8ab0-b578f5001b22", "value": "12288:okf5dOzheNdckFRKluvnRHXdhbDHfXZX1EKdxKmSTH4dex:rXzNdfKluvnRHthzfoYxJla", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679579069, "uuid": "a61941f7-bf07-4956-b88a-c6bb1eafeee8", "value": 1002166, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679579069, "uuid": "acae83ee-f033-417d-9693-31a6310de1b8", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679579069, "uuid": "125e9bb3-f5cd-4d67-abdd-3b8187b41c83", "value": "enbg2jcZcuSzip0Bo2fIQdM4fi.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4f32e669-c97d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577555, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577555, "uuid": "96647e96-ee27-45c6-ba61-f62e70977049", "comment": "Malware payload (Gozi)", "value": "88e4737e0958c2690881a3cecbc90ae8", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577555, "uuid": "43a5fc9b-b62f-412b-896d-c5e38f51c05a", "comment": "Malware payload (Gozi)", "value": "6b333ad0160eef2f21e909f995fd113e860c1318d58db94feab4016c8bbf18dd", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577555, "uuid": "71b14155-0d0d-4537-b82c-92ed0262c585", "comment": "Malware payload (Gozi)", "value": "262e847db175436d50c55fbf2a9c6945cacc44d8", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577555, "uuid": "edd01cc0-642d-4013-8284-4870ad7847f6", "comment": "Malware payload (Gozi)", "value": "177dfec8655bd7de279e4d4c922ea710636f71d4040d0874588cefa9b20b9a78af38f6c98d152f7f568696030ff3abe3", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577555, "uuid": "496be172-2e0d-4f31-8fb9-e1ffe868dc05", "value": "T11B411986C3AE9A2AED42C7372E9F0BE1CD0C9391CC9695BABA57E60705404C57C303EC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577555, "uuid": "75c61628-a989-41c3-865c-3f546e6ae2ae", "value": "48:9Uj9ukMA4UfXNa97vJsmsWNydoXTcbQzNeVXGUgk0RSo765Ek2nl:EwkdrfXNadhNYoXwbQRdUgkWp76gl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577555, "uuid": "1674b082-e2b8-47b0-a229-ad8b156c0f9d", "value": 1939, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577555, "uuid": "3a59c19e-bc4b-45fb-9ea0-5b7cec632c96", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577555, "uuid": "a0d07634-d15f-44c2-a68a-7b30407030a6", "value": "Fattura 2203-23_012(2).zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "810c0231-c91a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679535118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535118, "uuid": "47877017-ef91-4e43-a007-56ba9c91717c", "comment": "Malware payload (Smoke Loader)", "value": "98c26d3825a2c95174e1751ecc209720", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535118, "uuid": "2c3ea3ca-3dec-477a-b192-528ea652e9f9", "comment": "Malware payload (Smoke Loader)", "value": "6b7852dc757ea3cc463b51ad2b708ee39f2a155c9ddf46744453796ad8c6c9b7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535118, "uuid": "1ee00789-1f04-4394-801f-ac2060964e7c", "comment": "Malware payload (Smoke Loader)", "value": "5ea15250868779a023ffefda051066349b057bda", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535118, "uuid": "b47a9899-385e-4d14-a6f8-13c0130b586d", "comment": "Malware payload (Smoke Loader)", "value": "09c82bfaf3dc40fc95bff2ef3a078e3b70c83af67ab182ac305c3b819289a498ab6a858f62f8f13aa0c052de12efea81", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535118, "uuid": "84b6ec1e-7354-49b9-88a1-0bad5a218fef", "value": "T1DE746DC253E16C60E9124732BE2FC7F42A1EFCA19E55BB6E13596E3F09700A3D162719", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535118, "uuid": "48ba06d3-4617-4696-882f-814f755c5e90", "value": "c3df3d0d993bdeac73a0f5fd62093e4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535118, "uuid": "115ef15f-abc1-4255-848a-3aeb241d5934", "value": "3072:S+i3lTky/RYVjuafN2xZcAaXf0ky9mcv5YkCnGIT3YJPtWgwn0JV:qbROFoUPpGJQnGIT3aW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679535118, "uuid": "44873af6-a70f-4765-9432-267f69d62e12", "value": 369664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679535118, "uuid": "4f036754-0717-4e96-a252-f2607fc574e8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535118, "uuid": "391a4c64-5744-41f7-93cd-4d1022319a45", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a14685c-c91b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679535429, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535429, "uuid": "25a3888a-2f80-4eff-87f7-840b888e346a", "comment": "Malware payload (Smoke Loader)", "value": "0b68b7ee0c59ddf1779559dedcd660b0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535429, "uuid": "d0ffb3fa-a7ba-4530-9e59-a349f57ba6c7", "comment": "Malware payload (Smoke Loader)", "value": "6bd9c5b9182a7d21f7d3bdf98af653a0bfd2fc18215fc3c671c494c729af2a64", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535429, "uuid": "765938dd-7f8f-482d-ae47-60ad27cce7aa", "comment": "Malware payload (Smoke Loader)", "value": "0f3e519225357d2a241a68ed0d32a7720520c3cb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535429, "uuid": "b2ba5011-fc5a-4def-8efb-4695d30a9d61", "comment": "Malware payload (Smoke Loader)", "value": "95f10c2243316da903a30c14b8a19b7463d63ad10b8dcb9ac1ef37a611f31436437f59e53e06584b8f6c597985319e97", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535429, "uuid": "8dd2c43f-ff11-41ad-8cf3-3655aacf116a", "value": "T13744CF2276A3C473E46705794831CBE56A7B78319B248ACB2BA4677D8E307D19F37306", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535429, "uuid": "a3572a04-083d-4c18-af00-a921beddec6e", "value": "a4559d1602669b68de352c9c26c5d967", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535429, "uuid": "08bfc83d-9bf9-46b7-90fb-4b627b9be5cb", "value": "3072:wcDLSw+CeMh+ucYULd7bcm1uOAApXfj2AivYlbX2Y+EZge2CP1Y5hPA82MG:PuZfYULd3Z15fWYlbX2Y+OgeziY8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679535429, "uuid": "77bd9b46-ec14-4e43-aa44-3aa3266af1f8", "value": 258048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679535429, "uuid": "44bdb007-d6a6-4d80-adc8-c79916b977e0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535429, "uuid": "f04df6f6-2f1d-4ca6-b1e3-c528d8409ede", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cfed2e66-c95f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679564886, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564886, "uuid": "0b105703-72b4-4467-862f-2e08d075c6c3", "comment": "Malware payload (Loki)", "value": "aeb146d007f864acddbdcbdfff582b28", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564886, "uuid": "df86d1d9-98e2-4499-9d22-bf9c40b1e206", "comment": "Malware payload (Loki)", "value": "6c04e613bc5ff2068bfcdab2681bb318fb58bc6d4b0eb3d8263d9465ae46b298", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564886, "uuid": "e6124801-b748-461f-bec8-4d385288df97", "comment": "Malware payload (Loki)", "value": "60b2b2b7d05d202a5ec575c972f5c003dd40ef27", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564886, "uuid": "c46b4e0d-1449-436c-99e3-8fbbd9b4a9b3", "comment": "Malware payload (Loki)", "value": "e746b5f10f6396bda76b31fc5c122dbe620a6b42c9b5d135ccf98bac49828ab895e86b7c0e5ef10c69ab9f392821a1f3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564886, "uuid": "738406c7-1874-42b2-8459-8e16b7c55b4a", "value": "T125154A41EFAA6460F111447A216B7D1FCD51A88D98EDFB6E190FEF31F5E220D1D82E22", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564886, "uuid": "55d0e776-c9ad-49ba-8d24-95842984842f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564886, "uuid": "6a23b81f-1c69-46d4-91eb-003a6cb44fbd", "value": "12288:r8gPcIscAWxtBUy8ZEJ276QIVWpTjHdD8AYqba8PstPonzrNy9tKbhvxiLATAGnG:r8g0cJK9B76zeTZ4Alba8PV9Akb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564886, "uuid": "37ed50b4-7223-4067-8aa4-f09f327753d4", "value": 878592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564886, "uuid": "6bc53656-cfdd-447b-aa68-0f092e5538f6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564886, "uuid": "d31c727c-cbde-4cd6-a0d5-ffd45eb3ca22", "value": "aeb146d007f864acddbdcbdfff582b28.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7366ff10-c99a-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679590071, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679590071, "uuid": "1a82c98e-3bd9-433e-9512-48ad875cf996", "comment": "Malware payload (RedLineStealer)", "value": "f7ba0ac4f3814a6d807f904556ca4d9f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679590071, "uuid": "ac40dbcb-7652-4074-920a-e354a4e81e79", "comment": "Malware payload (RedLineStealer)", "value": "6cd0a2683c53ae90f82a6023e0a0a0793e9a5e9d3388055615df2d950c831aea", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679590071, "uuid": "376e1922-c6da-4e1b-976c-b47f35ce5efc", "comment": "Malware payload (RedLineStealer)", "value": "c4b376e2450c7e45543e7ccca9f7ec95464c9e54", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679590071, "uuid": "e77534fc-1419-4a33-96e5-fdb94f658322", "comment": "Malware payload (RedLineStealer)", "value": "3d5966c4e692023470db9e15b3f1ef73518247051d8962bd801c1fec8c19969586c8a0f6aca937855ef4d94c1e915387", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679590071, "uuid": "e1d5a63c-b615-4201-bd80-aab2772ab2c7", "value": "T1C5445AF07D381895D42DA974817EDE91B77DB519AB3B86372E34B883813E3BD6B20109", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679590071, "uuid": "b4c48923-a2e0-4742-9f31-1ea85153de7f", "value": "9ccce235b0948e702108d60e5a6f9990", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679590071, "uuid": "1440e435-9804-4cd0-9d50-799131cac316", "value": "3072:y1QP+TYjqhfzyQqBCLvLmjVVl52McYicPretpg6vQStEdvtN+2GMZjJOoVtQ1NXA:rD+2BM6z+aSg6ISElCi7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679590071, "uuid": "ca977591-1913-4447-9b86-367d1560e221", "value": 264272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679590071, "uuid": "d65d3ae9-f75a-4b16-aa2d-f17097c57044", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679590071, "uuid": "9f9f8737-510d-4425-a941-b821766bcaa2", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "318f9b17-c967-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679568056, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679568056, "uuid": "5ea058ad-231c-4118-9641-2e6e66120898", "comment": "Malware payload (Quakbot)", "value": "6575b8af841b39be51081a7efac019e9", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679568056, "uuid": "984fda70-2b89-4c78-854b-a44643fb1cd1", "comment": "Malware payload (Quakbot)", "value": "6d1aa1862bc50bc78dae8649ec13535393c50073e595b6d133050ec60ba7cc0b", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679568056, "uuid": "7c16f473-5ceb-4ce0-9e2a-5db87b12331d", "comment": "Malware payload (Quakbot)", "value": "0fd3a420a6fa99ccac32ef4ada6c9aef9e31472c", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679568056, "uuid": "8070b0cc-c381-4195-af45-14a4899d0322", "comment": "Malware payload (Quakbot)", "value": "e278e5e8e413fdc7bc15a7da944d1224827e992cc174444b5e617a6efb583175d63643e63ac53584567b2c566b31a5bf", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679568056, "uuid": "1b4f8b19-5ed5-4ccd-991f-73cea8466459", "value": "T1C7535F640A061119079BFA23A62D60649FB90D2BD680E587F49F7361BFCE91CD8E07F6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679568056, "uuid": "9796d58b-8a0f-41c6-9724-443fb5590ba5", "value": "768:H6GE2YRyBhO7FdxHs0ex10AXlBsbYI94+BmJUfZ/nRR7t8PE37eqFPTJ+BKLkOjk:aR/zor4JWNcv71yOdft9U9zmOEe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679568056, "uuid": "e1ba5f70-2505-45b5-8da9-cae85192ea1d", "value": 62726, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679568056, "uuid": "19080011-fbbd-4477-96ed-3fe3344f130b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679568056, "uuid": "68c58249-9d55-49f7-b62a-cf1dfdbba001", "value": "OJiv.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ad30a00-c9c2-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679607102, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679607102, "uuid": "c7002776-7d2d-458f-9a03-dbb9e605dbbd", "comment": "Malware payload", "value": "7803201a1a0412ca3f5d215158c989a1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679607102, "uuid": "d41554aa-2fb1-40dd-8b77-663562fb0e55", "comment": "Malware payload", "value": "6e0a7c7256246dfec4aeeebbfe2e1bf9d1a677a8688017fcf08748aee3ed52b3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679607102, "uuid": "dddfcfea-582c-413f-80e5-adfcab6150a7", "comment": "Malware payload", "value": "ff2e7dc37a9fc9c57302f5d2249818c526c7b057", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679607102, "uuid": "585aa018-ec8e-4bc7-b7a7-8c5e2513f57d", "comment": "Malware payload", "value": "1a0f0bcb42af9e4871ce944fd7b940d341268e43bd72d0cecb29f30f4f603d3c1f302c1ed43f5a636b0c7e2c42049d09", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679607102, "uuid": "bd691b79-e2a0-489a-a9c6-eaf631e8980f", "value": "T172E433B8E5C05B08D2BBA7B0DD72D9EA4D316B828FFF057E584D7A601D086A645E30F4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679607102, "uuid": "e9654641-6a3e-4bb9-8e3a-f9ecaabfc3a5", "value": "12288:b6GomzgRJ7YhsbE7PGBliOZS11IVNwmPa5V303m78S1dqToFyToHzbWwGhT:bLgR+hVLWSTEwb302ITkPHH01", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679607102, "uuid": "5ebb0860-1167-4118-9ead-e946be151b98", "value": 713216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679607102, "uuid": "e250a9c8-86b9-4000-bc6f-8c5f20350c9e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679607102, "uuid": "a8b062bf-952e-4769-82cf-6d00e725f3c6", "value": "SecuriteInfo.com.Variant.MSILHeracles.67531.9943.8280", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "274791ea-c97b-11ed-88f6-42010a9c006e", "comment": "Malware payload (LummaStealer)", "timestamp": 1679576629, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576629, "uuid": "73b2e681-efc2-442f-a410-0b54648a1de8", "comment": "Malware payload (LummaStealer)", "value": "80635e12fd377ff9f529df0e2578c9a4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576629, "uuid": "7f788935-0f5e-4d24-b971-cdb71aaf2fb5", "comment": "Malware payload (LummaStealer)", "value": "6e220d27e71466ae30fb1cf78f2034274accbcf0441b3d9499685655d912cda1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576629, "uuid": "8ccc0189-a487-4c0a-b224-fb04e02008b8", "comment": "Malware payload (LummaStealer)", "value": "8527f4c438eab88e7e12033b26f06155a589c3f9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576629, "uuid": "b9e23640-f55e-4ed9-ad6a-fad32f3bce96", "comment": "Malware payload (LummaStealer)", "value": "1f3565006d883e96b35266f105b9fb4bda625c629316ed418312a7faad080f9e655dfefd6d7357118d9a02c5add2e72d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576629, "uuid": "f864cb7b-9d4c-4b05-8299-32e442a21b89", "value": "T18B0512207BE1E072D41FC6704A598BB17DBE7872579786BB336047FA2D60790A329393", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576629, "uuid": "887a29f6-8825-4ed4-ac4f-430e12872a50", "value": "6b3b2865433bcacccdc6939e3fde875c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576629, "uuid": "67f8a47f-1f07-4781-a8f9-44d3138825fb", "value": "24576:KzYznMvtC7W6csN+HOKSiXnWtyvqCXq1OP5cWA:Kzc97NcG+H+iXgLh1Q+WA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576629, "uuid": "0d7b5dde-5286-4a87-91ec-394d08b760a6", "value": 855552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576629, "uuid": "792aa19a-4fe3-4b10-9ec8-3ea85a80bcf1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576629, "uuid": "97c98a24-7a19-4ab8-915e-66f296cf0340", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f1f09f0-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679564348, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564348, "uuid": "d24d8c68-8ef3-479f-be91-bd3273f1d009", "comment": "Malware payload (Heodo)", "value": "b86a82cb2bb0d73ee5581692b7846288", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564348, "uuid": "b0d66b88-8550-4557-8d26-6ee227037021", "comment": "Malware payload (Heodo)", "value": "6e6babd47a9d06612be704c9c626aec579bc24efab59bad81e2e86bd5c84a849", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564348, "uuid": "16af1303-db96-4086-8b94-a6a87d6670ce", "comment": "Malware payload (Heodo)", "value": "eb13a38af69409b88f0da8fa9ff57a7736e7715a", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564348, "uuid": "3a5eccd0-a56a-46c1-bc94-2ed25a1309fe", "comment": "Malware payload (Heodo)", "value": "72a85641f0aa71ccb0a8cdebd96ed3136928513c366be0b7802243bd569a08157754c34b468a255310d89c9b67f45bdc", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564348, "uuid": "da3e3d22-a7b8-45b3-a0ce-e819354198a1", "value": "T1D244F98C7BCA5ECDC224F379794BC8C5456C46B2CAF1196CAD8ACC158DA339D87E908D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564348, "uuid": "9ee20407-34bb-47e1-ad03-56fb14fcf3b9", "value": "3072:xXzeHrBwsHzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaBtuXW:FeHrBwsYXm5ZGa3vRXm5ZGa3v3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564348, "uuid": "ef895a32-fb81-47cc-9b56-d118fe57c8cb", "value": 268004, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564348, "uuid": "d183e362-df20-42da-b521-52734a544914", "value": "application/x-tar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564348, "uuid": "5262bdf6-1627-4f32-b02a-4c615da2c5da", "value": "ommegaonline.org_1.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9145eaec-c925-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679539870, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679539870, "uuid": "9aae075c-4b2c-42cd-9c44-3408e3df4c5f", "comment": "Malware payload (RedLineStealer)", "value": "c841f3ba54ae59f29d9e1726e2ea4224", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679539870, "uuid": "838695b7-37be-492f-95f4-38982147f057", "comment": "Malware payload (RedLineStealer)", "value": "6e9f3672d9c38849c09db4e94e1702b04649ad2197cffbcf4ff6994df7a33259", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679539870, "uuid": "27bf0ca5-4052-43eb-9a3e-185d677b17f9", "comment": "Malware payload (RedLineStealer)", "value": "151b055e592b2c5ab607d33b3a1b4cf1bfcc5134", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679539870, "uuid": "02e90dfd-cdb8-4378-8be8-c1d5ed639e51", "comment": "Malware payload (RedLineStealer)", "value": "9a6d7d52afaa6d3628d409477bbc5d0ccc866f8ae36604a59e2b7906bdd9ca49b88de9f7c6e6d4f4bd91a0f20cc65cc6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679539870, "uuid": "282efd36-68e4-4ac3-8dff-817b4867b8d5", "value": "T1FE74AE0352E36C20EF2246328E1EC7F82B2EBD619E6B7F5E164DEA2F09741B1D552315", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679539870, "uuid": "4fa211fd-167d-4010-be06-04419d31af98", "value": "0c7d5e3cc418522bc761bfea9cf074f4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679539870, "uuid": "eb13d99f-ada3-42fd-986a-aa0818c4be0d", "value": "6144:+/D+ApNi6b4+CbrhP6urMU9mPnVqE8rVhRwtIEqUJZWf:+L+ApNiCzCbR6urP9mvILVm0cZWf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679539870, "uuid": "6b27e6b2-c56c-476b-93d3-d99c5b6d0969", "value": 363520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679539870, "uuid": "0a8bfaf5-fd2b-49e4-a7b2-45452610b221", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679539870, "uuid": "a372d713-9f82-449f-9d0f-6c680f74b4bc", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75dc0752-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload (WSHRAT)", "timestamp": 1679583203, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583203, "uuid": "75beb68c-a7d1-4bea-aa68-7377df91816a", "comment": "Malware payload (WSHRAT)", "value": "ad09b8c1e47b162243c8e6cfeb030ab6", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583203, "uuid": "1c375a39-d611-4a9e-bc0b-f003a4b4bfef", "comment": "Malware payload (WSHRAT)", "value": "6f4e16acaab16780b1ec03d549053980c05966b17b02d4b836240358f283ae57", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583203, "uuid": "35b72b4d-638d-45bc-80c7-330a4e4cf7a5", "comment": "Malware payload (WSHRAT)", "value": "1777b8cb69f2984f55aa913282c16dc2aa0590ee", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583203, "uuid": "41cb1bc7-c1ac-49f4-871a-2378fdcad189", "comment": "Malware payload (WSHRAT)", "value": "134db815d7314a18edfe0a8b8c05ce3142eff1cfdf6de831a240dcfff0d37899e3338a9130a45464ddff2d38389387e9", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583203, "uuid": "8513a3df-9946-49f9-9527-de79a2b31063", "value": "T1003404023D8BFA3C155F2D0565302E769F8EFE75C61951A22A496F3D83AB08D137F42A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583203, "uuid": "580f4825-bd02-4ad4-b3a3-4a3bb7d33a46", "value": "768:BMq8WDyk6tuYFiPYfiVXbniXs1YmV3hSmS6VBtLZJX+:S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583203, "uuid": "7ac452d0-a43b-4745-b83e-8c93ab5289d4", "value": 243414, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583203, "uuid": "202d056c-4380-4bdc-881e-783685595b16", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583203, "uuid": "4573e341-97b5-4ef4-b38c-de45bafe4c9d", "value": "ORDER_230323.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2564b454-c97b-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679576626, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576626, "uuid": "96db642a-ae3d-4c03-ab72-7435d930af02", "comment": "Malware payload", "value": "2cc76f787956191a62946f3aa036a5a9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576626, "uuid": "71001e20-ed85-42fb-bc04-2fce6ba0dbe3", "comment": "Malware payload", "value": "6f51dfbe6eaa68e7a99472be63f61b34e8305102c132668ccbcd3bdb4db9dfd0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576626, "uuid": "9f161050-68fa-4dbe-b0be-fbaf2824da4e", "comment": "Malware payload", "value": "fba3f849f16c1fa35e629d30b9c37cd5437d2b12", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576626, "uuid": "15b4b978-0d3a-4ebc-a990-353db959a8d7", "comment": "Malware payload", "value": "8f2c13179edf4806fa6a9ee2694c8f75148d1894311785db1cf826a71dee4c6d25ed3497def1e6ac24431466a38db300", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576626, "uuid": "859743b6-4c13-4fac-a307-200cedfe768c", "value": "T134953392C492D912C1B0BC30092FF2F0A145B9736D5776226E46EBCE843A6D7DB57B0B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576626, "uuid": "f2fd418e-8d59-4154-a304-f839d5335f23", "value": "edc7ff2be90bee2a9c10e50db94e3c46", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576626, "uuid": "673b44be-07b4-4d63-851c-14ae395ff2af", "value": "49152:crsgpsM7jnLs9AbeXAOCyVzhzC4ZDgL6jD/Q0NeBdWEaXi:cBssjnLsqbwXnCODA6jDY0zEH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576626, "uuid": "e706842a-fc42-4547-aa0b-dd02306a4ee5", "value": 1998336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576626, "uuid": "fd9d45e0-7c3f-46c2-a82f-47f4156d036e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576626, "uuid": "85a43879-e61c-467a-9d3c-9aa714833e3e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81642bdc-c98d-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679584511, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679584511, "uuid": "5679f744-10ab-487d-9827-e7a87e6b172a", "comment": "Malware payload", "value": "f580a7538c80b563872430c59cdc2d2a", "object_relation": "md5", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679584511, "uuid": "6606e330-bcd0-4976-b828-e6dd5314ba74", "comment": "Malware payload", "value": "6f82810bc3c447044b02215b5c22bd26fa40cecab46159e680a161ae8c23c319", "object_relation": "sha256", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679584511, "uuid": "0a577768-f223-43ba-901d-bd2a7c612494", "comment": "Malware payload", "value": "a049e2d76bf0e9399dba279e90b15e134797de5d", "object_relation": "sha1", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679584511, "uuid": "f62a7cbf-5fc5-4b74-9a5b-1ad626494ee5", "comment": "Malware payload", "value": "24599b50e483c42a601c30957c0bf9c4277fdb39ff5e0784b85ca8141bc7e69bc03b2f2f9229621a2fc1e48c1aca4ac2", "object_relation": "sha3-384", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679584511, "uuid": "0bf7b191-0890-4a11-a876-f0961f74722b", "value": "T1CCA3926089539C2287077AEB1A2D5850F16D0B938A65FF06B84E7101FFCFB9CC6E4A75", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679584511, "uuid": "6eac7448-de82-4d34-a054-43d44c7e553a", "value": "1536:ARs2QkERoSR8OPJcIe3VWpsOwOVAdfPcKeA7BxyG:ARDRSCOhcBVWp9HVAdfPReA7ryG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679584511, "uuid": "2fd3cf96-1e12-4f04-b73b-1e3ad2dcad3c", "value": 103783, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679584511, "uuid": "13dce8ba-e1c8-423f-a370-6ec80d211879", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679584511, "uuid": "ff318242-d41e-4ef2-9105-7720cf5b521c", "value": "zusq.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc4866c6-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload (DCRat)", "timestamp": 1679564531, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564531, "uuid": "b5301434-dd8a-4686-bba3-083a7e21320e", "comment": "Malware payload (DCRat)", "value": "84a19e8990a2e491db11ef0481c56cab", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564531, "uuid": "af0b5160-a725-4045-9721-c5d96aa7439c", "comment": "Malware payload (DCRat)", "value": "6f8bceac4a1cba59b491636d18a2e2041a15bb2200bf7443c1968273b2532591", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564531, "uuid": "ebf1b72d-fa27-4a72-a359-416faa27c2f0", "comment": "Malware payload (DCRat)", "value": "435a67d3cf09357019546b6012c51b16988c26b2", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564531, "uuid": "cea5d20a-7121-407f-820f-b55310a6928e", "comment": "Malware payload (DCRat)", "value": "0dc2907d1b9dd84a3bd6c8728822474ae06cba2bb1a1a85a566417ad0e8ac9b431df7320911b922c2fb30ab529eccbf3", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564531, "uuid": "6398f141-c034-4849-8adb-d5b5b3f0889f", "value": "T11B2518027F508A11F1191637D2EF854847B4ED112AAAE32B7EBD376D95223A37C1C9CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564531, "uuid": "b54ac361-4d7e-4e0a-8aa8-a32c93bae990", "value": "fcf1390e9ce472c7270447fc5c61a0c1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564531, "uuid": "c9aef3ca-80d3-421a-90bf-5655a3919f86", "value": "12288:URZ+IoG/n9IQxW3OBseUUT+tcYbQBwziB+kyoJOD/v80WMUuqR/GD:u2G/nvxW3WieCBzS+k5JOD/vrD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564531, "uuid": "49745c87-45dc-46b1-a43e-ebb7cf735fe0", "value": 1038921, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564531, "uuid": "67034c44-6ba5-4a4f-984b-02de43ce7253", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564531, "uuid": "3e7c0d74-5689-4087-b542-6c63a9e0b987", "value": "84a19e8990a2e491db11ef0481c56cab.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68041733-c93a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679548820, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548820, "uuid": "02218017-0b46-4a01-bd46-7ea6bf01b61c", "comment": "Malware payload (Loki)", "value": "d4671de8496c3633a4630bc79e1a242e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548820, "uuid": "63a10106-9350-4c63-99d0-8eab0adb7ab6", "comment": "Malware payload (Loki)", "value": "719a6c8ab99e16c34830555b9f8b2dd2f1bed3264a4e7a8c741a2f6375385a21", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548820, "uuid": "05ff5ad2-255c-4776-bc27-df4e8768b1c7", "comment": "Malware payload (Loki)", "value": "cb225f5184af32d41238e41be0f0e0e275c3f48d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548820, "uuid": "c36c975a-8087-4109-9df1-b9f74bc8891b", "comment": "Malware payload (Loki)", "value": "c3ac59c123906977874956351ace75c792c18c8fa23e125503c7e0aa358146af9f2783be03e5be479e037eaf7f3bf263", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548820, "uuid": "7b1b7a8f-5cba-4d76-9ce3-90f871369740", "value": "T17F154A40EFAA6560F01144BA216B7D1FCD51A88D99EDFB6E190FEF31F5E220D1D82E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548820, "uuid": "2a395e1c-d322-479f-8ce7-2a6fbcbb75ef", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548820, "uuid": "5fd4ccb7-86a1-4b68-a4bf-57d8a84160f4", "value": "12288:N0QwRK0XUoVN3mmZFXP6xRvyeLOzFbbOMyjzvxiLATAGn3WtNmBNa4OCfup8igOJ:N0Qw40XUKN3mcFXPatLOz1bOxt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679548820, "uuid": "3418cbf1-e5d0-447b-a2aa-c65608ad0bac", "value": 892928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679548820, "uuid": "01a6f7bf-7e97-4e31-9ae8-5e546336e423", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548820, "uuid": "a29e8e7e-ceae-4357-8787-9bdb019998d7", "value": "d4671de8496c3633a4630bc79e1a242e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7dbf674-c927-11ed-88f6-42010a9c006e", "comment": "Malware payload (TeamBot)", "timestamp": 1679540794, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679540794, "uuid": "0403c5ce-0eca-46f5-af7d-57f8921709d8", "comment": "Malware payload (TeamBot)", "value": "f631c365339023797183c6469e5a5bbc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679540794, "uuid": "67513533-0afb-42bf-b5e0-84990f3cf8eb", "comment": "Malware payload (TeamBot)", "value": "71a53ec5fd93da5560814b2f24c67fc2d3db86d76e8b4afe10137f6ed09dc6b0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679540794, "uuid": "b791807c-f30e-41b8-b9ae-54a495f0577c", "comment": "Malware payload (TeamBot)", "value": "dcc76edbe13a3640688d15333f91d9f08a4241db", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679540794, "uuid": "45f7e3ff-3a09-425d-bf1a-14dc16161ef9", "comment": "Malware payload (TeamBot)", "value": "453ed50ac7c831db9cf25d445b4448289b87da9d40609bffabb67308074300be321885d7eacfc60fce08db8ae1b6b6b9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679540794, "uuid": "51c05eec-09cc-4334-a6d1-99c445b30afb", "value": "T152446D0253E36861EF2347328F2EC7F82A2EBC619D5BBB5E164DEA2F0D741A1C552705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679540794, "uuid": "47d317f3-a02c-4153-8591-22a90afa6608", "value": "0c7d5e3cc418522bc761bfea9cf074f4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679540794, "uuid": "00b17160-a5a1-469c-aec7-a0d29a176c99", "value": "3072:3I26CO4MBmYgirNE8u4qVUcxzzaMM81JaYc4HbhcIVxeK+TGOMa:UNBgUNcBzaMM8naO7CieTM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679540794, "uuid": "4d496a47-6d2e-4861-b75f-7a18bbe97d3f", "value": 254464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679540794, "uuid": "e4d83abf-80d5-4c5e-9c7f-7fda080b7034", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679540794, "uuid": "75e6a0e3-6c20-4dd4-bdad-927c29f6801c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d0c795e-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679583027, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583027, "uuid": "46d446dd-7368-4ed2-a61a-1560e7da2116", "comment": "Malware payload", "value": "866804d9e628e60825b840b148d3d9ff", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583027, "uuid": "bfcae95f-bbf5-48e2-b3fe-9c8849c4023b", "comment": "Malware payload", "value": "7220e36652118083eb851f8f1ed7973ef4526667ef5a05869e330a25183f29d3", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583027, "uuid": "4c735282-db6a-4b18-888b-a2b0e5940868", "comment": "Malware payload", "value": "77a6bc49fc054531aa1ff027ae776902d09f8016", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583027, "uuid": "ffd34698-db91-4f8b-bf82-765dd245fdab", "comment": "Malware payload", "value": "5206779e77bd1ef5bccc65c6d2f1304703775ae5b5021a640d1d813828c174483a8a72b8054db2db47807492a03b4bef", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583027, "uuid": "a1c4bbe0-eedc-48bd-a207-f357457a3ae8", "value": "T1FCA3F1357186C651F7A1B1700EE4D2CFA665FC42FD82DA0B71DD730FA8388A49837A96", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583027, "uuid": "b539f032-e80a-4c03-9858-b35fa44ca7a2", "value": "1536:s58Tg07U9AY7RAscWbOw3RYTTt3zgVIlAMg2V6w3c4PZjrPK941wQJ:sQFg9AoRAscW33RE3z6Iq6V6WPZjrP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583027, "uuid": "fcf88006-b106-42fd-8d2e-12df5cae1159", "value": 107008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583027, "uuid": "46b3aef5-0dc5-4695-ab75-fa9f761b8911", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583027, "uuid": "6f8254fc-318b-4bed-a4e9-b0f50ab90d83", "value": "New order.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "515779b3-c97d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577559, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577559, "uuid": "6aa7ce20-5f40-4e9b-84ba-c3ef25d4c73c", "comment": "Malware payload (Gozi)", "value": "1f198929a977ea935645221ab38698e9", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577559, "uuid": "2fc41195-3ba4-4764-a78e-062414c05cbe", "comment": "Malware payload (Gozi)", "value": "72b9c7020698ad0a6c2bf391b8c829acb24b74376215d2459627dcad10b9963f", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577559, "uuid": "ba3ccc86-9da7-4e3c-9613-4d5355233ea4", "comment": "Malware payload (Gozi)", "value": "b363efd6af28626a1250992ba9f125e55ef01972", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577559, "uuid": "26c11920-d155-4b27-8b0e-42a39d3e697b", "comment": "Malware payload (Gozi)", "value": "1d96beafbca050eecc2d4660a44fb94573c7490b341ed56aa53d73ce619597d022d1a57cee9403a6cc7e4c597ece8316", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577559, "uuid": "6d735985-59f6-4455-9e04-5a756a2413ca", "value": "T17841E803E3F866B9DA91C066C8688CE450DC17C67A6F568599EEF15BFA1F9304D2B280", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577559, "uuid": "b58d1d65-8868-44ab-bebe-1b02b189f75f", "value": "48:9iXLzYYIsI881Th1lIcWuiyeZMdbbqit9At:Qf6Zph1JiyegGiLAt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577559, "uuid": "b1343670-5f5b-4d90-bd50-9378d49cb6e2", "value": 2009, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577559, "uuid": "2203425f-6c92-46d2-87ed-9b08f660d02a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577559, "uuid": "b55a809f-3e72-4617-9146-f74f3ed8d9b4", "value": "Fattura 2203-23_012(3).zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ecfdf8a4-c915-11ed-88f6-42010a9c006e", "comment": "Malware payload (RecordBreaker)", "timestamp": 1679533152, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533152, "uuid": "9980fbfe-98b3-4183-9173-8df415e32d40", "comment": "Malware payload (RecordBreaker)", "value": "3cae6a5fb877af00bd8c1bbdb1ac8e44", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533152, "uuid": "0e029400-367e-4116-bb40-ea302e0d54ad", "comment": "Malware payload (RecordBreaker)", "value": "73176b651d183941582e6225d9d5174e8d2c25933255065cb56556bae96707ec", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533152, "uuid": "8493dac4-bd53-4db6-adc6-5eac160f986f", "comment": "Malware payload (RecordBreaker)", "value": "6cc4f2ff0836b2cc08a8a2f0bfc889aa56da6fab", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533152, "uuid": "c3018082-45db-41ce-a56a-94633e660424", "comment": "Malware payload (RecordBreaker)", "value": "defd0260e5d4f815d846c43efdb69c6000f56d196678b3bb4f2d60f81152cf527bb5d82b955545f8200f5f15c450c526", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533152, "uuid": "ef391f5c-c5a2-4520-8d78-142be8e00022", "value": "T113847E0252E36C60EF2357328E2FC6F82A6EB8219D57BB6E175DE93F0D701A1D562701", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533152, "uuid": "99c4b6ba-a6c2-4989-8e88-584c0b744b26", "value": "8800deabeb7a145ec7133669ba643dcb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533152, "uuid": "1afbf965-96c8-485e-be04-b97d1134e797", "value": "3072:geQp8x7P8+K4xXrcXCOqO+BOYabhFit28qOKoKwuexw2isKzl5ANgPxCWMa:Bxg+VXrqqO+SbTybqOJlxjKzMNgPxi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679533152, "uuid": "8a7c8478-bd24-424d-bb11-34471849fd11", "value": 396800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679533152, "uuid": "844ab3f3-9c27-4f87-a837-73eb8abc73a6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533152, "uuid": "9ac7c571-b919-4bf9-9a6c-e54a1be4f33e", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2dd8e41f-c945-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679553447, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679553447, "uuid": "bef9c0b3-bb80-4faa-b078-6982298e9af6", "comment": "Malware payload (Mirai)", "value": "c61c5ee0dd181e9eb80307c03076daae", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679553447, "uuid": "a04b5d96-0bc3-48f2-89ce-39330e467dad", "comment": "Malware payload (Mirai)", "value": "7504c06e27567e1b5bd95d1cd694dccc485efdf787c025d7f3cbd4c66bf9afa9", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679553447, "uuid": "d8b8f5a0-4e8c-43b5-98ef-3d36ca204169", "comment": "Malware payload (Mirai)", "value": "428e4f843460e882f629c07548dc554adbe3f9fa", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679553447, "uuid": "4b3c4ef7-1833-410c-bc3d-e3015e8cdf16", "comment": "Malware payload (Mirai)", "value": "e05506e80cc7c1bfc5f13b3d746193e9b759d63d4b9de074c403a97ae72421d0f50b6c63b55c601311c2754430b1b7cf", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679553447, "uuid": "63f0cded-0ccc-4498-8ef5-5b8d8cce34ee", "value": "T12382E157A3355600EEBDB6B0CE9F249079B859A48D9939336F4492C3442F7F328F8496", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679553447, "uuid": "5daf0a43-8ba5-41d1-af40-ae233c7c26b3", "value": "384:DCDKt+Vs2zaKbqZ0/APDYGLO+OfF5XntuvLmCztdubrorkFaoSLJX:D1t+VVavqCYFCvaCZdufSt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679553447, "uuid": "c9f4c45a-d75a-4945-b12e-23797c2db82a", "value": 18543, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679553447, "uuid": "5ac7c487-dfd7-4033-ae04-c66f98c66de9", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679553447, "uuid": "3baf791f-01ba-4f4e-8996-01ee68988937", "value": "spki.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d295674a-c990-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679585936, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585936, "uuid": "ee533634-47ae-43a8-a2dc-ee86de15a5aa", "comment": "Malware payload (Heodo)", "value": "35930293a1c9a972122ade3c7fbd78e3", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585936, "uuid": "d6cda4a9-50d6-4874-b243-3a3f0d2399ae", "comment": "Malware payload (Heodo)", "value": "755181606486f4af669a5ca05724415bea2b504e342d9fc4f509a911d1b11415", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585936, "uuid": "f52686a9-ab34-4efb-8830-68c0cc52af5f", "comment": "Malware payload (Heodo)", "value": "4c0bd7b79df471019a3182c0ed3ce51ebfa8b1af", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585936, "uuid": "59002acc-0326-4086-ad88-3f74b71fb01d", "comment": "Malware payload (Heodo)", "value": "be72a437d42a3ee8ceae37e15dac9127e094ff7f3ee754ebc1494a1ccb10bea526acfbec068f86faad450af8a2e1614e", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585936, "uuid": "bcdc9203-42ca-46b8-8477-70698dcb35ae", "value": "T19144F9CA6B97548CC060A3FE300476E6433947E3E970ED34E4959C2E8D66F8E61F4A9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585936, "uuid": "487adfa5-27e0-4bcc-be9d-d81a4eeaeb21", "value": "3072:kNjcvQx377FjDDRX4UzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWa0:kmvQp1DRXKXm5ZGa3vRXm5ZGa3vuV3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679585936, "uuid": "812c272a-15e4-45f1-8e37-3baa1e509e91", "value": 268308, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679585936, "uuid": "12a00094-d422-4db1-825a-9feabcdb5daa", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585936, "uuid": "8f9038e8-8d23-46ae-9cd3-dd6ac94e6eb3", "value": "Opast International_1.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c93d682a-c990-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679585920, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585920, "uuid": "08a64d6e-2186-4aba-9b65-62c829a8348b", "comment": "Malware payload (Heodo)", "value": "8cf2a46da3c883b890e1f23f8ab527b3", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585920, "uuid": "800fa1cb-91f1-40ce-894c-e8fde11e578d", "comment": "Malware payload (Heodo)", "value": "756b61f3bd563d0e477e3e7623ef33f0037a23ffd00216763918d60f979d296a", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585920, "uuid": "26b3fcdb-c513-4f3d-b5bb-aee3b5e77dc2", "comment": "Malware payload (Heodo)", "value": "ff04548d5b80b47c0345716570752f29c044ea30", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585920, "uuid": "43909f57-6557-47be-9db5-d1cad67bedd9", "comment": "Malware payload (Heodo)", "value": "e16790e38deb20562defe95df49898b75e7c096690a0a3411e858c950a6c30357eb146e5376f10094b0530d71c9901b0", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585920, "uuid": "3c41c80e-610b-4153-b4eb-2f88b784a1dc", "value": "T1C644F9CA6B97548CC060A3FE300476E6433947E3E970ED34E4959C2E8D66F8E61F4A9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585920, "uuid": "fba97bd2-38b9-4ad4-a7ef-3f386ef2f562", "value": "3072:kNjcvQx377FjDDRX4UzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWal:kmvQp1DRXKXm5ZGa3vRXm5ZGa3vuV2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679585920, "uuid": "2933464c-f86b-4e1a-9731-7d37776c8ed7", "value": 268308, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679585920, "uuid": "abfd82ba-708e-4a49-86f3-79cd0ce73c7e", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585920, "uuid": "5b2c65e4-b8e9-45ee-b094-790918eeee23", "value": "form.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd30990c-c914-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679532669, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532669, "uuid": "8355d708-210d-46a7-a6fa-25aaa842ad26", "comment": "Malware payload (RedLineStealer)", "value": "23f741b52b7e87e1c60fc0bf01380131", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532669, "uuid": "39b4f772-a677-481b-9ac4-6359592cfba0", "comment": "Malware payload (RedLineStealer)", "value": "7580eaafc8deefaf9bee2fd30c112524cbc43418d5870e9c25438517a3b6d499", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532669, "uuid": "b159b4d6-235f-4a30-a656-83156b95af53", "comment": "Malware payload (RedLineStealer)", "value": "6be433e4825265e741d8aeb33da2474208e5a2fe", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532669, "uuid": "a7f18d42-35f1-49eb-b56a-a89794d2c3a9", "comment": "Malware payload (RedLineStealer)", "value": "d1480bcd48ba530cbf0fd313974fb037f14a141c170088d491d2ae5b087c11dcab31fa8b130ab9a2453e3da27b3ceb53", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532669, "uuid": "fa274c20-175b-45ae-b550-af0ef3818f06", "value": "T12584D01DB74C9A59C76E2EB9B4E22044A730DC360B92E78F788B316D211D3DA4D73A47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532669, "uuid": "043505ce-5968-4f8e-8049-2816b57791b2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532669, "uuid": "68b076a8-bcd8-494a-a22d-af4b5b8fa5f5", "value": "6144:hA6OjImSHcpokzKplu+ovoLrliRlSme7KQt5jJ2:W6zmSH6okeu+UVlbm3N2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679532669, "uuid": "7e7ea6b2-843e-4c06-85b8-9e4bcb184e96", "value": 402432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679532669, "uuid": "0e05dd04-ff49-46e8-ab97-6a7780d57812", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532669, "uuid": "e9f1935c-88ca-4fea-91a9-1e69064094d2", "value": "23f741b52b7e87e1c60fc0bf01380131.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "88c07383-c976-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679574645, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574645, "uuid": "8358510b-96d1-4b26-b487-74c108068186", "comment": "Malware payload (Quakbot)", "value": "562b0986bee44ef4c2bb99249efaa3c0", "object_relation": "md5", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574645, "uuid": "2aa91f32-ddc8-454f-96c6-b21b41cee0ab", "comment": "Malware payload (Quakbot)", "value": "75a35b91e6295c6287dbd858663b9f126bfd6e29a278e435ab9c17c2eda25ee1", "object_relation": "sha256", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574645, "uuid": "06cd9dd4-411d-44e8-b516-5af1d12c1d90", "comment": "Malware payload (Quakbot)", "value": "d7f7cd5302e4277dce25ec8bf74759a31b23dc0d", "object_relation": "sha1", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574645, "uuid": "16da00ed-6317-41b6-bf0c-e6fd83137bbc", "comment": "Malware payload (Quakbot)", "value": "2490e150bb20acbc3db6cc713e6ac71d6c70e1ef4c3bbc2b0466ffdfd4b14416b33616b2c851360756c08816b4912626", "object_relation": "sha3-384", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574645, "uuid": "d5a2e03a-ba53-4a65-9879-c76c508c52cf", "value": "T18F91D68B5D1DB32F4E41F18A28644CB5A04CC7E1270790E5F4A72218AD36F20B7BEDD6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574645, "uuid": "b1168a2e-2d21-4344-a745-48d8a4320ede", "value": "48:uxHewoQ5s8UbiV8kZlCP5lutALhmqUq3u5plYVEl5FdtNL6evHOSQzZXdhbUnJWG:ux+ClUcfZ8r9uPjFdTej9bM5oO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679574645, "uuid": "b8883598-fd2f-4651-9cd6-fe3dacfc90ab", "value": 4440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679574645, "uuid": "a164e41e-db7d-46ee-b08f-88793d3fe051", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574645, "uuid": "62c520b1-c0b5-41f3-b776-e2dd50b12c9c", "value": "Dolorem.html", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11ee3ffb-c940-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679551253, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551253, "uuid": "c4f5831c-48b4-42e8-9996-9b4665b6e748", "comment": "Malware payload (RedLineStealer)", "value": "0a6e9fcf41b80b5d28f3f984b5ef31de", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551253, "uuid": "6dbbfdb5-608a-4e16-b724-f46a2f79e16f", "comment": "Malware payload (RedLineStealer)", "value": "75ef51ae35721dd167fe1e7fdf270f0d4f70d62551d391a4ba620a766ad9e684", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551253, "uuid": "97414e7f-cafe-404e-a9c8-bfb8e36948f3", "comment": "Malware payload (RedLineStealer)", "value": "73dcf3e590ac864d6d6f7be819ceac73fe5f7b82", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551253, "uuid": "bc748f9e-7ae8-4c17-a9ed-bb5bb49d65d7", "comment": "Malware payload (RedLineStealer)", "value": "6e509758e15f85159972a399ad5f3b01e675e1b8068e35353212fac9165998f0c8c418511a72ccd5438fc01d9ab0610a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551253, "uuid": "d4117afc-f6c2-4b80-90b2-e884d862b7b5", "value": "T144252382E7D48172D874777058F302A30D777CA2AE344A1F6752E96B4D33A94993632B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551253, "uuid": "994bc759-390c-4b71-be23-042bf1c7fa65", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551253, "uuid": "22869f51-a5ad-4bd9-b8ae-1ea50bac3263", "value": "12288:gMrby90M/ZCx3OD1ecec6/d5CmLn1HUO61SVqWO/3cihj0wq7ihEK7VV79XrI:LyrRClbtLnNj6UV+/3c5wq23h9XrI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679551253, "uuid": "2bd1d634-406d-4663-a1ef-89ac804a7b71", "value": 1038336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679551253, "uuid": "7a69d7fc-ddc6-4bb8-a759-31ab7050b0ee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551253, "uuid": "873daf8c-ed0b-4f31-ae10-4d9ea20064a6", "value": "0a6e9fcf41b80b5d28f3f984b5ef31de.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0725500e-c941-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679551664, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551664, "uuid": "2c6bf9d0-97fd-488f-8559-0eb3f7b226c6", "comment": "Malware payload (SnakeKeylogger)", "value": "d8350fc7053358974e747f357b20f939", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551664, "uuid": "91b5cbdf-3f8d-455e-aa9e-1ac288f12605", "comment": "Malware payload (SnakeKeylogger)", "value": "76b11277b10876b9d8fcabe4e59584b30b2cd8bccac02fe8ea1fc2b7be0bc027", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551664, "uuid": "8eb588c7-6b75-4593-b417-c9d79904018c", "comment": "Malware payload (SnakeKeylogger)", "value": "4675fe3a0472b60ea972c80edf447671c8e4ecd3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551664, "uuid": "c26fb621-8eea-4ca0-ad9e-de54a42d4493", "comment": "Malware payload (SnakeKeylogger)", "value": "b8bb470c9132be7b69999c413468358d4747357259cccf9d9b17fc022d4700137a450a0046f792d2cdb6d91954b40293", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551664, "uuid": "a841cd76-868c-4836-8234-246744de6d50", "value": "T18A155B40EFAA6560F01044B9216B7D5FCD51A88D98EDFB6E190FEF31F5E221D5C82E22", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551664, "uuid": "eb323e8c-ecdd-4bca-8a01-8470e20c4e17", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551664, "uuid": "bdd7bc34-169d-4b7f-99d9-d68a1e633f0d", "value": "12288:6wQvPI3XMSnF3Rl6TCqUQCoHErklOvXTC/ewpYs998Cfkhl1KAqIJkP50vxiLATY:fQvwnMS+CECoH47DC/eBqvkhl1K1D5A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679551664, "uuid": "8c59db58-1579-4e8b-bcee-ca59f39abc7f", "value": 927232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679551664, "uuid": "37709444-8f77-4d38-8f4c-dac3193862c0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551664, "uuid": "0c20b8c1-4e16-49fc-83b4-bfd9a1df027e", "value": "57m\u00b3 LPG SEMI TRAILER 7 NOS.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c834413-c9ab-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679597254, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597254, "uuid": "0e39046b-e4b4-4e04-8e00-3833703cb662", "comment": "Malware payload (Gafgyt)", "value": "438a7b65a72fb8fed8fd0c2e215416a7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597254, "uuid": "255baf29-3da6-486b-9f4b-639fbc2fe354", "comment": "Malware payload (Gafgyt)", "value": "7757d8c7028b8ead207f4471f7f4ab713b787394ff7fb5bb94f060650437ee6f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597254, "uuid": "775c5390-5793-4ef1-b971-974c77f3f79a", "comment": "Malware payload (Gafgyt)", "value": "1a8eff18b318ec69229a671d155439042f0bfb22", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597254, "uuid": "e1d33686-95be-4b75-9d03-dd8f50b7d1f7", "comment": "Malware payload (Gafgyt)", "value": "be3227c7c47bfddb8a14ee1dc9ea0cf9f0203dafe0e7b032ddcc7632546ab428abaaea2499b78f968b1bc44d31a8cd5d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597254, "uuid": "8b7dca23-9bf4-41ee-91f5-8fe63326ed4e", "value": "T1C0930892B900EFB6F40ED77A44D34724B670FBA24E531672731779A6AE322D43826F41", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597254, "uuid": "c3f96662-bfd9-4546-9025-de8e55ce4845", "value": "1536:4mZMaXpB8F9OEG6ktQm3r/FS3n9RIB6Yy36gF62f7vTmQ9VqXjewf2Le:v7p09W6KTG/IB6Yy36cNfmQ9VqXywf26", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679597254, "uuid": "1c35751f-5489-4fc6-9117-a8a5cf1e9e49", "value": 91087, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679597254, "uuid": "8383e840-28eb-4a8f-8c4f-0f83f86fc2e1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597254, "uuid": "cf7a2f65-ccf6-4336-8785-b3db195ca3ed", "value": "438a7b65a72fb8fed8fd0c2e215416a7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ddadcc6-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679583163, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583163, "uuid": "25eca545-5933-4093-b1b9-a3e953c00f28", "comment": "Malware payload (AgentTesla)", "value": "2992afedf87a639e1105f5cffaad0848", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583163, "uuid": "85b9d869-2bd7-47d4-9bca-8d2ef19c8d2a", "comment": "Malware payload (AgentTesla)", "value": "77c510c2ba89b331dae81cb6d857f1557eceb69ff1a77fcf3e0d00f3514cca90", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583163, "uuid": "e2cdfe4e-c07e-451b-a9b4-1f2750d73978", "comment": "Malware payload (AgentTesla)", "value": "37147ffa6233def5aa11c3ef3c0bab092d1062e4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583163, "uuid": "8bf4eb7f-e645-48fa-9515-03ef230cf3d6", "comment": "Malware payload (AgentTesla)", "value": "7eac8fa181570c05d432edfcbce8c67152df4bf4fa38fff9df97286112b839b549a17b867ea505d9f084f15b34fde43d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583163, "uuid": "a9a77eb9-72cd-4c7d-bce2-9cae28201001", "value": "T184258E34DA2D08B3FD99B3FC1A150D2E52E47E2696209F4C87EE74C619BEB5258C305B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583163, "uuid": "7732019a-c3b7-4671-bc9a-1b07f9462382", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583163, "uuid": "5c96b1fd-3079-4c3c-8f18-cb96d8ebfdeb", "value": "24576:e8Qm8UZGGU78FmpgHSecyQZm7Wy0BHV02WQDfujeoXL:3QmbZf08xHSecyWmCpGHpX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583163, "uuid": "1c632bd9-1ee8-4f18-b0f7-683d75ba8cf5", "value": 1018880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583163, "uuid": "3d086967-73e6-4382-bd1a-f5874800cede", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583163, "uuid": "ec785e4a-1cd8-4e1f-8527-b93d26ca2b3c", "value": "E-DEKONT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84233df0-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679564329, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564329, "uuid": "cba176cf-3e9c-45e0-9989-ee1ab8be0013", "comment": "Malware payload (Heodo)", "value": "4a57fc6c34cbd0d8882f32cbbf691203", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564329, "uuid": "c3d3e50c-2d1d-4dc4-9bab-e13a83e9eabb", "comment": "Malware payload (Heodo)", "value": "77f84fa3d5ee48896a5c4265fafe44d0724a0e90e59dfc6c3b39117ab7496243", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564329, "uuid": "6d61c1f6-aea5-450e-a4fc-9913b20db1c1", "comment": "Malware payload (Heodo)", "value": "0e4918b6fadf173fc21854d0e9161a446bf24d5c", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564329, "uuid": "aff23d0d-a10c-413b-9d30-6ae50e47159d", "comment": "Malware payload (Heodo)", "value": "fe25bf158ccb8206e0a9163086c1903e0718c24dc202ed7c4c77fdccc97bb53099149a2393ae447ece509a8a5e97f037", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564329, "uuid": "66cbb5d8-eb0c-4171-9d67-431f4c4b1e76", "value": "T1EB44F9CA6B97548CC060A3FE300476E6433947E3E970ED34E4959C2E8D66F8E61F4A9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564329, "uuid": "298177e0-fabd-44df-a3c0-3c9eb20a7c1a", "value": "3072:kNjcvQx377FjDDRX4UzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaf:kmvQp1DRXKXm5ZGa3vRXm5ZGa3vuVw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564329, "uuid": "5db7d527-98f0-4999-99c3-93a7cf60548f", "value": 268308, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564329, "uuid": "e00c10c1-7141-4f40-805e-ef85db1fa395", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564329, "uuid": "2624410d-a747-4a59-a4e9-99fa489c92d9", "value": "imedpub.com.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "758afe62-c97c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577190, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577190, "uuid": "a6b34ac5-3bbe-4fcf-bb89-73db6480d375", "comment": "Malware payload (Gozi)", "value": "548feb99e9ac3da410fc8ee0e7cff461", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577190, "uuid": "d26f8fbe-677b-494d-887f-8e8bf8739e3e", "comment": "Malware payload (Gozi)", "value": "78668f256b67a4e48db0cca31862f0eca33012348f017c421c00887a9b8e5ff2", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577190, "uuid": "f0998e7a-2bfe-4cd7-9d17-138a14e047d6", "comment": "Malware payload (Gozi)", "value": "09064face8d5a7449eedcf62f95ffe2551c4eae8", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577190, "uuid": "86ae8a56-5cfc-4045-ae79-e8210c92cc21", "comment": "Malware payload (Gozi)", "value": "706d1f46cd7a8e36e8ccad34cbaecdf9b8e00b2c23c07742936ac7338b2aa5f54d96b6b6083e0d15ff9ded80ebac2f35", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577190, "uuid": "583cc701-9dd1-470c-8105-72ace48c303c", "value": "T19BD1493682681FFF283631AD4C1842B225A2957B7BBF1DF6B47005E9651CB2041B6EDB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577190, "uuid": "38ccb42a-0479-4d61-951e-e736d0437a7f", "value": "192:M/fnUwLR8EzDM9a9gJ3txMtiN7fPLrFaLc:dY4Mi5n/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577190, "uuid": "d7b4b83d-2b8c-4421-a3c2-434fe069bcd8", "value": 6521, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577190, "uuid": "a2e969c6-d55b-41bb-905c-fae53b387f5f", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577190, "uuid": "56fab23d-4574-4ac5-b3a2-933571bb3e55", "value": "Fattura 3567 2023-400934.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e007d66-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679583190, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583190, "uuid": "663b22ef-6d33-4e6d-b492-4a89f7a01967", "comment": "Malware payload (AgentTesla)", "value": "89f5ab89a5b1a30078a5f1c395ec0fe1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583190, "uuid": "c3c8987b-cced-4f12-b9ea-17ce4be4f3d6", "comment": "Malware payload (AgentTesla)", "value": "78b14730a49f89de90127d59fc7118e749d647cfc7ef78c9f820cd46c13dae78", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583190, "uuid": "7a1f8624-4f3f-4e62-bbe7-7a6e86f10f3c", "comment": "Malware payload (AgentTesla)", "value": "d76587780a0dea62b1be8bd122096fb4a9eb235a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583190, "uuid": "763aa93b-c105-40c9-b3cc-d9f14c7190c7", "comment": "Malware payload (AgentTesla)", "value": "15ad416aae5869c44baf5c321d9641f0bdb68d68fca48c667d604e1961c8c0f8509145821a5253f02ca0eb680d54b340", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583190, "uuid": "fa1ee1fe-adf7-4d16-bd2c-0f8b39cab59a", "value": "T18834BF8BB51B749EC50BCA75CA990C2C9761B6E6A717C107700B03499A8EBEBCF051F7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583190, "uuid": "5a080387-3939-4b49-a051-2ca6a75f3c2d", "value": "6144:ajO5S2ojOLwEAX1XR6Ia2Z3pnUQMpqEduxmn4:15S2oKLw9Fhl3WVqEd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583190, "uuid": "719b2125-e318-4a54-8242-561d264de9bd", "value": 238664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583190, "uuid": "c85dc885-ee8a-44bd-b76c-b976b01b9984", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583190, "uuid": "ee30e91a-310c-49c8-983b-471c74606d0c", "value": "DHL Hawb and invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "592baae5-c97d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577572, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577572, "uuid": "3b2264fe-f98e-4330-bf61-58d9153f33e8", "comment": "Malware payload (Gozi)", "value": "b0bccdcfa4a00723e4ed739ffb24908b", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577572, "uuid": "7d70e427-0485-476c-ae1f-d59c5a860504", "comment": "Malware payload (Gozi)", "value": "78db754e44a01ab24892c7ee9c63d04701c08a8fa963a0c3f50614e564f1b49b", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577572, "uuid": "47471fc3-10e9-4095-b3a1-c79dc52592d9", "comment": "Malware payload (Gozi)", "value": "63dbc2dc27d581429ce14330904a512a0a5ac212", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577572, "uuid": "ce6183da-fcf9-45ba-9a85-dbed9afe84ba", "comment": "Malware payload (Gozi)", "value": "fbf75d548def43d11bd7927b05bd778ab3138b749c9eb990d2938a23dc2e6a618d5efcfbd6b638c062fd89156f99a3f9", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577572, "uuid": "0d90d68b-5499-4ae3-8a02-cd5af1232932", "value": "T126410A4AB2308054DC6782B009A45F5F48ECDB19E6EC79CFC7208D10BE5F46AFE0769A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577572, "uuid": "e33fe329-85a0-408d-8580-8cc20a7c09c8", "value": "48:9o6b4kOi7vSVT91uIWdqe4j3I/wNHKoHdHAx:+6b4q7vSVT919neyY/cDHAx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577572, "uuid": "9b4d4da6-1072-46f8-9a3e-d120d2361f69", "value": 1940, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577572, "uuid": "8ef1d6b5-4c66-465a-a22b-680f87a63adf", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577572, "uuid": "b6761956-9159-4c3b-a4fc-f7c2d0c6e99c", "value": "Fattura 2203-23_012(7).zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c333fa7c-c913-11ed-88f6-42010a9c006e", "comment": "Malware payload (CoinMiner)", "timestamp": 1679532223, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532223, "uuid": "a3230b2d-53d1-42ec-9197-c63dd1681630", "comment": "Malware payload (CoinMiner)", "value": "66b6eda0882d3e51a7df602a9b2e64b2", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532223, "uuid": "818bfe81-666c-463a-a407-f760ab13f290", "comment": "Malware payload (CoinMiner)", "value": "78e2abd83509fe2ad4085faa99d2f7075339247dcd8f063c26b7fd6285d22d88", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532223, "uuid": "2fcff90b-9663-4af9-b38b-32d18f42e987", "comment": "Malware payload (CoinMiner)", "value": "c1bca466d54d6d8b53a030c7f72f537e9182bc8a", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532223, "uuid": "56d1c9a5-9723-48a0-80e5-21297358a7ca", "comment": "Malware payload (CoinMiner)", "value": "bce33c181f47636c12e7270c91f7eb8db705edc0a5bd1ea9609d1ab009e136c50e9b8c1dfb16054c1a3b7469c611c158", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532223, "uuid": "b49babf8-e954-4d06-87e6-9dd3bcb59ce3", "value": "T1D424CF1B7D408122D99AD8FD24F9B9D2AA7DB94A2352D04EBB2D7D570D362B03F6013C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532223, "uuid": "40fd15ae-9510-4737-b47e-05d0cf44e135", "value": "9ccce235b0948e702108d60e5a6f9990", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532223, "uuid": "75674713-0067-42d0-81be-eb338e7a403c", "value": "6144:Zj2JnRtPtNGuN5KiQcAHJcDGsplSHpOpR1AGRtyRsSSFffJZ7:GRdt0qK3pnkrJGRsSSFL7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679532223, "uuid": "bc196efe-7528-4c97-b2e2-7f992c6e3c1b", "value": 219216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679532223, "uuid": "85a9addf-acc1-43c9-87df-c4ada4d5b95d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532223, "uuid": "d1ed82db-3acd-44da-b8bc-32f8210147b7", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5345edc8-c97d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577562, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577562, "uuid": "5fe9972f-6f4e-4b8e-b038-a881466419f9", "comment": "Malware payload (Gozi)", "value": "fc05e9c2f62b33975675c9c5d1053e03", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577562, "uuid": "1aca2c9b-e223-4a64-89e7-5ca1c95636a5", "comment": "Malware payload (Gozi)", "value": "793786512caaebdbc844190f8dd424c0f3af7adbf6c593d6ac5bd502c543961b", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577562, "uuid": "088e0979-00d8-4cec-82a8-3d116f0028dd", "comment": "Malware payload (Gozi)", "value": "f1aa65505a7dc57a6eb6ab696ccf97df6abd42f7", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577562, "uuid": "0a8d1cad-e386-4eaa-b361-b20861d76d31", "comment": "Malware payload (Gozi)", "value": "b4060370fd1799dcfa975bf6b77545c2f91ffaf29443e9a7c62cd96648ef831cf45ac730946e6046cb2d10faa76df557", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577562, "uuid": "6c9d4649-320b-42be-942e-6d3083d670d3", "value": "T1B1411B2D14FD6851CE12B3792816934702BCF139559FF176A36CBC500D20AA3594653E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577562, "uuid": "58f716b3-bab6-4fb6-917f-3f678808204f", "value": "24:9v0KWY5QlEMX/puXBoNj/8rPIhOkI42XGcsGfx7rgazTncISoHbZvI41Zf4cCJ52:9cK95QlEMX/gYTIppx7rzfHpKrOefnKX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577562, "uuid": "b4c54bdb-115b-419a-82f5-f0ebf0b14f48", "value": 1938, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577562, "uuid": "e1353d18-b8c3-4fd3-b6be-d44fa3f614e7", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577562, "uuid": "068e69c4-65f9-48c7-a43e-9abebfdbb7ba", "value": "Fattura 2203-23_012(4).zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d993b11-c998-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679589122, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589122, "uuid": "e79388b2-873d-4c69-9f9b-982a8e9d509a", "comment": "Malware payload (Mirai)", "value": "aa6bc43143c5f038486c81498af27572", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589122, "uuid": "bbf70694-0bec-4b65-99dd-b86346d4a2f3", "comment": "Malware payload (Mirai)", "value": "79dd1677eee445e0f9c5683c6e0258be3edb2a36ae440f2e594c25bf59088859", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589122, "uuid": "84fdf0e6-ad16-4b92-94c9-863fe91dbccb", "comment": "Malware payload (Mirai)", "value": "ef4d54c2ce92bb66b81bac41241e92b9786c42ba", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589122, "uuid": "bf0d725e-f705-4c7f-a776-ec61a68cc491", "comment": "Malware payload (Mirai)", "value": "ccac18b6f1cbaceb91ccabee52b4ff0cc7fcaa8ef0bf97a92a5516f7b74ddb0b77fee082ff0162623d87cdd10228de3c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589122, "uuid": "585faaec-b586-46ba-a78e-97ec686d0984", "value": "T1B733B8C19DA3FD75D2C5FAF8E9DAE2642CE78411E7B78746A0CD8D21C46F984210A36C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589122, "uuid": "7deb07b5-8d12-4860-9108-7946c3524977", "value": "768:XnrQUaTKNpAbzt5CkBCg00zfP5yjC9DM3QvAf:XKOQtzCgfPqQ4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679589122, "uuid": "f75d20b6-39e5-400b-b049-b87e2e7c7ef8", "value": 51714, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679589122, "uuid": "bf7f68d5-ce49-445d-bfd0-1462245768e9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589122, "uuid": "b4c56cab-a958-4da4-a5d6-61ba27273b13", "value": "aa6bc43143c5f038486c81498af27572", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "630fb209-c91d-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679536357, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536357, "uuid": "fc3e3ba1-1fd6-4f0f-ac9c-9b480c52fd48", "comment": "Malware payload (RedLineStealer)", "value": "1409c8f2c7771d41db1f32a58630486b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536357, "uuid": "b435d994-d7d7-4f54-aa18-b6abb2641e2e", "comment": "Malware payload (RedLineStealer)", "value": "7a1512f005ce15563abc5b2444d1a75aa875594dbf1ebef43700c5a578869adc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536357, "uuid": "4208749b-efb0-4457-babb-b2e127d3188c", "comment": "Malware payload (RedLineStealer)", "value": "7efda7662ca2eeabf42fe2ecb07eb51bbd631c12", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536357, "uuid": "1a8df923-9f2d-406b-abad-129399c0668a", "comment": "Malware payload (RedLineStealer)", "value": "8f00877b1dec3f0d65cb2691edd5a433bfca9888547264911b57d5b92662540e31ba697c502a1ce8db732439957e6b46", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536357, "uuid": "7fb008dc-81c7-4ccd-a1c5-ed1350a7edba", "value": "T19C2523137BE16873DCB10B7088F613D30A39B89148B9275B7B16AD5A5C723A142B277F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536357, "uuid": "234b0203-f38a-4299-99d7-1655f4039ec1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536357, "uuid": "8b76a3b1-a03f-4f90-a73c-5bb6b3309563", "value": "12288:gMr9y90bMP8K5/WmvySaSSX+WALVViwNm8073zRipTMmiGF20K5jeWu0kX4PHFu:ty2uzxtyMSXNuVEwQWLKLdkodu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679536357, "uuid": "bd49fdb1-e449-4524-a962-1800f69fe9ea", "value": 1035776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679536357, "uuid": "75aba8bd-b9ef-47d5-9e40-d06eb5d38672", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536357, "uuid": "0022d89b-04af-4a47-8559-9b71cbe38f47", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48146b2d-c979-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679575825, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575825, "uuid": "ef9fae21-8a08-400b-ac5a-da0eb8027e8c", "comment": "Malware payload (RedLineStealer)", "value": "5591357d0158014fa07040a52410772d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575825, "uuid": "c1778f9a-2a18-443c-871c-4ae30801f04e", "comment": "Malware payload (RedLineStealer)", "value": "7a3b8dfa31cb30e790a8abd00295d6078c2c52e0b57bc084ffe63b603c5f7956", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575825, "uuid": "8754520a-3ae0-47f3-b4db-070ac0db6641", "comment": "Malware payload (RedLineStealer)", "value": "4074f0726d0995fb1a0dfb2f139d7858b7ded892", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575825, "uuid": "ca262b05-4e76-4fea-a575-68641f428e93", "comment": "Malware payload (RedLineStealer)", "value": "63c8689beb2639022337f9b6139bae1d2fbca8f38b1670293b1c5a93138e77bbef2a9c476db1353d80ca70d2a0f91586", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575825, "uuid": "8c00cd8b-890f-4fb6-85c0-48239e660380", "value": "T1D5E41202B7D2D076E5A601398806C9F4667FBCF28F96CADB3B44563E0A357D1CA76306", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575825, "uuid": "5c2bb9a4-a2b0-48d6-a778-7b37a917ddbd", "value": "d82b59d9ac38acfa112d084d606d9e02", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575825, "uuid": "d2ac3290-85d8-4d00-aa9d-43695a0ab5d2", "value": "12288:E2ojXbiawPnPM5xFOEiwdj6jDji7KKIlShP22nNr9:tUOaiELUEb2jCePQPR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679575825, "uuid": "90869915-cccd-46d0-805d-05a98dfd060e", "value": 697856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679575825, "uuid": "12df17ee-0e49-42ef-999b-03b1bdf3c736", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575825, "uuid": "88a0de3b-df9f-49b4-8fcf-0d8f8da0a9f6", "value": "5591357d0158014fa07040a52410772d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "610b414d-c9ba-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679603784, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603784, "uuid": "bc9d883a-f0b3-4c75-a3ce-5a48fda74000", "comment": "Malware payload (Mirai)", "value": "586eeca30194a598139d07f830ca475c", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603784, "uuid": "7bb9ea4c-731e-4a16-a410-6b664534e9c9", "comment": "Malware payload (Mirai)", "value": "7b27e3245908a506cf3372e4134d1dd77c0d42e0afe815bd6e50dadec1f2fd6b", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603784, "uuid": "27fec6ac-24a9-4b9f-b3ed-ef1003538ad5", "comment": "Malware payload (Mirai)", "value": "78c364a6948655497dccb33fb92ae3d494a5d0da", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603784, "uuid": "797ab63d-bb2a-4142-a4cc-e72bbfca1f1a", "comment": "Malware payload (Mirai)", "value": "5325163176dee2c882b35c431105d40b16ab8c031554035c43fe6147552fa7ca3c47f8724ce7058e17cdbc7678a7b710", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603784, "uuid": "a40e3ceb-f68a-4f1a-be01-f98115e95457", "value": "T13173951D7E228FBDF7AD823147B78E21979823D523E1D685E2ACD5001E7024E645FFA8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603784, "uuid": "181e3961-4150-4b35-9b8b-7805bd3e26a7", "value": "768:SVf6jVtas68qOwV8InABA9rGizHvifit3N2ePqmljwQniGqW8mK/vtDvxuRVJycv:JFOH1G8a9CRqW8v/ZsBeVPogxYB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679603784, "uuid": "86d9cf32-b65e-4858-93d8-b74fb575f8bd", "value": 80720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679603784, "uuid": "f33efc34-0425-40ea-b9bf-84fcf71cca91", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603784, "uuid": "b6655b45-43ba-41b2-999b-f5f84342f5ac", "value": "nigga.mips", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30e9a5c9-c91c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679535843, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535843, "uuid": "05e23607-c16a-48b1-88bd-062237cd8fea", "comment": "Malware payload (Stop)", "value": "644fe68426d5ea6660a8f6e4afc46c8f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535843, "uuid": "c2727b15-71a6-42d6-8648-7d646be58f98", "comment": "Malware payload (Stop)", "value": "7b66937aa53c2d41ff581294c755c0398d9b0e908ceeb90294a08342645269d5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535843, "uuid": "1bb3dda0-a82b-4c98-a834-29aaa96dd44a", "comment": "Malware payload (Stop)", "value": "3aa1ead49c63992595ec6c96887cb8fa79fee758", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535843, "uuid": "0793cd5c-e685-4e2c-8813-a6e7850ab5f2", "comment": "Malware payload (Stop)", "value": "132d1eb3fe57322911fe470a67509a6bc9ed4e9bc12d1619d75bd2731f9816d4fdb9f0f9bab3a052927ba9ad79bf018b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535843, "uuid": "66e68571-a62c-4b15-8240-179b172ea64e", "value": "T1D1F4F10253E37861EF1746328E2AC3F82A5FB9629D5BBB5E161CEE3F09B41B1C542711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535843, "uuid": "89f9dc33-d806-44f1-bf20-2ef5dc765dbf", "value": "0c7d5e3cc418522bc761bfea9cf074f4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535843, "uuid": "bfbbe876-26ee-46eb-962f-e9d009c3d12b", "value": "12288:GzuyNAWXWxNOKya9fustB5GCLtko3XbBjIAqplH0SpNJzLu5Xuu5M3pbd:GKWXcsKBfztzGbeXbBUAYlFZUjWl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679535843, "uuid": "f494adc6-a1f4-4fc8-ae5f-5cac39011846", "value": 775168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679535843, "uuid": "048b23d8-d2d0-44dc-8109-6faf918547a7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535843, "uuid": "bcb6325d-79ee-4087-8294-cd7fb1c381a3", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "784c6bf8-c96b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Vidar)", "timestamp": 1679569893, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679569893, "uuid": "30a7edae-87e0-4d31-877d-947f5614dd6d", "comment": "Malware payload (Vidar)", "value": "6879c0e92290ed7a0e289cc3aaedc855", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679569893, "uuid": "4be3ea7a-30ed-4862-8197-aa9b7e8d4073", "comment": "Malware payload (Vidar)", "value": "7cf4bbf990447d72bd9d0ba0a19d824f8b598b4a8759cec8e53f92c2db9a221b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679569893, "uuid": "17d4d340-6cf6-4308-9499-3b4c7fb396ba", "comment": "Malware payload (Vidar)", "value": "142ec4479eab773d71ef7b2a76425c039b45fc1b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679569893, "uuid": "33bc2f66-f097-4220-8671-1ff05dc86cb6", "comment": "Malware payload (Vidar)", "value": "d8f4e234c9ca3661ec8e2637c88dd1a0134953d9ad075ae72a310af09a65a3099976ef3d64189220d974ea4496ed3ac2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679569893, "uuid": "9f89720f-a8b1-4046-8516-a8b1bb42cf00", "value": "T1DD8502319B906618F25910BCCF703D62525E7A3CAE70E732A231BDD84886ADF1729777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679569893, "uuid": "53aa1462-1bcd-4c12-a92b-2715a87d6e10", "value": "5c3af5c0b11483861140b825575680fb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679569893, "uuid": "c3f8dc3a-104b-468c-811a-dd5b2db21ddc", "value": "49152:oylp0eRr/wxlEr1k68gUOGWVwEEEEGoqFdC8:oyJRr/Qi1kpR1WVwEEEEGoqFd3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679569893, "uuid": "9365b939-b51f-409f-a757-7656f228ec94", "value": 1809320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679569893, "uuid": "0162f1d1-ed5a-408f-a220-f900571139a6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679569893, "uuid": "6c8a5cda-18fa-478a-a007-cced43d73d63", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a7cc217-c9bb-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679604176, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679604176, "uuid": "2c488e4a-01b3-48c6-a306-9f3af666f673", "comment": "Malware payload", "value": "563521da5df32e6af899223f2d5b3761", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679604176, "uuid": "84ff9a73-529e-45e1-8689-cac19641d2cf", "comment": "Malware payload", "value": "7d067d2bf76ee753a54bef3135c84127556f7ce25bf1e3a370f239f2e0f5779a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679604176, "uuid": "0c7bd40d-c711-4073-992a-c0bab98cff4d", "comment": "Malware payload", "value": "e154a6395277c3ca64e9892e0c91290ed81c1279", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679604176, "uuid": "838f4121-3877-40d3-802d-f6c7b77155c0", "comment": "Malware payload", "value": "a51bcadf2e19c36f744c083d099426e277f87020d0de5f62e36214159c180163662d06167cbcca52ce02356f6a40d4b8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679604176, "uuid": "7481122d-207e-4502-8280-22cb8961fded", "value": "T13FE56E23B284753AC0AB0A3A492BE6559C3F77753B12EC5B1BF40D4C4E35940AE3A65F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679604176, "uuid": "7448eed9-a075-4259-a595-b2bc090c9800", "value": "151ded1eb410a37381b23cafb34f2b17", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679604176, "uuid": "d839e3e9-72b1-4569-8002-22ca46941094", "value": "24576:4tJHM9+U3a5p/ePYoldz4Ik0/C+hJoxfA85hxBwS5yMuDXUNuD/vUdWUtZyh5dF6:CPU3pSlxiS5tuoHy15YTXEEIk5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679604176, "uuid": "39559bab-c501-4039-ae19-e680c79f9298", "value": 3198936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679604176, "uuid": "d4e5e019-cb23-48b0-b081-c2e65ed78509", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679604176, "uuid": "e6825373-32e1-441e-b2c3-0462fc36a1b2", "value": "Informativo semanal BSPTAo\u0300.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84a38220-c979-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679575927, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575927, "uuid": "8d7eadb1-e54a-49e9-8d29-a8d00bf8be15", "comment": "Malware payload (AgentTesla)", "value": "9f48a6382b8b352373cfbf2646d4d9af", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575927, "uuid": "0c976339-4d2a-40d7-b417-d8f985b1b56c", "comment": "Malware payload (AgentTesla)", "value": "7d59d1fd54b2817f40b60fa870ed95701ee18975c91b6ac1b6ad145339d4291c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575927, "uuid": "28243bb0-42b7-4169-8dfd-c812b3fdb8e6", "comment": "Malware payload (AgentTesla)", "value": "69570d4086d3d1df8f664e3e8e222cf080e8f5a9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575927, "uuid": "58925da7-2671-48b9-8868-239638b574ab", "comment": "Malware payload (AgentTesla)", "value": "50e177d74a45fad319f92bb7cf8d934ddb20d69c9515c46df1daa0aabba03ae0247d277d73cbaa6f6b5d8c014e153b8c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575927, "uuid": "71d07072-e890-4b93-a244-8e73c0aa4ca8", "value": "T1CF256C40EFAA5460F12044BA216B7D1FCD51A88D98EDFB6E190FEF71F5E221D1D82E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575927, "uuid": "80e8bf7c-71da-4ecf-955e-a5c381a53209", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575927, "uuid": "55bd54e1-413b-4c00-ae0a-0596745bf53f", "value": "24576:FQIHYeDEV2DL0kHtu/OcgafoQ6jXoHhFjs:xD0CLxNu/Tg7Q6Do", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679575927, "uuid": "09220787-295b-40dc-b2fb-b1cb482f5fc6", "value": 968704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679575927, "uuid": "b2718622-f4cf-43f0-8a14-163b9b2c29a9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575927, "uuid": "2058308c-7d06-4c4f-91ab-4f57f156a40c", "value": "ORDER.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b3cc966-c91e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679536666, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536666, "uuid": "f6e7d4af-9e8f-4d3c-add6-c1f6da4d5731", "comment": "Malware payload (Smoke Loader)", "value": "2e50ff5a4eaf4bcf6889122848c3d395", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536666, "uuid": "0e590f79-8e8a-4884-86c5-6a82a0cc14ff", "comment": "Malware payload (Smoke Loader)", "value": "7dc93e54be08dbe56ec03bc1f8bce51fd560b3fabc54e039a61bb7bb389686a9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536666, "uuid": "ca65ebe0-1f40-47b7-acf2-7847f4cf06d3", "comment": "Malware payload (Smoke Loader)", "value": "f9da02d7da40086ada805b947a32c3e7e24a34fb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536666, "uuid": "45aa5610-9cdf-46ac-bf5b-276803a3d650", "comment": "Malware payload (Smoke Loader)", "value": "83a08d903777a1106fdb95948e524f7efd383c370b93b3fa97e9bd15e457ad126360d245f3e3096f85e79281944b9d82", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536666, "uuid": "0e5155e6-bd34-45f6-848f-c52f9e4fddd7", "value": "T116447D0253E36860EF2247728E2FC7F82A2EBC619D5B7F6E174DAA3F09741A1C152715", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536666, "uuid": "00a9cd74-a52f-40b0-adf0-d2803435eba2", "value": "0c7d5e3cc418522bc761bfea9cf074f4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536666, "uuid": "4d8f3ce1-5f55-4a79-9cbb-aad9d35548ae", "value": "3072:EjD6COvMLHYgirNESu3dVUYqFcbzAPt1UPMiuhzmzoBasevhMa:rELjUNa3qYEt1UPMNZdaRv6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679536666, "uuid": "2f210dbb-a0b7-41e7-9c30-5fbc536f3382", "value": 254464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679536666, "uuid": "7cfdf24a-4a18-4294-a2c4-1c4d8883dfc1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536666, "uuid": "45996447-2b2a-4242-8f42-1aa71f7d1ab6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18863676-c941-11ed-88f6-42010a9c006e", "comment": "Malware payload (CrealStealer)", "timestamp": 1679551693, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551693, "uuid": "ef04594f-d8eb-4b69-8418-455f4f5ed175", "comment": "Malware payload (CrealStealer)", "value": "2120b49043ad53c0a73cbf60bc110f8e", "object_relation": "md5", "Tag": [ { "name": "CrealStealer", "colour": "#5A9C16", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551693, "uuid": "f7334210-eeb9-4527-aaa0-8451e478bfd4", "comment": "Malware payload (CrealStealer)", "value": "7dd0f281b3da915e99690900150c0af179d057ca09e36bc33ef699d497e680aa", "object_relation": "sha256", "Tag": [ { "name": "CrealStealer", "colour": "#5A9C16", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551693, "uuid": "ae4931bd-1081-44c4-9bd2-331cf09ca0dd", "comment": "Malware payload (CrealStealer)", "value": "cdf7cbd438450762ffa5272c2eb252b9fdbb48d0", "object_relation": "sha1", "Tag": [ { "name": "CrealStealer", "colour": "#5A9C16", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551693, "uuid": "ee575bb4-f755-4d92-8eb0-bdb5d4bdca75", "comment": "Malware payload (CrealStealer)", "value": "0e93e8f91a12abc5e5ca16cacc5a35bda6fde7d6732d50bd3a980251802d8c39acea4564e08a914f8c89ff56c32ff342", "object_relation": "sha3-384", "Tag": [ { "name": "CrealStealer", "colour": "#5A9C16", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551693, "uuid": "986d43f0-3f5f-42b4-bd3f-6cc71aa7f23f", "value": "T10CE6335507F85CE9EAAAE13B4E1B8018D9D6BD1003E4D1CB429A87560DFB2E17CBBF44", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551693, "uuid": "558b2a43-cfda-44fe-82c9-c86e707d6419", "value": "0b5552dccd9d0a834cea55c0c8fc05be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551693, "uuid": "8327377c-d7b0-4334-aab1-8a75278eb106", "value": "393216:uu7L/kdQuslN/m3pDl9AJ4ZoWOv+9fPV4av4GoEsof:uCLsdQu4KRS4ZorvS3N4zEsof", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679551693, "uuid": "eab1421e-5a87-4166-8719-b5839f5c2277", "value": 15260816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679551693, "uuid": "1f5ba20f-0f37-44fd-84e8-ed1ccd43d6ea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551693, "uuid": "30abe178-7f65-40a1-8962-28734c2caf1d", "value": "2120b49043ad53c0a73cbf60bc110f8e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b5986fd-c97d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577575, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577575, "uuid": "d35c6d33-ba84-496d-9f74-66f0870ac54b", "comment": "Malware payload (Gozi)", "value": "3a0d11506298c4f1bf144dcf4105c9d8", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577575, "uuid": "1b43126f-2641-4830-a4d9-457174d244db", "comment": "Malware payload (Gozi)", "value": "7deda4c3497fe21a090b18c30134bef8dcd78c71d01e6bf9d51dd7cbf83e49e9", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577575, "uuid": "da4c2541-e9fe-4e6e-b2c5-700561b8ce6a", "comment": "Malware payload (Gozi)", "value": "4581a4ee0171cee30eb21945780b1440cf601d58", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577575, "uuid": "c937c069-c935-4b38-81da-2e0fe4f79cb4", "comment": "Malware payload (Gozi)", "value": "a006a74b10e47ef85f4bd898f954a7d3505123569133366c43438ef275bc87878f40e07dd57cbe71da8d522da9cffd4c", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577575, "uuid": "641c13ca-4b9d-4161-847f-9c50541027ac", "value": "T12541EC1C75A59202EC61D370C24D21A5C3C1FB36AA3297C3B5C57C245E979A27ED1ECE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577575, "uuid": "29155a50-4c51-444b-a803-d6e3e1d2a3e4", "value": "48:9x7Kh16UE9h8myVBKKPB+tFKrtGBLIhQPWyPEQOzK2h5e1Z8/A57fn6Cn:o16UEGQsVcfuyMQFWaZCAp6C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577575, "uuid": "48ce56a1-c3e4-466b-9903-ff2ef1cc7d78", "value": 1968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577575, "uuid": "8cd81f94-64ad-45ac-a2bf-0d84187fc240", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577575, "uuid": "ac1c2f58-8fae-4a14-b664-bf5fa1904b32", "value": "Fattura 2203-23_012(8).zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99fb5f5b-c98f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Guildma)", "timestamp": 1679585411, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585411, "uuid": "44c5814b-5dc2-4dde-82a8-1de17df09fa6", "comment": "Malware payload (Guildma)", "value": "024d7628b2ed69b9e272e2093438e7f3", "object_relation": "md5", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585411, "uuid": "9f2928a3-137d-4c63-b9c6-8a8cd792318a", "comment": "Malware payload (Guildma)", "value": "7e03f5300a40755f723f43143bc4b72a59b67edf9f66a5b3d7d845aa125a0a24", "object_relation": "sha256", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585411, "uuid": "7791c1ee-09ce-4caf-825e-bdb57380f5bd", "comment": "Malware payload (Guildma)", "value": "e4213b9b0f603c94fcc69b2a55b708936f8b8818", "object_relation": "sha1", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585411, "uuid": "3ca435dc-0f23-49d6-927f-53a730038632", "comment": "Malware payload (Guildma)", "value": "9d8ca3fe9cc3c3f1af2a604a87cceae3ff022cb13bfdfca1835fa50eb5f21a538f8a24d7e15bd9f587d16e05216dba47", "object_relation": "sha3-384", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585411, "uuid": "b689d598-c699-4687-8e46-3fe18cf8c825", "value": "T14EE0726BF9223EA3D30F05C20FA91A229E00A8AA0E59388B0E8283008608C40A12C7A0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585411, "uuid": "0c3c4df8-9333-4dcb-ba3b-e127153eaa8c", "value": "6:SGIfGlkIncq9BXJIjdXOVLGbuOmqmsXee8aSl/N19xDIWgBAK/qD5eFFFn:Qgk039QjdyLnOmqm7WODFpYqD5qv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679585411, "uuid": "8e30ea9b-9ccf-4221-873c-e9c3e4bede22", "value": 301, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679585411, "uuid": "fc81a84d-b75e-44a4-b23d-ac7dc7b1c115", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585411, "uuid": "6e4f8510-6a1d-40e6-8f65-a70ef9a9cb86", "value": "Ref_108843474529885_501.31074321.392652.24718.cmd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "038c83ea-c941-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679551658, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551658, "uuid": "e039d761-b897-4024-8ac4-b8a1cb405fa0", "comment": "Malware payload (SnakeKeylogger)", "value": "bca1307f8aed2bb1798de5142d3862c7", "object_relation": "md5", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551658, "uuid": "7397a27d-29ec-4ef0-9944-ee54dd205656", "comment": "Malware payload (SnakeKeylogger)", "value": "7e8803c5142bbe84a54c3de3bcd20ff90a03ecc319c5672f382b4197c40ae073", "object_relation": "sha256", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551658, "uuid": "23a0c977-3b25-41d1-8824-2f9e92a0cb54", "comment": "Malware payload (SnakeKeylogger)", "value": "a15dd2b2fd0267504e6fa407dcb4caa794217b5c", "object_relation": "sha1", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551658, "uuid": "5794cb35-122e-4127-a603-e52a1946a309", "comment": "Malware payload (SnakeKeylogger)", "value": "bca30b4458ffa310343cc4ebf9a286b587bc57fde3d2d864ee9d767db6ed66fdad980360c60db407286e13f26a3a35a1", "object_relation": "sha3-384", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551658, "uuid": "d3be1c1a-4933-4a78-b170-90a896f3f9aa", "value": "T1C0E4233C6106A4D5FFC310B092D5AE006C0909A6BC7AEA53FEA4737975589FF710A933", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551658, "uuid": "ea7f7f1f-6851-4ae5-a0d7-91d14be7f4fd", "value": "12288:W9Z7Mf30JzYNxu03dApIDAahCUSV9HqIjDydV6NQ0ANWKkJYEVJ3U+IHs6:W4PGc5CpvSiHqU6V6NCZa396F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679551658, "uuid": "71810166-9e44-4757-aea9-eb9aa33e9352", "value": 682780, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679551658, "uuid": "412d6d1f-ecca-41c3-9e3d-12e928b8e15e", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551658, "uuid": "626131da-f80a-45be-878c-76434b559f61", "value": "57m\ufffd LPG SEMI TRAILER 7 NOS.pdf.xz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "603fa191-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679583167, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583167, "uuid": "d39950b2-0736-4fa3-9ab2-230b9448d73c", "comment": "Malware payload (AgentTesla)", "value": "7fcd7305e8bd43ac94ef417e39c39451", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583167, "uuid": "d6649cf3-dede-45ac-9d12-b0c711e387a8", "comment": "Malware payload (AgentTesla)", "value": "7ff7885e26b1aadbd22f3d4c2a6e50ebfe67bbb6e01295024ec763f6f3bbd004", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583167, "uuid": "b27a861c-e491-4d6c-9e55-1fb6218761ee", "comment": "Malware payload (AgentTesla)", "value": "fa5877068f1953df2fc237ba6ceb5ac5cba3d632", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583167, "uuid": "652d3059-8932-48bf-9ece-119920dd820d", "comment": "Malware payload (AgentTesla)", "value": "2b0a33f99f4671c98be31c89e3f740678a0a657ed13d5841a171c6965ad5769e70b99be33897bcd11061738a512aa366", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583167, "uuid": "48ec5a37-7167-48a1-a124-99c08501e1cd", "value": "T1C324BF8A760774DFC51BDA72C9AA6C146760E3A2635BC107B00B139D8A0EBDBCF511E7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583167, "uuid": "15b4b319-b36e-4e45-a570-a6d209ab597f", "value": "6144:+GAMD6Zj08ZrGiFQqMMgZThVNhJkOln4:DAMD6Zj1NQJtbhJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583167, "uuid": "59ccc913-65b3-4eee-be67-a3aa568f0946", "value": 219208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583167, "uuid": "45b7c1e0-8e70-4551-86bf-a3386f4e11b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583167, "uuid": "b09f44e5-549a-4dee-ba68-be6479c18f5f", "value": "e-Dekont-22-03-2023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a10208d-c9af-11ed-88f6-42010a9c006e", "comment": "Malware payload (CryptBot)", "timestamp": 1679598914, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679598914, "uuid": "b6ea23e6-1a14-43f8-b15b-64fd5afc0b98", "comment": "Malware payload (CryptBot)", "value": "491cdabdc48d761e951d8f8cf9defa9e", "object_relation": "md5", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679598914, "uuid": "8b4deb58-0c87-4e25-85c1-d4ec32bc3b6e", "comment": "Malware payload (CryptBot)", "value": "8079494d11dee40b555bde3a9af104f0d9ea48ee64b89256cdd3200b38d91ccf", "object_relation": "sha256", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679598914, "uuid": "db96b583-fe56-4766-a4d4-423f189f41f1", "comment": "Malware payload (CryptBot)", "value": "751fe62c846cc434a362baa74db9a2632658792a", "object_relation": "sha1", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679598914, "uuid": "76446719-684a-4839-9c71-02939ba165dd", "comment": "Malware payload (CryptBot)", "value": "43ce713c7ca1d050dedce011febf28680fb7c7ceb368cebf2996eb059d6b7e6a22b09c14cffe675d102d2af8ae3cf302", "object_relation": "sha3-384", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679598914, "uuid": "10808124-e741-4357-ab9a-edc60a9be9af", "value": "T1995623D22329D9C2CDEB5835782FBD5830F55F968709FC7B6446BEC026336D2A191A0B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679598914, "uuid": "8b78a937-1914-486b-bf13-f1345010a60a", "value": "1b0ab15a5b3918fa3eb216280ab3b6db", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679598914, "uuid": "e6f692e8-7f6a-4a93-9ded-e11687d9cc07", "value": "196608:sFNE8AU8Ddhot2JiezLb3TwjZ3oBsPAeZed9GMYqHXefeg1D4m37em7LQRc:sFrATJJ53yZ3oBsPAeZed9GMYqHXefed", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679598914, "uuid": "289304a2-8077-4d44-9930-d9c65ad3efda", "value": 6456320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679598914, "uuid": "63286239-24d2-4803-bc37-9144b568908b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679598914, "uuid": "18bffa25-6f03-4ad2-a9c9-0936ba501cb5", "value": "491cdabdc48d761e951d8f8cf9defa9e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "292bb720-c98b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679583504, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583504, "uuid": "7c8ccfd0-9e83-46a6-8f34-d9ad48c311d8", "comment": "Malware payload (Mirai)", "value": "f31823ea2494e02248099598b218a98b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583504, "uuid": "c353a069-790a-41cc-98bb-af7779d4533d", "comment": "Malware payload (Mirai)", "value": "81a62fed1b4ca5ac39ca6773fb07c0473b1433fc8906ef7c11cd670ad330a073", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583504, "uuid": "1727d2b5-76aa-4a37-a04e-48a70e4ee667", "comment": "Malware payload (Mirai)", "value": "03a0b7f341e005398a19f28f3f53733d6544118d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583504, "uuid": "65e8c77b-27f9-417e-8f53-92095ec0e454", "comment": "Malware payload (Mirai)", "value": "5b777896d213b2635a5464e2fe373f369fcc361798b511d695899a007ed402fe4d21901164b4253dd4237d3b35c404e0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583504, "uuid": "c946fd29-c80c-41be-9a4d-17eeea8b3e2e", "value": "T194435BC4F643D8F5EC8705712077FB379B72E1E922A8D643D3B4DA32AC52651E606A8C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583504, "uuid": "4834ef36-af38-48e8-882f-825a69d8b00f", "value": "1536:JeESt/basV2rcZhG6+KN7TqONlSR9zWOIaEjrqMS:JeESt/basVTgW7TqONQRVtXESh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583504, "uuid": "07151a82-0c3c-4ea9-a548-55d619937e07", "value": 55632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583504, "uuid": "3ca0a0d1-1e91-4fda-89db-7d437925b244", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583504, "uuid": "01c56569-e76b-41c6-bed8-1f224898fb48", "value": "f31823ea2494e02248099598b218a98b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6dea0bc8-c93a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679548830, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548830, "uuid": "a691dcf5-15ad-488f-9cc6-4d57fe6394c2", "comment": "Malware payload (Mirai)", "value": "0cfe132feb25e6f9ff91b1c78705abf5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548830, "uuid": "e03464ad-588a-44df-a875-aad1d909e9cf", "comment": "Malware payload (Mirai)", "value": "81e275e8fd9fa4825b8d23e0e63b05931395d73d48c0eff859ef882003cffdd5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548830, "uuid": "0602e3d9-26ef-4105-9b27-bd5ec3668e4c", "comment": "Malware payload (Mirai)", "value": "e8353f91762a107a42a983e299391d494930d6e6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548830, "uuid": "574a16de-a6d7-4781-81f9-44168bc20a7c", "comment": "Malware payload (Mirai)", "value": "eaaf8faa4e90f08573c64aa587026e5c32b6dbe366c40f1fabe5b4522722cba3aba9055d65a201899f607ca8c4d985fd", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548830, "uuid": "2443b23e-1ff2-4585-b49d-6fae366af545", "value": "T11B930845BC815B12D5D822BAFA6E018D336327BCE3EE71129D105F2577CAA1F0E77A42", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548830, "uuid": "7558ad09-0ae9-4f4b-aa5f-ce2a2936233a", "value": "1536:/JnX4h9coIAvbtqbDfgl1fv6MzlkDPk7gImPGYgqlLkfjA6VD2Oml3eciMQpVxnz:t4XZb4XukDPodmPGlqlLkfjAUVmQpVxz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679548830, "uuid": "ac42e550-74d7-49d6-8241-19956746addb", "value": 90036, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679548830, "uuid": "20ede272-392e-4c74-bbe2-8f49c2cfd962", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548830, "uuid": "3c835bf2-89d7-4073-8d72-0938f7a90efa", "value": "0cfe132feb25e6f9ff91b1c78705abf5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fdea7dca-c914-11ed-88f6-42010a9c006e", "comment": "Malware payload (LummaStealer)", "timestamp": 1679532751, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532751, "uuid": "cffabbd9-8b00-4e6c-b59f-307624fce3b3", "comment": "Malware payload (LummaStealer)", "value": "1464311214386b6ff89727d22b3d9788", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532751, "uuid": "3c68b5e6-9959-48c9-b188-d8c9598c3793", "comment": "Malware payload (LummaStealer)", "value": "823b29e3ca0b480396011e7e9efcc0a617da87e11fcbbc6e0c62b4d913df6810", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532751, "uuid": "71fa6ea2-c806-4a7d-bdf9-d03e34f5276f", "comment": "Malware payload (LummaStealer)", "value": "ae71f2b5211b55080c14e4336ad8783851b8ed7f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532751, "uuid": "2070437d-3d23-405d-9a7d-a789935f5534", "comment": "Malware payload (LummaStealer)", "value": "670e7ad0749dae65e9cb0eb466c0d2de35bd465d05e8a6f31f532ff238a0d4dbffe18778e612ad6ca41811bc82cf4b8a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532751, "uuid": "47410dd0-3174-4dd4-ad2d-d5a077a9d866", "value": "T1C7847E0253E36C60EF1347728F2ECAF82A6EB8215D57BB5E164DE93F0D701A1D562316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532751, "uuid": "ad96963a-e980-406d-96fa-4aab7a933936", "value": "18027003e68ded455b288db03553d6d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532751, "uuid": "df0aa050-c93c-4618-a391-c1cb3dc2d838", "value": "3072:QoqCChPIAZHQuKpK2onPKPO52a1clECEcgmh1tKDGYn9Ma:OuAquOKnPt2blAih17UG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679532751, "uuid": "92888d4d-fe1e-4104-a780-074e9f1ec7b2", "value": 396800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679532751, "uuid": "fa1d41e9-fdc0-4ddd-909f-5cf465798e91", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532751, "uuid": "3c0176a0-3c81-496a-87a7-1551afac9c04", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c2cd398-c941-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679551673, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551673, "uuid": "77d26a3a-0c7d-4403-9604-797c335deb3e", "comment": "Malware payload (SnakeKeylogger)", "value": "97796195481c4ea47ba4e506c3804dd7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551673, "uuid": "bd09d841-8534-4941-aba6-9c105c271d19", "comment": "Malware payload (SnakeKeylogger)", "value": "824dadc3062c55f2148985f868480eff8a790c97750ca7325351bc9805d71ace", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551673, "uuid": "89192282-df93-491e-8a5c-cc2c1b6b7bc9", "comment": "Malware payload (SnakeKeylogger)", "value": "cdc2e3dfec4511eb4bc259428d4ba8bd298409dc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551673, "uuid": "07a73c4e-6af0-44e4-b396-a3e9efe863cc", "comment": "Malware payload (SnakeKeylogger)", "value": "91197077f244caa44897cd03d12634ad760629038c45505e48588181f19b820a853d771cc1eadc2b2072570e382b5a32", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551673, "uuid": "13876d48-ef05-4fca-ae57-46dbac5fb18e", "value": "T1652529C9EBAB1110F431407921DB7D5F8D52A48D98DDFB6E198EFF33E5E22095C82A21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551673, "uuid": "816f8749-b1c4-46b6-8c6f-20b272a87f35", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551673, "uuid": "e36a1b94-09f8-4db0-8627-8a61ab5fa775", "value": "12288:c+QpPCF8F/RBycWk5jEJTmRneYj6QPImhCo3gL6AmL8+XCVOvxiLATAGn3WtNmBa:XQpKQ5B2kVE09jxI4c2BL8/VS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679551673, "uuid": "58633fa6-ba31-47f4-8ff1-3c90abc1e03c", "value": 1029120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679551673, "uuid": "d0fbeabc-10d7-40d1-bd8d-f17afcb69d3e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551673, "uuid": "799e7aa7-a7b0-41d0-b70e-424174b16115", "value": "TT slip #893893223 .pdf .", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9c8f56b-c9b2-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679600497, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679600497, "uuid": "8ac5b516-0afe-40f3-bea3-4f709d5939fd", "comment": "Malware payload (Mirai)", "value": "aa082d12818b135d8a977e9b8ec6f03e", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679600497, "uuid": "3248a947-029c-449a-8a2d-c3d12d5dfe56", "comment": "Malware payload (Mirai)", "value": "82675dbe590a4b96bcfc482fce5e1c0dba75ae62e9eb12bd6d159ac204f6563e", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679600497, "uuid": "16d72d42-710f-45c8-a8fd-cdbad2752286", "comment": "Malware payload (Mirai)", "value": "e12ab4e00f16bf8ef09003b11f3040ca8daf57d1", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679600497, "uuid": "c0f836a5-68e8-4ae0-b56a-ea8a3f01be31", "comment": "Malware payload (Mirai)", "value": "5dd057b89587546d0196e8edfc26e9d9932941862503b4942a5055c59c387bb101bc373ebca4540eab86dc35ed60e23b", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679600497, "uuid": "b52a38ee-a9c7-48ba-acf6-c1a5e4a03ef6", "value": "T17173F703E94544FCC059C5305F6F763BEA3AB97C023EB2AA5B80EA336D56D60CE1E645", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679600497, "uuid": "a8632d52-2153-4d0f-b883-a68e3e10663f", "value": "1536:UmyUwmNqDRCJDcRLImQa/ncbh4LaqLNqSEiOwk:UZH8GRCdcmq/ncbh4Okoid", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679600497, "uuid": "c4c1bc78-cbbf-4c52-92af-048ce130959a", "value": 75000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679600497, "uuid": "b0598ad8-7f6e-42dd-84d8-ea235dd1f3e3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679600497, "uuid": "a613cfac-de30-436b-8749-4671e626a974", "value": "aa082d12818b135d8a977e9b8ec6f03e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6fcb5df2-c928-11ed-88f6-42010a9c006e", "comment": "Malware payload (Tofsee)", "timestamp": 1679541102, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679541102, "uuid": "d0bafee2-9929-472e-81c0-b6bd3c1ba32c", "comment": "Malware payload (Tofsee)", "value": "640baf96cd3145911dfa3e68e4376df5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679541102, "uuid": "1fd2894d-5d7b-44cd-a6f8-65333fa75d1c", "comment": "Malware payload (Tofsee)", "value": "826f56215db689e9bce1884f4d6096f2a4512c7ee80ca3bcaaf1883c0782b492", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679541102, "uuid": "fad1fd4c-bd9f-4120-b56a-7a81c45ef77a", "comment": "Malware payload (Tofsee)", "value": "cb5dc1a84cf74ccea6cdb76812d8373f15dfc063", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679541102, "uuid": "9d96bf66-93f0-48d6-afb5-31c722799b32", "comment": "Malware payload (Tofsee)", "value": "910bfa212d47dfe2a3e22f5783f9b799e8137e6aaefa6ad053960100fe74e67032894233e24c9f029f33b8c9c2113f08", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679541102, "uuid": "c8abda85-5fb5-4ece-a232-327ebb721b9d", "value": "T145447D0253E36821EF2247328F2EC7F82A2EBC619E5B7B9E174DE92F0D741A1D552711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679541102, "uuid": "c5f3e087-27c6-460e-a2fc-058f0cf12159", "value": "0c7d5e3cc418522bc761bfea9cf074f4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679541102, "uuid": "68f95654-1d49-4b96-a5ef-6a5ac6bbe19b", "value": "3072:WzuROOlSwmYg/vNEHH9vwVUQGKIYPXFFEdETYj6BWH8lsBNyL/ZMa:tkwgnNouIYUQYj6B9si/C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679541102, "uuid": "ecf41118-d189-4333-95b0-c2dd432b2b76", "value": 253952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679541102, "uuid": "d90ed5ab-ab3c-4e24-8c7e-82f35683432a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679541102, "uuid": "83950775-29d9-4962-8463-bae9a5cfd194", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa74adca-c9bd-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679605196, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679605196, "uuid": "95a2d575-c641-4f9e-887c-7488d3960316", "comment": "Malware payload", "value": "3b11503c198231185483a2b6a781ff42", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679605196, "uuid": "585fd642-fbca-4747-ad33-87d9cafaa039", "comment": "Malware payload", "value": "8288a263db46e66e2b4ce9d425d40e245bd0d503546250dadeb86146929e2d8c", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679605196, "uuid": "81c4bd0e-7838-44a5-966a-cbbd5cb31a8e", "comment": "Malware payload", "value": "96063f669e2c82d4108b4d8d29ff69a295eccc3a", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679605196, "uuid": "c96bd3d5-9a22-4487-924b-cb24930b70b1", "comment": "Malware payload", "value": "7f5e0e5cdf8360bc4e8dc6f213732f2fc54bd619ba238b5f596026228db69b560d5e4e5e0dfb6b44634f17c8d5255e33", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679605196, "uuid": "026a2810-1e92-4448-8028-c8d6fd8cb5db", "value": "T17D129559BB42689051C7946DAF83E8106971005B185C1C11F6FCD5CE2F8AFAACB7F68D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679605196, "uuid": "3d1d646b-d2d1-4afe-8656-7ed15f2e1e71", "value": "192:Rc9qli39Ns2x1y7cxnOEfTbKtLglz6svEKDlQNKpKRrQpoCh+pCa5Ybw:R0fs2Lywxot8hVvLNICY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679605196, "uuid": "468f5f91-9a7b-41cf-a1e4-6ade80efd7b2", "value": 9060, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679605196, "uuid": "ba464eb6-21aa-4216-abb3-a239c6acbee5", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679605196, "uuid": "30c567dc-d409-4d48-8a48-96380657a964", "value": "8288a263db46e66e2b4ce9d425d40e245bd0d503546250dadeb86146929e2d8c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3fe5355-c974-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679573859, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573859, "uuid": "109b3434-d265-46cd-b708-2d0c1d524cc3", "comment": "Malware payload (Formbook)", "value": "b6dc53673c840dad2b248e5d31c3afbd", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573859, "uuid": "e81ba234-a7cb-45c6-9857-1a1dc21116d6", "comment": "Malware payload (Formbook)", "value": "82c2a91ec3a4cb8d3b6a4fdb56aff624a9f08f561c9c9dcf1c48402991d14c3f", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573859, "uuid": "793084af-a0e6-4a1e-87d4-bdfa67ec8fdd", "comment": "Malware payload (Formbook)", "value": "dd522daa26ab0c96be7820c78f99c21828dbaa72", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573859, "uuid": "a075938b-a78c-4139-905a-60de792d260d", "comment": "Malware payload (Formbook)", "value": "75f28d535be1cca6990541585d470978f6fe7a11ffdb3a3b3a7d922196180ab4c8f999c74e14cb746e59a146907950b4", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679573859, "uuid": "189e5c9c-b839-4acf-bb50-bdf5ac2d3d1a", "value": "T1F6256B41EFAA5560F11144BA216B7D5FCD51A88E98EDFB6E090FEF31F5E220D1C82E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679573859, "uuid": "a690fc4b-9c2f-4cd7-a718-ef247812154f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679573859, "uuid": "01ea9b68-0d5d-45cc-924e-1d505f6c9d7d", "value": "24576:ZQBef1kZf/Pm/EonVaXYKfHOWrkV+WnYI:7G/4EoVaoioV+g", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679573859, "uuid": "c2d06cdb-3a95-4360-89fd-d1bf4d9ff370", "value": 989184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679573859, "uuid": "3b1867d9-0a9c-4005-8d05-da16d017efd4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679573859, "uuid": "26822b4b-5f10-4b96-88f3-27f805f86fa8", "value": "Shipping_documents.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f0d3aad-c94c-11ed-88f6-42010a9c006e", "comment": "Malware payload (AsyncRAT)", "timestamp": 1679556456, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556456, "uuid": "fd28af42-8061-4f02-9f26-01a0b6d50565", "comment": "Malware payload (AsyncRAT)", "value": "27b793bfdccc9569e57aaa7aa6fbc321", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556456, "uuid": "71dc83fd-e861-4ebf-8f3d-89877743f667", "comment": "Malware payload (AsyncRAT)", "value": "8369947367d812406853c2bcac444b1a6c374c2816df0ecf1d126c33c80ffca2", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556456, "uuid": "726b8e1e-6597-4872-a63e-aaff3d53e682", "comment": "Malware payload (AsyncRAT)", "value": "8877645413921811cd6320d45a87b85be8d26033", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556456, "uuid": "cf35fafb-3a30-43be-84a4-5e2cde896b7f", "comment": "Malware payload (AsyncRAT)", "value": "27075685790dc581049e55046f16f4a988feff2e8feaf8a691c3dfd48e76c319f64a04f4f0d28e7fdbb4a4acf779ee15", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556456, "uuid": "7c51b74f-f5f2-4129-9a31-7b8fcab61346", "value": "T1DB735E13EE6B2E12ED1D04922EB7093DDC78286B25E268FA984153E46DC210C7DDECF5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556456, "uuid": "665630c4-c298-4919-989a-d4b08c4fb810", "value": "96:ABKpBKpBKpBKpBKpBKpBKpBKpBKpBKpBKpBKXBKpBKpBKpBKpBKpBKpBKpBKpBK+:rnoDJsVNq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679556456, "uuid": "a81bdf49-bba2-4430-8072-cab8979646c5", "value": 80274, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679556456, "uuid": "3db5f5d4-8b56-4903-b93a-f6667ca65f3c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556456, "uuid": "175ef7e2-6a43-43cc-a50f-587fa6444266", "value": "Statment 1412500240.JS", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f16f21eb-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679564513, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564513, "uuid": "9972a732-f6b0-4263-880b-790c28b43dce", "comment": "Malware payload", "value": "ad021d84055a6caf8eb4ed6f71a50759", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564513, "uuid": "07a3a9e1-e605-4ef7-b979-1b4a8756863b", "comment": "Malware payload", "value": "84024305c208e6ab97e6471dc123b9af92335fcb072fd7ff0e8cc587a6ee4fa8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564513, "uuid": "77ba90de-5a0e-4d81-b816-9543e8006b2e", "comment": "Malware payload", "value": "321127a7f85e7041cdc107d4a66894da35a85114", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564513, "uuid": "ecbbeffc-0c5f-4486-8cce-65ba227264f1", "comment": "Malware payload", "value": "d84dba45ef955d6331bb804c5dd8048007bba169d4cee338b0860e15eee6cb8e2778cf1b68ea4ec073970a68d1d9d169", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564513, "uuid": "fc5658f4-d089-4199-b0c8-f13b79d0c255", "value": "T16295A4DD766072DFC86BD462DEA82CA8FA5174BB831F5103902715ADAE4D89BCF140F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564513, "uuid": "e084bad7-102f-40df-8ee8-935e1434f81e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564513, "uuid": "479ddc6b-0cd6-4af5-bfa7-1d2383a05c22", "value": "24576:adwAUGGUXM5Fv2uBBsrDHw0MiJi+2gvhNo8dzDURCHPYgxDNvhAuimv4Wt:MnZGUXwwo+2gvhC8V0gxDNJAumW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564513, "uuid": "db308107-5a2d-4d3a-9130-e197581569c5", "value": 2012160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564513, "uuid": "858ad4ad-3bc2-4c62-bfd3-a2bdb8a1ed8a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564513, "uuid": "2e1aa4a3-a3d0-41c8-9573-5ad9854c1b18", "value": "ad021d84055a6caf8eb4ed6f71a50759.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "638ca3e7-c9ba-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679603788, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603788, "uuid": "03e15203-bc04-43ae-ad10-d22395db92c6", "comment": "Malware payload (Mirai)", "value": "0df3df74b1af3b9176aab1866845145b", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603788, "uuid": "745cd712-4124-49bc-adba-09aadaa1f914", "comment": "Malware payload (Mirai)", "value": "84241a72c6c137e15034a78b5a0ae7de9e982f1cf63d347d47f260e99a5918cf", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603788, "uuid": "03d500ea-c810-463c-aab0-9f23056940b3", "comment": "Malware payload (Mirai)", "value": "1d2f60f9300b23cbc060689d8be52b357ca8fe29", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603788, "uuid": "1f43ba24-0fdf-4b3e-8c16-0217fffca474", "comment": "Malware payload (Mirai)", "value": "17f231acef7445cb6ccaebc2d176f957035edea8bffc30552aeb5c23b539cdf90abe2715911189cdd7db908052917c94", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603788, "uuid": "2ddbc70c-52da-480c-a82d-36eaf60ceaf6", "value": "T1C7535B13F58280FDC45AC1742A6FBA3AD93371FD0239B2A627E4FA223D56D211E1DE44", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603788, "uuid": "0d7abcb0-cf05-457f-bd8b-ec2f97da366f", "value": "1536:zCsMRwSSVh9i2EzxU3J1yXkuUV/B7oaAEibu3b:VMXs+ZcJ1ZuUV/BUREibOb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679603788, "uuid": "38fbf717-6618-4ff9-8deb-1f01ef049217", "value": 63296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679603788, "uuid": "6a6b3f18-fe1d-485d-8ca4-f38a7271a050", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603788, "uuid": "529e5747-55aa-4009-b52c-10ee090212f1", "value": "nigga.x86_64", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d1adb4c1-c989-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679582928, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582928, "uuid": "53123651-0367-400f-b1e2-a7b290a6d1a7", "comment": "Malware payload (Quakbot)", "value": "c3724b30ef9b7f1e0c849713e4584dae", "object_relation": "md5", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582928, "uuid": "cc3f2e7e-7d5a-4aad-b8ca-8255f4778583", "comment": "Malware payload (Quakbot)", "value": "8493b0e70b6179a76ee3f0e1df5cfaa2a5c4184a75873d8d44be97f8805c1858", "object_relation": "sha256", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582928, "uuid": "45f056d3-0f3d-4327-96d0-4cbedad85d9f", "comment": "Malware payload (Quakbot)", "value": "249ea69befcfbe705514340fea40d3c451899f5a", "object_relation": "sha1", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582928, "uuid": "539e2d45-0285-4c00-bab9-d761d7c5b1e3", "comment": "Malware payload (Quakbot)", "value": "8dcedde754eea21e85a2ae5468c61d3996de0da4394088ec7d36936544d3b94d05d4630e52d8c9d2c8df7a376e131693", "object_relation": "sha3-384", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582928, "uuid": "5c775f72-f266-46dd-a868-f250c61e3bcd", "value": "T1A6F0AC3347001DF8CB61D4C155E83A2EACAAB21CEA89E5D68496CA4548507B6146406B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582928, "uuid": "9245b88f-60e8-427c-ab77-733b6cda4181", "value": "12:jZkLUNYfQY/baAWcgVv4kCAq67SNil3scrAKGdoLnU4DEkEFA3EVyG:jZkLUC6AWcClq67DpscIdKMkz3EVyG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582928, "uuid": "cf5b3b6b-b48e-434c-ab21-375b81c118ec", "value": 572, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582928, "uuid": "02e95626-5d56-40e6-8640-fa480ed14502", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582928, "uuid": "6fb9bfca-a0b8-49a6-9926-aed883e5dd9d", "value": "5.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f9790c85-c91c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679536180, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536180, "uuid": "1e3963aa-39d4-4937-8c8a-b6a7b78d0b59", "comment": "Malware payload (Stop)", "value": "4dd6ca83655d5195a00ffe5157ff7002", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536180, "uuid": "499a9a9f-e01f-474c-9fd3-cc8ae929a251", "comment": "Malware payload (Stop)", "value": "84d1ac925dd48927aa12e4c519e081c39f0f41c2d226ec55d28fa2095c19be1e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536180, "uuid": "46774b9a-c767-4b9e-a2c0-3a3fa0978759", "comment": "Malware payload (Stop)", "value": "5f276534c0727cd5a62eccbd12e571e21f9e50c8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536180, "uuid": "412ef965-6451-440d-8840-767dff729ca9", "comment": "Malware payload (Stop)", "value": "caa0c0f9eace739b7ca10cfe51acf0543a81cab82e7591001e55fcca3d3fc092c3b53b4fc1220a2ff411a70086992470", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536180, "uuid": "bfc2a388-cad9-4b06-9cae-073a4fd116d8", "value": "T19315F10212D36C61EE6247B28F1EC6F82A6EBC619E1B7B9E275DBD3F0D70161C562305", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536180, "uuid": "1542da8a-2d74-42be-b102-8da886658089", "value": "8800deabeb7a145ec7133669ba643dcb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536180, "uuid": "dbeff5b7-25e7-4f2d-a69a-a535247c9417", "value": "12288:Oldnz8029YL4TzDFypbr8XR9K3ARv4RraJMmuepBTI19AZQVSagyf:Og029AEzD6brcqQvKadlXTWA2Ma", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679536180, "uuid": "8f4b4625-08cf-47a8-a1ea-c4486c899af1", "value": 916992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679536180, "uuid": "fbb7c160-6d7a-47cd-92f1-1071674ec7ed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536180, "uuid": "b4299b6b-80d5-4fe0-b933-4e90ef3ff4be", "value": "gunshot.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "216ca94a-c941-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679551708, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551708, "uuid": "acfa8b56-a7af-4dc5-b23e-64dfd2edfa93", "comment": "Malware payload (SnakeKeylogger)", "value": "639d16aafaabd1f4774e0ca860158269", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551708, "uuid": "82de305d-e8f9-4965-acba-b319be17cd2a", "comment": "Malware payload (SnakeKeylogger)", "value": "8669e8779f88d44fb2a4bb15f313813540826f1019433bec3b466c2227406854", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551708, "uuid": "83cdf2da-fc4e-4d54-8a99-3ade35f9fcff", "comment": "Malware payload (SnakeKeylogger)", "value": "5c377947b64348671bc806f35f52d5b375ffc16d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551708, "uuid": "1550feda-30f8-4b9d-8060-5bed34b8d9c9", "comment": "Malware payload (SnakeKeylogger)", "value": "dfa651c1157db127dbb90160c818362c26e1df9abd932035a41aa514ecd66b6dbad47e296b48fe497ebf84aa14c18f0d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551708, "uuid": "8e045252-1275-41d0-8d34-2d03110bc3a3", "value": "T1055412005374A853F4A24B3264364A536EE6AF2109FEF71B53643E4DBD3765ACA0E363", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551708, "uuid": "64f3a280-c4a0-4c2c-b3fa-044121320b48", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551708, "uuid": "76021ecb-10f5-48b3-9cd6-c6929479248a", "value": "6144:NYa6BNNL9rz4AAc43PBBz0qCP784RurnigVYib+5lmS:NY1PX4AAL/BcPDRunWmS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679551708, "uuid": "aebf3a9c-76fe-425e-b0ab-74117c2c7def", "value": 281836, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679551708, "uuid": "6a201f16-1825-4086-9a52-a83e22db0d8d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551708, "uuid": "436a10a5-d1f2-42a7-a493-1bf1c0c20c4e", "value": "639d16aafaabd1f4774e0ca860158269.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57bff5fd-c9ba-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679603769, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603769, "uuid": "2ce02fef-c518-4078-baf6-7d9c993ac37b", "comment": "Malware payload (Mirai)", "value": "c01d1a2ddc3715777f75fe8d4e2b7d42", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603769, "uuid": "efd83896-6091-4921-9538-e33670befa82", "comment": "Malware payload (Mirai)", "value": "86cb6a3020bc8f2d97becb7170262327a1f679b923af5bbbb0a06203563ea519", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603769, "uuid": "c14ee694-a517-4ab9-b1ce-9ebe8ffd538c", "comment": "Malware payload (Mirai)", "value": "4b7465d0f621e43ccbe68649ebf920399b4033fb", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603769, "uuid": "121e74ee-b213-4c9f-b887-96e7a26890b1", "comment": "Malware payload (Mirai)", "value": "d644303875066b35d651766cca7dc2bbb0f03256db34a19de2da7bc8fb37d415d6826955652e09d5a4a3d65bc9a3c3cc", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603769, "uuid": "854b8585-f792-4faf-83e1-db6beef5eddc", "value": "T119B2E13269C5B2A3D5609E36FD6E478A37B37628E1DF142145200BF86DCB53D70B864B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603769, "uuid": "ae2642bd-6c16-44e8-8f70-2fe5092abb8c", "value": "768:qbijkI66xkqh6uICav/gre9GW/W++e6vvQ4bs3UozS:qb1J2kqEgUGW/W+gvmzS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679603769, "uuid": "bcad88c3-5dba-4bb7-9e8d-bff7fb70e793", "value": 25352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679603769, "uuid": "3000b328-0a35-4fa4-a872-0ce61a19a0fb", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603769, "uuid": "90f67555-ad91-494d-acaa-b7a3808dd25a", "value": "c01d1a2ddc3715777f75fe8d4e2b7d42", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "88ea7dc7-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679564337, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564337, "uuid": "b703b78e-d251-4e80-be37-26e873e00854", "comment": "Malware payload (SnakeKeylogger)", "value": "355c9746241cd862285bd4f164626e6d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564337, "uuid": "fa984e81-b3a0-42b0-8d00-efbe9e68baa3", "comment": "Malware payload (SnakeKeylogger)", "value": "86cdb06b975dfb24d11bf83bbe33b39b8eb49c1bb514c2d508c05ef3d9b3be01", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564337, "uuid": "8e5e6026-c8cc-4ff2-826f-767fff4dc0d4", "comment": "Malware payload (SnakeKeylogger)", "value": "ac039bcc16936f050701dcb63875b4cded685b10", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564337, "uuid": "06c7f7f1-9877-4352-8094-c00d8d22decf", "comment": "Malware payload (SnakeKeylogger)", "value": "497d160fb64c66320fd196263beefebc3a8f6c14807fbfe2bde797096f95873a474b0674d23d9cdb0cff415234216d7a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564337, "uuid": "ba690640-4ec2-433f-8f3f-4ca6bab94dc4", "value": "T15F94023676A3C093F5553B307867E739A370BD587E2C2B073240BB9E7933A961D0A645", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564337, "uuid": "cd3f47be-f82e-4b02-8c13-a33dc4943850", "value": "b78ecf47c0a3e24a6f4af114e2d1f5de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564337, "uuid": "d7565e10-6c5e-4b3f-8a49-747cce85fe82", "value": "6144:8BeMoZqMFv+k0Qw46WZ53bwf6o1jUuUuhrFkpzkGPHihh:ioZqMpB0Qw46KLo+tkrWf0h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564337, "uuid": "18683278-3d3f-4eb9-9bd4-4e5997c7dce5", "value": 425765, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564337, "uuid": "44b80689-977a-4aea-b981-2601b6a4fe9d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564337, "uuid": "ff6b866a-bfb6-4c94-812c-74b76ffebf20", "value": "Liquidacin por Factorizacin de Crditos.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19722287-c95f-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679564580, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564580, "uuid": "839bdc4a-8a79-4537-92ed-3954d08e14e4", "comment": "Malware payload", "value": "a46e6bf2b3e31bd2dc5c1e9aeb88444f", "object_relation": "md5", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564580, "uuid": "4b02a386-129d-440a-a2e0-ba1ae1511cfd", "comment": "Malware payload", "value": "86dacb49b7dfb9ab14e0abc99153b7472090ab7104edb62539298bd3ad3d5a2f", "object_relation": "sha256", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564580, "uuid": "734b9c05-e4fd-44d6-89f3-8e5405f81dbc", "comment": "Malware payload", "value": "f9ab8f67371464ea86e71919444066deb20aa140", "object_relation": "sha1", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564580, "uuid": "0e9d997b-aee4-4384-9dfe-957ef6e62795", "comment": "Malware payload", "value": "6adc3ba42a9f08b1427ad79fb2a2ed3dd874f1d46a31ac7e6ed507fb746c558b81123ae685cc6148c25c3961c9f32053", "object_relation": "sha3-384", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564580, "uuid": "2a024c61-113c-4b60-85b4-8731e7d459e6", "value": "T155A3F1243672D12AD446AAB10CE4F6C79F317DC3EC5B531B35AD7B5F783A0A2912A221", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564580, "uuid": "9f5fb4e3-b13a-4d50-bfd6-ea57fde96138", "value": "1536:NLvYeeSzTVRfJuavxXtwKouH9jekXlKdi4PhSAqIGBGbVv0DTr9JzzfGrbm6lB7O:NbYv6pFvvxXtwjexVSi4xqPBkv0ZkP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564580, "uuid": "b3443c61-92b9-43e6-995c-df802722971b", "value": 105984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564580, "uuid": "4423e0f7-405e-4848-911c-69bad12e345d", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564580, "uuid": "2c2ae092-91c9-4d01-a03e-8b090c38d415", "value": "Pending invoice.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30b718d7-c94c-11ed-88f6-42010a9c006e", "comment": "Malware payload (AsyncRAT)", "timestamp": 1679556459, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556459, "uuid": "8512cfe5-b959-43a6-a83e-5079056d6a0e", "comment": "Malware payload (AsyncRAT)", "value": "5130bab251ef6bee2663f50a9a0a8e63", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556459, "uuid": "536662bf-299e-43b5-9cb7-29dd0172fe4b", "comment": "Malware payload (AsyncRAT)", "value": "86de6654841fc57268545faca5d93d86494088cfd017a20570897c4c87b726b5", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556459, "uuid": "fa3c3f5e-94f0-45c5-9a85-9b60f3a923be", "comment": "Malware payload (AsyncRAT)", "value": "9e01d35ce67ffa1bfb57324be565b67092a34053", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556459, "uuid": "696dc533-1ecc-4d6a-8efa-39c37971ed33", "comment": "Malware payload (AsyncRAT)", "value": "3c53951a33396ee98872e5b75d5ca0b0c13fc3bdba635605fa050810774bdb33202dc01bbf668c4f703cc6e3d5f8a012", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556459, "uuid": "c81eba53-7a53-4aa7-9de5-bbaf7190c439", "value": "T1E6D3D1277EA79E92DD2804511EB70C3EDD79269F0DE245B99C86A3D02DD600D7ECACB0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556459, "uuid": "ccd4e5eb-5afd-4538-a0be-a4e38e237a20", "value": "384:6SASASASASASASASASASASASsSASASASASASASASASASASASkSASASASASASASAS:6vrqvBvd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679556459, "uuid": "e637b7f4-26aa-46fb-8696-ade7590bb8b0", "value": 131054, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679556459, "uuid": "fcaf127f-56f8-4dc0-9304-f287c2795744", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556459, "uuid": "eb30fefc-c335-41bb-9316-fae1228ab02b", "value": "vvNcnmOqNh.JS", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d100095-c966-11ed-88f6-42010a9c006e", "comment": "Malware payload (GuLoader)", "timestamp": 1679567700, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679567700, "uuid": "144240fa-c9ce-4501-8406-d8d3a26109f0", "comment": "Malware payload (GuLoader)", "value": "60d6e4646e8891745ff71dd3c7f32fb5", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679567700, "uuid": "8220be8d-124d-46e9-a493-f45624bf1ad6", "comment": "Malware payload (GuLoader)", "value": "88336284fee6322be63bb60bc70026779a3ea1173c5afa84afe020d19de677cd", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679567700, "uuid": "5fe21b7d-ef27-4520-96f7-14df7e37a476", "comment": "Malware payload (GuLoader)", "value": "ca2355e3fb1be0f8849cb080cc61d70803511d76", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679567700, "uuid": "16f22897-a6f1-4ad6-a383-47c2793b61c1", "comment": "Malware payload (GuLoader)", "value": "b98f730994bb199bcd43998cf28b546d3848858f93a72a08c79a26a831a5b46603853917477961b9501d74d2eb3d87b5", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679567700, "uuid": "ed8e982d-fa6b-411e-9fd9-458391338257", "value": "T1BA154960EA84D0153D0A269E8870949CC1FB733D8132182A5FFA37BD510655CBBEB9FB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679567700, "uuid": "91b6db41-2eaf-4f9b-ba68-30f6bf87fd78", "value": "12288:SFBQjo0ePOdl4Dw8yzL0RIkMwR4ZU+RIlMYI3eRvAxz9N9LHRbe2g:MBeDbgw6ZMwRB+GlMUQBPg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679567700, "uuid": "fd8360d1-afa3-40cc-9ba8-b6b70758ddfc", "value": 909727, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679567700, "uuid": "22def45c-2833-4e96-9a2d-c306eb1dbb66", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679567700, "uuid": "ab3bfe5d-1551-4ef1-860c-549c70510194", "value": "5573_Confirming_685738_Permiso.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc5b3f6f-c94e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679557552, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679557552, "uuid": "76c8aef8-f79d-46cb-8362-5a0d8d4ea34f", "comment": "Malware payload (Formbook)", "value": "d826f8c8edb9b4eea8ee18fa75572490", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679557552, "uuid": "eabd82d5-3269-4622-92f6-040c282871dd", "comment": "Malware payload (Formbook)", "value": "896a539c6cb6f313782dc5f1bc8c296abd6732b0907c573ddd12ab9f6a666eb1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679557552, "uuid": "c3edae27-1abd-428c-901a-4064cec57af4", "comment": "Malware payload (Formbook)", "value": "6a2e9891c59211710615322d03763b6a4857d2c6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679557552, "uuid": "ffb041f2-8f51-4501-81a3-9aa223052053", "comment": "Malware payload (Formbook)", "value": "2cc6dcbe447a3efa6cd7372327b7df007b54ae278755abf8e51b96fe654060228e85063a9a028add1264a82ac7bcc966", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679557552, "uuid": "86be0a02-b3b2-435b-914a-9d6cebec4644", "value": "T1A374CFC6F950A5B5EC1A83311636DD325A13BC3DA4B42A1D3BCE3E3B3EBB0529416953", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679557552, "uuid": "23b4d177-7704-420e-a0f7-21f824a111cd", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679557552, "uuid": "3e96f9ed-8be0-42c3-8030-829fba42e73b", "value": "6144:jYa6WIIzGloikFLNRZiFcDt+MkXb/A+2TMJ2kHzD4kcp:jYxIzECUeYMKb/A+2QJ2afvS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679557552, "uuid": "818ae082-0ee6-4004-97fd-ff2ffb762ad6", "value": 346256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679557552, "uuid": "fc2afd1a-63da-4ded-86b4-5712c0ed3d84", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679557552, "uuid": "a4016edc-059b-46ff-ab88-569220bbe5b9", "value": "d826f8c8edb9b4eea8ee18fa75572490", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74cb862b-c99d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679591362, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679591362, "uuid": "fde9a57c-546d-48a7-bbfa-443e7d9fd6e5", "comment": "Malware payload (Quakbot)", "value": "9a6500373651a3de651d09509e38f922", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama246", "colour": "#708AE4", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679591362, "uuid": "451bd18c-5e8e-43a3-a0fe-a8df57d4dbc8", "comment": "Malware payload (Quakbot)", "value": "89ee24960aaacf60cdd51d644b7c170235d846b560307b7d402431d5e785ebd3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama246", "colour": "#708AE4", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679591362, "uuid": "3f78154a-fc25-4efe-a237-0c5e69ba6ab9", "comment": "Malware payload (Quakbot)", "value": "035eee9fbf943aa35df457eacf9b957eff1b6c4e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama246", "colour": "#708AE4", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679591362, "uuid": "29c42da2-f23f-4a5b-b81f-fa8a87e73f6e", "comment": "Malware payload (Quakbot)", "value": "4c6c3f674dffcfd55ad462a3e03e47b3f267f49ecaa2b4684fb0a345a7ac29e73f3f60209fb18fab7c5dea5483266c7b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama246", "colour": "#708AE4", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679591362, "uuid": "12632567-f593-4fb2-9cb7-21e7c64b227b", "value": "T1B2A42916E10390FACD5A2BB64947A9EF3524BB09C4341E5DDA9C0C19F73BD02762D2BB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679591362, "uuid": "3ccb4e23-c038-4f2e-9443-c9ee182b3b1e", "value": "12288:FNg5j3vw+WqFlWJfkmVwe1UL4hsao3Oowg9PGz:M55F4lhrgOon9e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679591362, "uuid": "a3f4c535-caf8-4e74-99dd-fa8ed5c26307", "value": 493448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679591362, "uuid": "e7046525-236c-4869-afd4-86a6ba0d5d46", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679591362, "uuid": "b283b608-43b2-4352-8625-0bfa789fb6e9", "value": "gdg77dzSUN7N.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd69d23e-c989-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679582921, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582921, "uuid": "da91c21b-4acb-4e24-8acc-f7dc09d27d15", "comment": "Malware payload (SnakeKeylogger)", "value": "65b0251d7731c42f570160aa74438dce", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582921, "uuid": "f9f9a938-6f05-4a3f-aa0c-949fd6385902", "comment": "Malware payload (SnakeKeylogger)", "value": "89f3250563d9548740f1682f4f79b7b515e8af4e09a63a868ea53cf59cb90f1a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582921, "uuid": "ff0d9468-7098-4b28-b56e-9a55cd368224", "comment": "Malware payload (SnakeKeylogger)", "value": "c47c96d92f58a74bfe258091d606d23188232571", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582921, "uuid": "737d7547-a932-4a56-a367-53fa5eb2c98f", "comment": "Malware payload (SnakeKeylogger)", "value": "018f97d1ba07951e3558d967562bfb03419ec7bcd2b6948a37df4e2898ff7d2ca6a0cbdc518d8535d41456ce6aeb7d6e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582921, "uuid": "a3362936-6aad-4d76-b82f-56c428f0fb25", "value": "T135F4DF01BE7A4977F8DAD2F41150273A03A4BBA25462E6898EF96CC93DDBF6340D111F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582921, "uuid": "135315e4-085d-470f-94aa-dc6d2c279e6d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582921, "uuid": "0e4254c7-20ad-4e93-8846-da7a3803d23d", "value": "12288:p8QdiuUZwdBAEaER54oV3N0GcGzTsnr9TP2k7uZbkrVgSDgeFsztqf1Xy6dr:p8QQuUZGBRJQoV3NckEZTpgW2/ztqE6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582921, "uuid": "3543d2fe-12a4-49bc-8aa7-b7f2df56119d", "value": 792576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582921, "uuid": "a516abb3-d3a3-4e46-bf75-9da006ec5998", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582921, "uuid": "930b53b1-351e-4ad7-a0f1-f70d0150c323", "value": "QG0UzHVzffM4lUU.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93191fe2-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload (WSHRAT)", "timestamp": 1679564355, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564355, "uuid": "9ee5a4b1-453e-46e4-aa11-5c8490cef60f", "comment": "Malware payload (WSHRAT)", "value": "00657052ad9cdcb9ca9f4c3ea9a10c5f", "object_relation": "md5", "Tag": [ { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564355, "uuid": "c302f038-0797-419b-a961-82f9a53dd48a", "comment": "Malware payload (WSHRAT)", "value": "8b6a61f9e22244f006e883033cb69da1bdf6245b60fecfeff27a8d3b60f57cc3", "object_relation": "sha256", "Tag": [ { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564355, "uuid": "8c18b748-2bf0-4568-9756-b1e63069b219", "comment": "Malware payload (WSHRAT)", "value": "2f849694aee29cc1e45e21b6b90a09f179d14697", "object_relation": "sha1", "Tag": [ { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564355, "uuid": "6a0ca682-5708-412f-813f-3228689031cd", "comment": "Malware payload (WSHRAT)", "value": "6b07c25939429c883dfc5f1f2476ab87eb0e03f0dfbfd93794229e9aaaf2ad8e5bf8f2e74dbd36c63d9ebfd7b58d7fbf", "object_relation": "sha3-384", "Tag": [ { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564355, "uuid": "4a5988be-5f77-405b-9082-ce0be31960cd", "value": "T1E3F1BF8C1BFB58ADE3FDD97312A88FB2B48D672EA6A4CD45A03010F7D595B1D5C03802", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564355, "uuid": "7990d60a-6af5-430a-bff8-699cb05875d6", "value": "192:HMev2rk+4aIBS/jKGZ4D81cbPua2QeEJhpinaKyRGtlcaQr:Ht2cRA7KGtcLuk7hpinfQSP0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564355, "uuid": "3185cbfc-fb0c-4986-b46a-aec50407cb2b", "value": 8122, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564355, "uuid": "b16f04b8-850d-4bf8-a4b0-3ef531604951", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564355, "uuid": "7dc0493c-1fbd-4d7a-879e-a434f53190a1", "value": "ORDER_230322.pdf_1.xz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5e1fd9a7-c987-11ed-88f6-42010a9c006e", "comment": "Malware payload (CoinMiner)", "timestamp": 1679581875, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581875, "uuid": "05ea941d-3171-45bc-b862-86ca7951a40d", "comment": "Malware payload (CoinMiner)", "value": "bcbceca413ed42e947e540d0e5869511", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581875, "uuid": "6c8b3c41-cee4-4f63-b2fb-13ac9b87f627", "comment": "Malware payload (CoinMiner)", "value": "8b6cf2c8c6e3cce421e4eafd9e7f3e91b1a30dbfd6336561c36a0001749a93c2", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581875, "uuid": "0d5a55bf-5b1e-4a76-9609-268a8eabbf30", "comment": "Malware payload (CoinMiner)", "value": "6cfcc4882d58a070c8b98fd9d882c1afb98022d7", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581875, "uuid": "27220bd8-574b-44ed-a43b-c9deefeeb3fb", "comment": "Malware payload (CoinMiner)", "value": "7dff502fa3de0b49b99d166936192e8d764d92f6452d186b720ce1844a047fb9948a13d7f226f9fa8250b0c8ce9fde91", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581875, "uuid": "b19f664f-0adb-4394-bc27-bfbada7219a4", "value": "T1A6A5225073D144A8D0BAF0FAEEB5A277DC257C5084A9686B6AF1F2619F38113CF099CD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581875, "uuid": "5f9ee735-5c73-4bcf-97ed-764e3ca1c1e3", "value": "c24ea937b2b0d62e829e8a8faeff5a8d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581875, "uuid": "7cf5aba1-27ae-419a-a5f9-05933e196df4", "value": "49152:2e1FVWROlqR/uGRreECJ6Q9Bwd+Q/+rcS/9i+iG5GjVIL2cnGQ7soCx/J:2eXVWQlqRmGR7C0QEd+WXS/9BiwWoAqe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679581875, "uuid": "1aa3af41-3d74-4245-ac9d-b16d432daeab", "value": 2177536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679581875, "uuid": "8e83444a-911a-496b-be55-9d9114325ce2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581875, "uuid": "429d1096-f95c-4ad6-bf18-59488d867260", "value": "Activate.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de29c53a-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679583378, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583378, "uuid": "d092c5ab-0cb6-4c8b-b952-8c677866c564", "comment": "Malware payload (Quakbot)", "value": "0a6db57a5059dce31455a18fa425ce49", "object_relation": "md5", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583378, "uuid": "5daa0a0d-39d8-499a-94bc-acd4c8d74c01", "comment": "Malware payload (Quakbot)", "value": "8c5b88b7dcd2e2e3b7653a6b77cab501591c8a2534a6866ec825078fa3423ca1", "object_relation": "sha256", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583378, "uuid": "b5780b3d-ece1-4b6e-8703-0fe2fdea5c57", "comment": "Malware payload (Quakbot)", "value": "52c6da01cf45004b237325cbcbd0f29991e2cb47", "object_relation": "sha1", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583378, "uuid": "8acdd000-2a0d-4f78-91aa-21c2f15f0880", "comment": "Malware payload (Quakbot)", "value": "73bed2f8eccae38d6c80ede3cbc58a148cc27d0f355e913d15b846bed82cc27b7282c13356acee1ed2a666b29ed1e017", "object_relation": "sha3-384", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583378, "uuid": "2a22abc9-6a14-4660-b3d7-ff484d29e5c4", "value": "T12AB3626088479923970778EB5E6CA850F66C07934A58EF06B54DB104EFCFBCCC6E86B5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583378, "uuid": "111f5d2c-04a1-4a44-a6d1-d0300cdcf84a", "value": "1536:pWvnqqRPOoKrE66vdP2tGWhXC2/mVuXq87eT+eWbD21U+/noV9s/:pWvnp5OoKQt2tGWV3q87kC2Sau9g", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583378, "uuid": "6e9c4d14-7e11-4734-ab21-ef728b01092b", "value": 113516, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583378, "uuid": "d1bc26b1-f41f-4338-917d-9ae1571c82ea", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583378, "uuid": "e44ef154-d072-4a1e-8f4c-c8f13cf0ab2e", "value": "VK.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "049e4f70-c96a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679569269, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679569269, "uuid": "539ea8e4-0e00-400a-af14-69b329bb8c28", "comment": "Malware payload (Gozi)", "value": "494dc7578f248820face15b7148e9423", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679569269, "uuid": "ad881329-3fc1-4e1e-bb12-03d13a0a0418", "comment": "Malware payload (Gozi)", "value": "8cf58b3831b7a254e8ba41d8566a58f0c26dbd21461e7791a52e340f66ed0f1e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679569269, "uuid": "1cbd3767-7e6b-42e6-9f32-5c5ff5c5c81b", "comment": "Malware payload (Gozi)", "value": "57faf3ffb88f3390d3e54e647e4a66c8cff04342", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679569269, "uuid": "dc9911c2-0780-4791-8b66-cef13f77edd0", "comment": "Malware payload (Gozi)", "value": "6c6a4586ce074135b608fb9003267b66f3cde0394d46fe0ae767339d30e14f1b7b4b0a2e82087ed60e063f7c2ec1bf67", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679569269, "uuid": "f54cc9ea-a06f-450e-b15e-cca8e2449566", "value": "T11F06BE47E3A791ECC5A7C4708777F373F634381851346D775A80EAB03DA6E501A0ABAA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679569269, "uuid": "a251dbac-64a9-4531-84a2-fd97f98ee0a7", "value": "8b2be6e82e1a2f5b6a6ac4ed9979b98b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679569269, "uuid": "8b4467c3-c3ac-4fa1-88b7-3e25f6d3e006", "value": "49152:nMei5RnCzX8mqviwO9j8fdh7H3ZNaaA3rA0Odlm6wqjpHWmnHp4E14XQNqrHt+T:Mf5c4A9jCdh7XZNaAlZWmnf4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679569269, "uuid": "b6779f44-7b23-4d06-a579-18707c98c9fb", "value": 4009984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679569269, "uuid": "0cb75802-02c9-4e95-8938-13838893cdb1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679569269, "uuid": "93853387-bcc8-4f68-8b1b-caa91f4918df", "value": "641c30fce610d.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e40d109-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679564346, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564346, "uuid": "7d79ebe0-f7a0-4e44-a45e-5cb434f08517", "comment": "Malware payload (Heodo)", "value": "0d61cc3f7039f023cf66aeffa113e292", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564346, "uuid": "1af6cd91-ed93-403d-ab9e-9d5f7f8ed479", "comment": "Malware payload (Heodo)", "value": "8d1f527434bc0bf832b32195e22cab1e5d70d717367f283b8a59ee7db2bc5d41", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564346, "uuid": "6d633da2-aa97-4275-b70c-cff1b836cbff", "comment": "Malware payload (Heodo)", "value": "74c7686a0563452f16ba1311b91921b62ca3c7fb", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564346, "uuid": "36514dbb-7535-4c4a-96ad-5b853d62f985", "comment": "Malware payload (Heodo)", "value": "bff945b6a3c86e4a1ac1ebcd97332ce6266ec1916fda459e2ee47c697c71b00e768c5bef6b40d18f5aa8fbd03b4b5de6", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564346, "uuid": "8b7968cc-78da-4fed-9c2b-79736d302ae6", "value": "T14244F98C7BCA5ECDC224F379794BC8C5456C46B2CAF1196CAD8ACC158DA339D87E908D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564346, "uuid": "936254a1-4f01-493a-8ba3-aca63b3b47df", "value": "3072:xXzeHrBwsHzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaBtuXU:FeHrBwsYXm5ZGa3vRXm5ZGa3v9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564346, "uuid": "d0cb0bab-bbd5-47ba-abd4-8490e9b06481", "value": 268004, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564346, "uuid": "a3723c1c-f8ad-4f79-8233-d93d8613dee7", "value": "application/x-tar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564346, "uuid": "a8283bf6-32e2-4c3c-aa24-671001875873", "value": "Ommega.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ded34f7-c985-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679581043, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581043, "uuid": "29a32ce7-eb20-4aa9-8333-45eebfc6d54a", "comment": "Malware payload (Gozi)", "value": "a9b5e854ec2d7322ae5b33eb6b327e67", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581043, "uuid": "26d0bc0c-30cc-4fef-b8ac-df79bab9db2f", "comment": "Malware payload (Gozi)", "value": "8dc02c4a8a3c64d88bff8258ba7773c1d6032ed362264332d5bcfb1625fa618f", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581043, "uuid": "f25066eb-ed16-46a6-945e-ea0a9558df99", "comment": "Malware payload (Gozi)", "value": "54b5a11a89668c15cfa51fe5cd6855a82cddb777", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581043, "uuid": "174e5e6c-10a4-47a3-9d14-49eb4a6470f0", "comment": "Malware payload (Gozi)", "value": "f374643e938c86c1ef75fab9ef72cc2257af4ebf330eb8e2b693c1677deaa7d4dda4c1a7808cbcfd4499897d0344eec1", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581043, "uuid": "98111415-84c2-42f4-9c6d-5b7130751008", "value": "T166F29FFC877A27300DEB9A6B10D2B970CB9D9C658694543618F06EA359103BB4D6BCF2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581043, "uuid": "2c62b95c-581c-490a-ab30-5a06d5192fc4", "value": "768:zRfEXHHPyUJqKG1VaHqS9YLoHvtPis7fid2zy:zRfEXHHrzKH+q2zy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679581043, "uuid": "edb359f0-8c3f-47fd-a7d4-6dcf9698e9cf", "value": 35960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679581043, "uuid": "08e92e63-7695-4776-a630-8e61247ce036", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581043, "uuid": "c20e4382-31d6-4811-848f-13b38c310975", "value": "documento1.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4dceefc-c9ac-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679597885, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597885, "uuid": "8fc83855-b36e-48c7-a47a-9e05d70323ce", "comment": "Malware payload (Gafgyt)", "value": "eda23694623e5fa04176d171e8a6c616", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597885, "uuid": "b5ddda15-33fd-48d4-b6c3-9b98b7bddc9a", "comment": "Malware payload (Gafgyt)", "value": "8e09e51d5208da2e2340a6ebed8328757cd096a29d6b7e0ee7d6189c3dd08cf3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597885, "uuid": "fe484a4b-3a1e-4509-a566-08c00df28c0f", "comment": "Malware payload (Gafgyt)", "value": "dff56d6f0edd73eeda77a67199c4d317e4d0cf94", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597885, "uuid": "b44ddd44-5a64-40de-a88d-778e86ca91e3", "comment": "Malware payload (Gafgyt)", "value": "930f9668c52062476095b9f7bd0476916698ece70af966971045f8a78f504d6f737831b21ecbf1fbf6356600268ee9d5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597885, "uuid": "2de3efd0-7fc0-4fa1-b123-5e4cc3f7c97f", "value": "T10FB3952A7E22FFFEE168863107F35F7087D521A226919385F26CE6181E7128D1C9F764", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597885, "uuid": "732e8284-3216-4804-96e0-59d50b1340c5", "value": "3072:R/4tNF9U4vvfKw6J73x8UmkiSFxfKxbXe:BUNFK+f8T8UmkiSFxfKxbXe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679597885, "uuid": "8635c346-e625-497e-9691-55d29bf62dc6", "value": 113275, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679597885, "uuid": "6b4177c5-aa02-4d87-8ccc-543683509514", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597885, "uuid": "f6b78d02-d4ba-4900-a392-673287196231", "value": "eda23694623e5fa04176d171e8a6c616", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "852f81d4-c91c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679535984, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535984, "uuid": "77393797-fc21-44e9-a5f0-69e19e68fc53", "comment": "Malware payload (Stop)", "value": "fb22bae7ad67097b07e8cb83e9c233d4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535984, "uuid": "3ecb3d96-dc9e-4c43-b639-119f454c2b09", "comment": "Malware payload (Stop)", "value": "8e353469e9a3238883c19d9471e6c9c9b6a487e25a7ba67ff0a94b89ebd2c610", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535984, "uuid": "1305683e-2c02-48c9-9296-2e20a2906328", "comment": "Malware payload (Stop)", "value": "76d57f42b76359ce3e82ac6e3f35255d5a2030aa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535984, "uuid": "0aad9a12-c78e-4c65-abf9-b6e633d756b9", "comment": "Malware payload (Stop)", "value": "13e5bda320566b435ee08408ca04224c97fdf03e71deae0e3ae4a0880bf64c8cb4d799ab2713dbb6998bea75459ab74c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535984, "uuid": "ca3e925b-accf-46a2-8c65-898e5afb28f4", "value": "T1F2F4F21263E36850EF1307728F2AC6F8662EBC519D17BEAE165DEA3F0C745B1C166306", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535984, "uuid": "c3af22e3-9f30-43aa-aaae-0a36ccd470b2", "value": "1da652280d0e88580dfac17c8bc7ccb0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535984, "uuid": "51fb7836-b7fd-465b-896b-400150e0f344", "value": "12288:/kmCNa9cXCtoaD4ukwj9amwQOLVeRULFEhGxTP/bvdLT6RF5D:/1LrCLVemmG1b1LT8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679535984, "uuid": "f928d189-7233-432c-a0b0-fabb05ff1609", "value": 774656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679535984, "uuid": "504994d3-ada9-4896-8501-2c83403dbe0f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535984, "uuid": "e5e29e4e-de81-46ff-b131-0564c6ca1152", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bace880a-c95f-11ed-88f6-42010a9c006e", "comment": "Malware payload (PureCrypter)", "timestamp": 1679564851, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564851, "uuid": "5ffd207a-aef8-4ea1-a80d-51e4b3c05b0a", "comment": "Malware payload (PureCrypter)", "value": "f83ef955d231b71e5cc19943a4266d75", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564851, "uuid": "56281635-623f-4773-b14b-50a5943af75f", "comment": "Malware payload (PureCrypter)", "value": "8ec70f0801660877272c424eeca78e62bc0deacb80fb9f04598b478f2fc05a8c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564851, "uuid": "ddaf1804-9dbc-4de9-bd78-666dba2e2f03", "comment": "Malware payload (PureCrypter)", "value": "fd98fe58dfe1146ec6f58569a3c24937b3da52cd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564851, "uuid": "5ddb6e20-ba9e-44d3-b23c-68c9f11aa40f", "comment": "Malware payload (PureCrypter)", "value": "dea9b4a60fef024aceca01c510632eaf8037619b94b5abc345c5eed0f12e87395e463321537bf19358ffe085e1f907e8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564851, "uuid": "37bff397-cb6c-4ae2-90d0-8066fcba4758", "value": "T1CE36F225239C91C9D17AD039C9864AABE7B57C428364DBCB0560BDA93F336F56E3E310", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564851, "uuid": "f42f2e34-dc67-4f40-afc4-b0d78f7a947c", "value": "73f4f6b0816ebeb37e57311ea1622caa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564851, "uuid": "ca1ad230-d4c3-4997-a16f-48910efdc4cb", "value": "49152:Vv08Ro21Buk5/xgX1s2eXF4lzFUJD+StpClQXAFo4658AgNtLn7ZMtKjjZFeGmor:teO4I/xy3Ks6JD+oule6tLnMK/ZUGrME", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564851, "uuid": "96cddd3e-1f3e-45c5-a68c-0c224d67a896", "value": 5070642, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564851, "uuid": "d98bd415-94f4-47e3-8a80-d6e6288aeef8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564851, "uuid": "70e73dae-43d1-4bf9-8cad-3771d603105f", "value": "f83ef955d231b71e5cc19943a4266d75.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bef34869-c988-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679582467, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582467, "uuid": "cb0a2f4c-52b8-4af8-a746-f473ff14f20e", "comment": "Malware payload", "value": "ba6c073e758aac1d8360c50c8569c906", "object_relation": "md5", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582467, "uuid": "4fae88bd-c370-427e-a4bb-865a822b8682", "comment": "Malware payload", "value": "8f2275d70c9594449bdade83d20e4c4115b9b2c93c7178518e3499a0fd342e27", "object_relation": "sha256", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582467, "uuid": "f0924076-468d-4d1c-8047-20dd6adea9ab", "comment": "Malware payload", "value": "08f1bd1c0c599ea09a7f9abfa0a063818ad5b074", "object_relation": "sha1", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582467, "uuid": "e89ac764-9786-4773-abe9-1a01399520cb", "comment": "Malware payload", "value": "7e4add5d66fcabcce016bffcb6a762c82bd6eb49e5d5b617109f125085b3dbf65b933044e35e2fb5dce3c89dcf97ad0d", "object_relation": "sha3-384", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582467, "uuid": "93e4c404-760a-4ee0-a9f2-202717926c14", "value": "T1192128731041E6F9FCCE7378199F51664B2BFA687694AC0608FC003496981B48B3FD6B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582467, "uuid": "5ab7cbd8-9076-4ef5-9167-9eaf10b097b9", "value": "24:rUlyqM9ng2EGoYTC43BHXeACQTdwqwdPrFRH428iPPTE1KLimfdxjdODJGOd3X5P:ryyqUg2GYTP3hXQQZ7wJFB42vPPBemj6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582467, "uuid": "8693988d-7673-4f60-be70-1d74bb02c08d", "value": 1279, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582467, "uuid": "ca12d2ae-ee75-4ea5-994f-0e9c656c7f9d", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582467, "uuid": "869c14cc-1289-4ef9-9514-c10c2a241a9b", "value": "4.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "12126284-c94c-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679556407, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556407, "uuid": "a6a7694b-77c3-42c3-b986-d0fa31dd29fc", "comment": "Malware payload (SnakeKeylogger)", "value": "245cbd5c1cf96e2d3fa2e7633c5e2b3f", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556407, "uuid": "3079c7ad-4177-4f22-8af4-c3dd94e33699", "comment": "Malware payload (SnakeKeylogger)", "value": "8f311bef1921a04762ac16efb22f230ab5fbe25722f0c01dedb896676f26357e", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556407, "uuid": "68e5082d-57dc-4bc2-aa55-5e06e4b46b10", "comment": "Malware payload (SnakeKeylogger)", "value": "6ee2684351fbd77074677002492e8d3ad0046472", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556407, "uuid": "7ae1bc7c-7ee6-443f-beba-6f534677fd6e", "comment": "Malware payload (SnakeKeylogger)", "value": "6292042acc54cd460afcad82ad8c8e6f3ccef83081bcf0a5231cb4f9bec4b3187474bc3871c0e01aa7cadf3446a93c30", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556407, "uuid": "17ab8219-cb19-4d99-8ea9-51b862271150", "value": "T156155B41EFAA5560F01044BA216B7D5FCD11A88E98EDFB6E190FEF31F5E221D1D82E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556407, "uuid": "7d06d3a6-cb60-4cc0-813b-7ac361285e21", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556407, "uuid": "3dabc97a-188d-4c38-ab69-14f7b167dd86", "value": "12288:S2QbP/4XV2ufJr+2uaSTCT6afBPeZBjM6r0v8nvxiLATAGn3WtNmBNa4OCfup8iN:xQbnIV2ufVSCTdfBPeZFM6IEF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679556407, "uuid": "dc2269bc-0567-4b98-83a3-57c22c0e6ead", "value": 926720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679556407, "uuid": "ad1868ee-b1b2-4a79-96ec-5d3547d29191", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556407, "uuid": "56e6ea7d-d9e5-4e6c-ae73-2c2a5a95dbe4", "value": "DHL Airwaybill & Shipping Documents.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "147e3ef4-c97b-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679576598, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576598, "uuid": "334c79c1-870f-4431-b18c-0f44d40730a0", "comment": "Malware payload", "value": "a27d20ccf6ece53d57acf7a3d28e6d11", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576598, "uuid": "78d9674e-59d6-4b10-91b0-9e81f7ec50d7", "comment": "Malware payload", "value": "8f63ad75681d433bd5194ece9b05f61e0834bab1e905edc1ed61af0f96e7baf3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576598, "uuid": "b01642f0-3313-4639-b980-5d524f68c673", "comment": "Malware payload", "value": "531d5772b11465eba6fbc35e2fd4445b0f392944", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576598, "uuid": "e6f82a11-b097-4ac1-9075-a7cb699f6ee3", "comment": "Malware payload", "value": "3ff27c5b7de07e25480dbd134f79ea67116960e266de25357213107850bf6bf6d4076aee05c3754df1e651c713ead20d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576598, "uuid": "9f76efbb-b649-4413-a1ba-0809e6072d82", "value": "T16CD48D92EBC65CE1E0C545BE19BB17BA2A3D63046728C9D34F9198688C627D2177F3CC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576598, "uuid": "591201af-21f6-4e6d-96b5-c1dcd7495aeb", "value": "f371319a970dcaed7fc851e51491414e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576598, "uuid": "a424cddd-7955-4edd-9e9f-46ad16cb158c", "value": "12288:hevei9Y3mICu2Oa7100/QoNtkRLEtPDMWe4rS0US2rpuH/ufB01sQi4:h0ei9UCR0W15UKH/q01sQi4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576598, "uuid": "cb98d0df-a0eb-4775-8e21-22ae2c5facb1", "value": 634008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576598, "uuid": "0c29f308-56bf-462d-826e-f07824b57ded", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576598, "uuid": "06a132c1-ea75-42d5-93c6-c1fe70e2453c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d9d569e-c947-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679554279, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679554279, "uuid": "c8413f94-a5a3-4bcb-81b2-953ad7ee75c2", "comment": "Malware payload (Heodo)", "value": "9933577fa741233071f0714d7fbffbff", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679554279, "uuid": "a7d41046-e13e-430b-9ee4-249150b820ec", "comment": "Malware payload (Heodo)", "value": "8fd4f59a30ef77ddf94cfb61d50212c8604316634c26e2bd0849494cba8da1af", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679554279, "uuid": "7721cf58-6637-49ad-a1cf-e6f2e75cc150", "comment": "Malware payload (Heodo)", "value": "ebd87f765c4e82c02a6cdd590b74a322f8457450", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679554279, "uuid": "97812829-46bf-4d0e-9208-37ea32b36b25", "comment": "Malware payload (Heodo)", "value": "7dea7f24bf8eabe6adf1671330bffab8f55081d08c27a8dc31a248dc00cd2f257508087bbdd8cbba807ba62bb89f7f0f", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679554279, "uuid": "d3d159f5-9e08-4144-9168-cf3ad5357ab9", "value": "T1F244F98C7BCA5ECDC224F379794BC8C5456C46B2CAF1196CAD8ACC158DA339D87E908D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679554279, "uuid": "6a04b3c0-16c6-49d2-b171-601fc0e05ab1", "value": "3072:xXzeHrBwsHzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaBtuXj:FeHrBwsYXm5ZGa3vRXm5ZGa3v2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679554279, "uuid": "0cb0d976-3b67-48af-bf8c-2b71ec747c14", "value": 268004, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679554279, "uuid": "5c7970aa-d195-45c5-86bb-f75dcd315470", "value": "application/x-tar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679554279, "uuid": "b1286172-24a9-4b3b-9333-756471ed345e", "value": "info_0.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c0f7e4b-c998-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679589092, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589092, "uuid": "cd33547f-9081-4932-b6d9-50755ee35386", "comment": "Malware payload (Mirai)", "value": "dd5273de2f41d7531336ae2a5ec7dd35", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589092, "uuid": "016dd8dd-450f-4308-be48-72365860534b", "comment": "Malware payload (Mirai)", "value": "92f58f68c169976e2ca5e82556502809caa4c7b19e844399b4d1a147e9ea002b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589092, "uuid": "8e05db37-dc25-4fa1-bd69-e8ec6b217c07", "comment": "Malware payload (Mirai)", "value": "293c671f2566c06b697348ce6df6a95ad0e0eb5f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589092, "uuid": "200e11fb-777c-4a3c-8ac7-c3dbc6d6d750", "comment": "Malware payload (Mirai)", "value": "7eeea87f36e9f82ef0197db653a28869fe5116068680a913d9e20e22d376a768fa2abe009e4ae626e96de7fef7e8fa63", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589092, "uuid": "b01cfa4f-9e1f-466f-8c9c-f6814b6a3321", "value": "T1704386C1AD427D3EC3C1EBB6EF9BD24836D78244E39A234295DD0BA0846FD891D4978D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589092, "uuid": "01533ff3-8086-49b0-a795-6da8cfe271c3", "value": "768:opCBfJgvdh/ZgUKk8nMoUqihIx8v/sGGT7wCVy/bqxHbUhW1XCQ/V/cdErfmgexo:aCel4UcrOI0sGFB/DOU0h+6tp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679589092, "uuid": "52e05d14-520d-4872-aa74-3f52d3617798", "value": 59019, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679589092, "uuid": "a556262f-4803-41f2-9478-436fc8d2c50d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589092, "uuid": "bbae8e04-c8eb-4e99-9436-9a788876851e", "value": "dd5273de2f41d7531336ae2a5ec7dd35", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd29d39a-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679583350, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583350, "uuid": "5510d1d2-8c87-41ed-97e3-ea52222b3f3b", "comment": "Malware payload (AgentTesla)", "value": "42d6b7576feb962fe142ee650d6e4d89", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583350, "uuid": "92f250e1-a84d-4e78-b45c-f3bc06b8dd0f", "comment": "Malware payload (AgentTesla)", "value": "936cdcfc8c162d9f0d0b0d7bd19fb18d6a495f5acc22d77606904e373948f5a6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583350, "uuid": "f2ef8aae-0d5c-4bf6-a335-c94a30855936", "comment": "Malware payload (AgentTesla)", "value": "e82f4ee7823f3101ddfbbaa3d8f622e0a6055d72", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583350, "uuid": "29a97cf9-39ab-47a2-bcd0-9231713f1cf6", "comment": "Malware payload (AgentTesla)", "value": "683b028496feaa075746b4fee91240c836c0de5f7e0729b99486db2a0eab65a3181879ea0be5acfe2382f781cdd43716", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583350, "uuid": "35fe887e-977a-4d61-8145-347c8488429c", "value": "T18A05D001FD7A4973F8DAD3B854A0273E0765BBA25462E6898EF968893CCBF5301D111F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583350, "uuid": "a7091d08-f43f-49c6-bd7d-364f222b89eb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583350, "uuid": "db586f1d-6d30-447e-967b-9681b6f44303", "value": "24576:u8QLVUZGG2aas+bWAm2DFzkhGbHmMVBLDVfh:nQLeZfsFSGF5bXBL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583350, "uuid": "018827f2-ecce-46f3-b72e-006eb025923e", "value": 840704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583350, "uuid": "3b608824-37db-464f-b702-43676d7d690e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583350, "uuid": "6bae9a1d-dc73-4e14-bbe0-d3d97369b5e5", "value": "42d6b7576feb962fe142ee650d6e4d89.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4e05aea-c942-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679552493, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552493, "uuid": "50004934-058d-4b85-ba0a-15186c5066e3", "comment": "Malware payload (Formbook)", "value": "b11d3307470737ded78d3537287ac0e4", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552493, "uuid": "481b5e9b-48a3-4281-a49a-879d58777a8b", "comment": "Malware payload (Formbook)", "value": "947cd5f58e78d46bc0ca6a271b508a3daebaa01ad1e0f9df885b7586d41bde9c", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552493, "uuid": "6c016997-6ff3-481e-9198-37480dde7fd0", "comment": "Malware payload (Formbook)", "value": "5a8cd923556b22a2c1dc6bc205e4f7793159eb36", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552493, "uuid": "3f866e06-56a8-48c8-b031-7b7a2610fa04", "comment": "Malware payload (Formbook)", "value": "4470bd431d180532f04f4d3a1003c7f2c8df7e367137ee90dd488a397a7fe8822dc6a771411f3b6007b98872c755bb36", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552493, "uuid": "9be1ab4e-e7fd-4970-9ad4-be2237914d5a", "value": "T14B350217E9C48D46D4424BF93AE3B9D9131EBC626BD6A1C72344BB0F6F78AE0464311E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552493, "uuid": "5624f868-5124-483d-a954-37dd2d46103b", "value": "24576:CLK5WQmmav30xX+MXUu9/wH+MXUu9L3bVD+MXUu9t3bVYgSm/BCvq0/Qr:CLKIQmmQ30t+MXV9K+MXV9L3bVD+MXVr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679552493, "uuid": "c361df56-48f5-4ac7-83d6-917ef49e8384", "value": 1149952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679552493, "uuid": "8d3f6afb-9e12-46ab-bb43-6e8f1ac654da", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552493, "uuid": "eca90e78-87f0-470d-aa40-7f9f6f5de362", "value": "ORDERR.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ace8cc1-c954-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mekotio)", "timestamp": 1679560073, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679560073, "uuid": "9f347d42-801e-4b10-811c-1691817c42d1", "comment": "Malware payload (Mekotio)", "value": "0ac08bb438202eb83afb9cbcc95b5c93", "object_relation": "md5", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679560073, "uuid": "051e81f7-0151-47a2-993c-978588a6c730", "comment": "Malware payload (Mekotio)", "value": "94eac92758bb0da618f3243ebc8b03c33b6d8562a5abc7b032197bc49c7fcbb7", "object_relation": "sha256", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679560073, "uuid": "2a01c039-2a82-469f-b382-560f20eedc2e", "comment": "Malware payload (Mekotio)", "value": "c241eaf2ddc56c89337bfebd827f1c529428cf58", "object_relation": "sha1", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679560073, "uuid": "b5f20a57-d57f-42ea-b19d-dcadb4335d72", "comment": "Malware payload (Mekotio)", "value": "898ebd0e1fb06eb034b0cd27eb26a649baa84e286befdd975190d822da0dec5fcad5e57d05334fde58a158501b23bb35", "object_relation": "sha3-384", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679560073, "uuid": "270a5a6f-7a9f-4f39-ac0a-bb3f6295718c", "value": "T1D8462323B6864125C0ED85714B1B7F9911B62B2587A180FF67CC99C93A73AD0B373E87", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679560073, "uuid": "fd8ed1ad-2346-420d-98ce-5e9d2c84a01c", "value": "98304:rYPtMHAes1whJZkvLJNiApoOY3XzuPNDuOlZEkwOmVsTEfkBPdKSTDX:I6Bz+NNiAeDOMOlZOOmkxP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679560073, "uuid": "d045b60d-0b19-44f2-8a14-8217f1ac3cad", "value": 5779456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679560073, "uuid": "940de501-a0ab-4d7d-b2e3-48434e399849", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679560073, "uuid": "d327cf2b-60ee-4e59-b9de-4cf167d88acd", "value": "FACT641c0.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "573b6a1b-c97d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577568, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577568, "uuid": "a5df6320-eb20-4b32-bbdd-3584abee7751", "comment": "Malware payload (Gozi)", "value": "37530b2daf89443e512de3d3166a62e9", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577568, "uuid": "c443a1f5-6990-48df-9f52-835e6e9c44ae", "comment": "Malware payload (Gozi)", "value": "953dfe2513f58dc885210ebfd369eea0e6b6a9963add320b24f1583d98f0c454", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577568, "uuid": "14af8206-f608-4157-ac2a-ce0a585626b8", "comment": "Malware payload (Gozi)", "value": "14a76a93ee21e63bd771eaeea9b63afc3acb3574", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577568, "uuid": "2e0eef0f-f036-45bd-8fdc-baf4ebf8113d", "comment": "Malware payload (Gozi)", "value": "88936b7222f1d8a820e47753d2e89c2a9de69020fa11b32bc70dbcfee608a6b05575697561b5255615ed2f3978c4f03b", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577568, "uuid": "5099de03-ed98-4baa-be0f-c83c1c477ece", "value": "T18341EAEC73168938F0ACDFB753146F818649B3E009B2BDE5B95176102A49425CA2FF4F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577568, "uuid": "3e906711-7f69-40b2-9ac3-2de65c182c7d", "value": "48:9zH6OU25aWyKElZu5fYg7ubb1eT/Bn2KDamnOC:RbdaWjQZu5fYiaYFNWmd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577568, "uuid": "4b1b92e5-257c-492a-91ca-b1b533e39b69", "value": 1952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577568, "uuid": "6f58d0eb-a050-4dac-a534-06c42b857efb", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577568, "uuid": "86b22f96-6e66-4c4f-9cfb-c6e60c5ecd0e", "value": "Fattura 2203-23_012(6).zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd26fa74-c95f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679564881, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564881, "uuid": "f610e163-f1cc-404a-bbeb-92393601b851", "comment": "Malware payload (Loki)", "value": "5f3d97569ee992454df79c7df76dc8a3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564881, "uuid": "c0710707-6cdb-4f01-8742-f0dfb2dd4e87", "comment": "Malware payload (Loki)", "value": "95c636b2d4788b417cf77e95d31c22feeb7954f362e1db3e4edbe728d4484467", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564881, "uuid": "e9a0f9e1-30a1-47e4-953b-9680213c4b85", "comment": "Malware payload (Loki)", "value": "9eb59e90586e1a9a021cbb474124aeae3e5b5aad", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564881, "uuid": "157126d7-9aaa-46ca-a2e9-972a56d92599", "comment": "Malware payload (Loki)", "value": "316f58a2985314a2577ad5eef1d38babab46136d6a80837bfa8d1564b6dc0f3ab3226c5ea2cf0c5db647d90c5d94d7f2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564881, "uuid": "1d54302c-1aff-43b4-b943-410580a6c445", "value": "T11FF42204729F8963C97D0FB5862237C153B4E7629A13E6FE1C9601D49FE2F9263113AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564881, "uuid": "7219560b-fa93-44c5-b803-88d9d768e9a7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564881, "uuid": "55e94ab8-ac60-4b83-8d57-c96b68cf25b3", "value": "12288:vXcUqYacpS0neS6cIJmxVSVEF8808GuWCFt/WVzhtU+hJtmILUH:fMUnZpViEFA2WuSJtDA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564881, "uuid": "4235a8ac-92b6-461b-b606-c1ade86cd8a3", "value": 768512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564881, "uuid": "9493cccc-4869-4d41-a3df-615728a53218", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564881, "uuid": "64c06176-a7bf-4826-bbf7-be239802adf2", "value": "5f3d97569ee992454df79c7df76dc8a3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd987376-c96e-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679571325, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679571325, "uuid": "037a74a3-cdde-4aec-865b-02ea285f41f2", "comment": "Malware payload (njrat)", "value": "7895accb1a313abb5d8a24bcf271a45e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679571325, "uuid": "f1d1c8d1-28e4-4a7a-a17b-1f462cfb4207", "comment": "Malware payload (njrat)", "value": "969122102cbe1e6717dd3ea8dda1a75309ac1b874cbe4e0da1d8916e5cc37bc2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679571325, "uuid": "25592bc5-0a77-4698-a840-9c97f0303241", "comment": "Malware payload (njrat)", "value": "413b5e805f7e6ce0c9b566ffd217877cab773ec9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679571325, "uuid": "37e6797e-d67e-402a-87fd-bdd080ea9644", "comment": "Malware payload (njrat)", "value": "52b5116e7325ebe14b7400bf8cd458ed80f1bcdb730976b4cf8f7a0c38d7f5150d35327af281cb68e2c31c56106a676e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679571325, "uuid": "a6da7696-2b08-4a3e-a060-1b4c57de6b30", "value": "T1A0D633D18D5928CFC6CA12B3719CC9476F71AB26139B25FD39C12E911A0E89A1F37BC1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679571325, "uuid": "ef386b98-4ed2-4cd3-a791-3918c752a2dd", "value": "4d17be67c8d0394c5c1b8e725359ed89", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679571325, "uuid": "0add1143-235d-457f-8eba-26f1efa5ce95", "value": "196608:ly7BRHRNIGE1WLngSAGfbD1si43021SVaYuJKrbJ0Ir13KvIVQEIH/TzXJdNGN:lyrHRN5PjD1sB0tjLr5r1KIRIHLYN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679571325, "uuid": "356ab4d8-9b4e-4895-8644-bc996b58afdb", "value": 13111582, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679571325, "uuid": "3ff9d5a2-8a69-4acc-947f-28c6ee23352d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679571325, "uuid": "a0a745d6-81b7-461f-92a8-251fee129fc7", "value": "969122102CBE1E6717DD3EA8DDA1A75309AC1B874CBE4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "398b3f6e-c998-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679589115, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589115, "uuid": "2be7a648-4b9b-4be1-9d58-212d7e87872f", "comment": "Malware payload (Mirai)", "value": "406ed5abf1f34bab4f8cc319492d47a7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589115, "uuid": "ef674bac-04b7-4a9b-a43c-04521901d984", "comment": "Malware payload (Mirai)", "value": "976bee800b7c7137df6dd9e9821b4b6fe6984d25bc9f9580e49ec322ca464218", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589115, "uuid": "1e2852d8-d7a9-4f56-80c3-b0c23b0766fd", "comment": "Malware payload (Mirai)", "value": "51054d6a3bd6c8c4c079270258d28316def2a352", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589115, "uuid": "564c9791-5155-4887-bd2b-db53f9030db2", "comment": "Malware payload (Mirai)", "value": "79432a94ebd3031d0a584c4e89ab3b333d7b58fd85fbf360eafe0fedbf50ba32b5307ba04e1137708fa123a9b4059ed5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589115, "uuid": "fdbaf55b-8a47-4509-ab63-87232edf154f", "value": "T100430BC58E763E3AC2C5F7F5E5E3D200B8FB1501A7B5420A7DEA0D51892DB80246D3AE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589115, "uuid": "d7e42ada-642c-49cf-9f92-0d3bbae06a46", "value": "384:5SfhUKQOPUQNc7v6KWKcamzmniOn1NwGNm4cbHNbcsJbkxenA/NACBds6jCNDV30:us+eiOHwGZczNbFg7jWpxmLxFQY6E0U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679589115, "uuid": "f8e4c19a-7b75-4cb0-ba23-74df024be94e", "value": 56159, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679589115, "uuid": "dbdf37f6-d7a3-4ea6-8ec2-a109c2faab30", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589115, "uuid": "d57635c1-b56d-4cb0-9115-46f91501c249", "value": "406ed5abf1f34bab4f8cc319492d47a7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "51da8d90-c97c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577130, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577130, "uuid": "e2d919ce-6d1c-4e90-a19d-46824cfb9c19", "comment": "Malware payload (Gozi)", "value": "b973b173f17815f4cc7d656043317d62", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577130, "uuid": "8bc4bcc6-9578-47b1-b573-7bd5d8e5254f", "comment": "Malware payload (Gozi)", "value": "977449397a0d05fbd62549558d3a3b950b5a9babed79acc37795031df9ba82fd", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577130, "uuid": "83c8319c-0318-4753-8cd3-cd5c98bded95", "comment": "Malware payload (Gozi)", "value": "3d3fab61c6bbddb427f7f072967b64f1ad7e29f6", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577130, "uuid": "066b286a-1032-413b-8208-ee33b7680b57", "comment": "Malware payload (Gozi)", "value": "e55b133241639ea311a7004df0a77c7e304d51b1eed69224b37140716df909e698dfc9fdc1ce06181f78ad0ec2e6e303", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577130, "uuid": "0d702f45-9c67-46f1-a30e-0f18c3b8bb5e", "value": "T16DD2C1C2E1190BB4DCF009DF5BEC09F90978C96A1D5BAECBA6430DC24E31657301D6AE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577130, "uuid": "14f54648-0f52-4abb-bdf3-fe64f97c6e15", "value": "384:dYrpS6y+vIVEf3FmL3srkfaaPEt0EtsRs007fGec1OfDc1Ofmc1Ofmc1Of9cWHXK:2rpy+TfETDaaccW/7Opf44Xwc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577130, "uuid": "68deb578-c6dc-4b7f-85fd-0bb463f36e12", "value": 30300, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577130, "uuid": "2b16de19-5e8b-40c9-a9ed-d0cca352e761", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577130, "uuid": "3941f9f6-a25e-4b9e-aa0f-66a85c225151", "value": "documento8.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9f23f1c-c993-11ed-88f6-42010a9c006e", "comment": "Malware payload (Guildma)", "timestamp": 1679587264, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587264, "uuid": "9e6fc286-4b92-4306-811f-e05424f85981", "comment": "Malware payload (Guildma)", "value": "0fac7609dcd39099dfa2e5ac6766d15e", "object_relation": "md5", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587264, "uuid": "9aa58a87-e296-486d-9143-fd2f267b826c", "comment": "Malware payload (Guildma)", "value": "9809396f736e17ce3f80659aa9530738680f9de51afc9cc0cdd75d5d567fd1df", "object_relation": "sha256", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587264, "uuid": "769a6440-c17b-443e-98e5-992de6d18449", "comment": "Malware payload (Guildma)", "value": "4cf90b651d87193afd9cb5030561f11b7e5e35a1", "object_relation": "sha1", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587264, "uuid": "08f5d923-e89b-4306-97fe-c635417385aa", "comment": "Malware payload (Guildma)", "value": "f0794bf3eb23f3d5d33165251055f4d9be2e566760479538ad184d6103beb344759dbd738337528d4bdd5ff0e0b64535", "object_relation": "sha3-384", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587264, "uuid": "8317aa8b-8844-4ea5-aab4-0690fdfbf6e0", "value": "T15DF0AB0CF1512E42D07C41318C171F688C9CB9470F1410ABAA4A07C71A24AC5AF0E3E2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587264, "uuid": "edfea977-9ce2-40df-92e1-975247e5c8d0", "value": "12:8rflM8OBE6ZGFgkfqDEijdKLeOmpom73+dHpBj:8loGFFCDEi0LeOdm7sj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679587264, "uuid": "a7463e80-31dd-483d-be92-03193a73c199", "value": 485, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679587264, "uuid": "b24eb652-2481-43f3-9d1e-e8a830c418fe", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587264, "uuid": "ac680ef3-8f01-4bf7-8a3f-c5cfbbcd8194", "value": "Visualizar_CRLV_2023_4142619_406.42766091.234780.48945.lNk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ed23283-c9d4-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679614894, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679614894, "uuid": "be08feb9-047d-45e4-86ab-e7020baccfc2", "comment": "Malware payload", "value": "cb55e54b043b71ec69d633e3c0e45eb3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679614894, "uuid": "cd3f0cbb-56c7-4982-b86d-619fb905ad34", "comment": "Malware payload", "value": "9854abe9e976dd47cf7ec838549071c284d228c18563fc11cb29a464b183cfb1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679614894, "uuid": "1a0f8088-7144-4cd5-b42a-a95172eeb259", "comment": "Malware payload", "value": "eb45c04b9f302e2f9b998d0617e105e7d6559722", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679614894, "uuid": "95bc8690-5185-4a39-a097-b6c71875b083", "comment": "Malware payload", "value": "c16c1bbe54bfe1994ec61a9ac9d1a8f82e674f5f4a1372956dba0ca988ca859440fc3e421671d3312f90661a622b7ed2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679614894, "uuid": "6c7ccbba-c0e1-411c-8cba-d29ad5260bd1", "value": "T118251203BDC19472C8621D3317A46B21B93D7E201FA5CEDBB7D86E2DEA614C0E735266", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679614894, "uuid": "cd470b8e-1c77-41f5-996f-d07bed0d726e", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679614894, "uuid": "0b1377ac-db71-4238-971d-c15bf3e7a375", "value": "24576:GTbBv5rUlIGBxIjVyz+CdDykqvTJbHnU:4BRxK3Ddq97", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679614894, "uuid": "18207806-82ef-4d20-9489-cea86260079b", "value": 1022289, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679614894, "uuid": "2c00f9bc-a03c-4628-9242-35708a984502", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679614894, "uuid": "7bdc0fc9-4b89-4665-a2b8-a48109b84a8c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1545e69f-c97b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679576599, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576599, "uuid": "0eebe236-6074-465b-b4d0-43397e2f0a5e", "comment": "Malware payload (Formbook)", "value": "7210e586178e2a144a8f38e1d0814573", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576599, "uuid": "e13dc7fa-1af6-471c-b27e-83c4999380e4", "comment": "Malware payload (Formbook)", "value": "987f477e626f57c4ba440be3016995b5b9d7365a422c0a1d9be524e4993def8a", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576599, "uuid": "a1eb208c-c31b-4d36-af40-e4e9272ad7ff", "comment": "Malware payload (Formbook)", "value": "2bbbeb65af7089f73bb5974941d2ca877d19ce28", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576599, "uuid": "e17d2d3c-66f4-4949-99a2-30fc250c560e", "comment": "Malware payload (Formbook)", "value": "7c3cded7baa04a420549491b677edbbad6451c3852cef3724d2dbb87a6934cfbe58eb999e0a99d3d8f460cd2dc9193c2", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576599, "uuid": "89275a68-6b47-4818-a24f-440beabbb895", "value": "T1D605E010FE7A4972F8DAE3B45450133A07A9BBA25066D6998EBD68C93CDFF6700D011F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576599, "uuid": "d9a678ff-e60c-4858-a756-b703ddaa724e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576599, "uuid": "6725cbd7-c1fa-4dc7-a00f-e4a4452853f2", "value": "24576:z8QB+UZGELUTYB7T01XxBolcs/IGjqTxBvq:YQBhZVU8B7iBo3beTny", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576599, "uuid": "d7d03e44-f8ea-461a-8174-8d3d7a7f904b", "value": 856576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576599, "uuid": "7905b3e3-77f9-4c33-9643-c051763b05fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576599, "uuid": "1cb47600-835e-4bc8-bf14-24d8abd50768", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b76c953b-c974-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679573864, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573864, "uuid": "50feb475-36b6-444f-ad33-b8cf0c8016a6", "comment": "Malware payload (Gozi)", "value": "e2a7a2babe04157758debf55352f6e28", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnf", "colour": "#E6A332", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573864, "uuid": "625821ed-d309-42e5-9664-87c22f921239", "comment": "Malware payload (Gozi)", "value": "98c3af30fecd5ce4f10693fbd73a5bc5cf0fecef8171c7d53761290de2a70f5d", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnf", "colour": "#E6A332", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573864, "uuid": "a9c19adb-dabd-430b-b37e-5e7dcd812682", "comment": "Malware payload (Gozi)", "value": "53cd35a7dd1ca3cefa9ec0caf57d933e1c7708a4", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnf", "colour": "#E6A332", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573864, "uuid": "b82a0d93-b898-4fc1-a893-31ad990b0db6", "comment": "Malware payload (Gozi)", "value": "edcf1ab941959d8e0528dd2aec4315c6e6aff3f7a2ef32cdc02eab556b4c0fbf58aefe0385230f995be90e18c8b5d07d", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnf", "colour": "#E6A332", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679573864, "uuid": "31bf7f41-fb29-4b69-87c5-d1842ad88e2d", "value": "T135D16936825C2FFF383631BC5C1852A225B2947B7A7F1DE7B47444A8650CB1051B6EEB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679573864, "uuid": "491fbdb8-4362-41a9-8220-60255021081c", "value": "192:M/fnUwLR8EzDM9a9gJ3txMwGEzbrfPLrFaLc:dY4smrn/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679573864, "uuid": "4916dd5b-5059-4ee8-8887-528de185e1c8", "value": 6684, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679573864, "uuid": "3b340354-3faa-49d3-8699-f900abf9763c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679573864, "uuid": "3689aa1f-58f0-41c7-9700-ca79ea82936c", "value": "23.03EK_1.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1dd33a1d-c941-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679551702, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551702, "uuid": "f0a6656b-37b8-4f2d-98be-cffd9a780154", "comment": "Malware payload (SnakeKeylogger)", "value": "1c0aed50992370979a689e2c6c4c6ef6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551702, "uuid": "a81fc2d1-2054-4af2-8aab-d7f291d1dde3", "comment": "Malware payload (SnakeKeylogger)", "value": "98fb1dcd54683ed84f00c127cfe54942c4692c569c2cf4be78ac616ecae13945", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551702, "uuid": "6601f589-1a45-4ad5-9d0b-80c43d31dab7", "comment": "Malware payload (SnakeKeylogger)", "value": "81a0457e748f2751abc5fc490ce6f2058bc71ed4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551702, "uuid": "cff810b8-c68f-4d8b-9130-2516b1e2dfae", "comment": "Malware payload (SnakeKeylogger)", "value": "3f6f2c08f3bd8c1f5d625f143d35db55bd640d2b77c0ee2ea563098abfe02d6bde4663978d5dff12cec3c3a451997d41", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551702, "uuid": "67ba880f-c1e4-4287-9ab4-4330df6ae535", "value": "T128155C41EFAA6460F02144B9216B7D1FCD51A88D98EDFB6E190FEF31F5E221D1D82E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551702, "uuid": "feeb3657-85f3-48bc-906d-60b27f93dccd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551702, "uuid": "2a183e13-cfdf-40c7-8a7d-fd339f93f8d4", "value": "12288:oQSPGyqW6qLw58odq0w37JJ+qt1ILsrKOCOzgGkH7hI8WJ/vxiLATAGn3WtNmBNG:oQSeCXEywGvCvHb2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679551702, "uuid": "5c32eb13-3e6b-4d1f-855a-204b9600df33", "value": 926720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679551702, "uuid": "71aa3322-2ce7-4aaf-a35c-74686c209c01", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551702, "uuid": "acade47e-e738-4969-8429-5b204e2d161c", "value": "ScanDoc#8566.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99a2ec31-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload (STRRAT)", "timestamp": 1679583263, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583263, "uuid": "b6a6c5d0-6a1b-4b6b-9b3e-32f50ba61fd7", "comment": "Malware payload (STRRAT)", "value": "4381a250f46a833a36410b12ad76ff5d", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583263, "uuid": "334d0019-ba86-415b-a31f-f90157bc137c", "comment": "Malware payload (STRRAT)", "value": "9a0314c8e141bce367640205fbf8b4d9513bf6624b4aed73db98bf97e7148b79", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583263, "uuid": "cfee2590-b342-40e6-b805-77a577dd52d7", "comment": "Malware payload (STRRAT)", "value": "c2d0b9eff78835a378fa220a1b714c0a08976582", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583263, "uuid": "47d618c0-7b13-4e93-b388-5ce473d4528a", "comment": "Malware payload (STRRAT)", "value": "4117b9f17ab420ff674bc310d02294ec281d2028fc938740639acd5f943c766b9533beeb292899543726b94f72ed9799", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583263, "uuid": "bbecc300-5890-4403-9e30-da96e43c6073", "value": "T166749D0182832E66DA7EB40D52A62E124FA1A20D1335607FB7BEFF4D9F67F0C8495D58", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583263, "uuid": "03e8fd92-1b47-4db9-ae3b-af73069a8ffb", "value": "6144:GQXxVLON4YkpbhDBmePEwRIYzF0up2Ros2gYdoK+DN3oBeZLqp/0DT0fXM:N3LDrlztIzEj+WcZqhiz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583263, "uuid": "95abc3b8-9727-46ee-a805-e7d626a96a99", "value": 349553, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583263, "uuid": "31806c0c-c63d-4de9-a1f2-b511972dd25c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583263, "uuid": "f87153e2-7d11-41b3-a14c-7962e2027c5b", "value": "doc20239871218520685698968795565232323.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19667533-c988-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679582189, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582189, "uuid": "d8bb0f84-346c-4684-9107-1a9a681ba46a", "comment": "Malware payload", "value": "2cda10edd2f8c657888c26b25f97e29b", "object_relation": "md5", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582189, "uuid": "2605fcfd-fa0c-4c40-bc64-522223448b48", "comment": "Malware payload", "value": "9b03026e0b021b54cdee3d83cadbf8d204a79cc650a64ef91822322bbdb3d404", "object_relation": "sha256", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582189, "uuid": "8cafa2a0-1ec6-475c-9a8c-bd15b8cba3f2", "comment": "Malware payload", "value": "0a9b99ba25e6a86aed8bcb8b47d480675143acab", "object_relation": "sha1", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582189, "uuid": "6bd98e51-2951-45f8-abba-cf9173a1c3fc", "comment": "Malware payload", "value": "5d2a9ddb86370796fd049b400d2eb9a0b1564ebb01fa42bb2d5a093d5add8aad05d28457fabde76ac715f53cf8f57d81", "object_relation": "sha3-384", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582189, "uuid": "24c73d08-8b8d-4ea6-b41b-b4186c733525", "value": "T181F0993054020E1BC290C1F225D87F2FFAB79342D04F28AADDCF9A13D86C8D50D8A416", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582189, "uuid": "3fc7841d-57c3-48fc-bf0b-5f9fb2ade6f6", "value": "12:jZ/I7DPDeCWimPzQ1LRNTNiaBGz7DcAKGSddRoo4D3JQGnURoo4D3JUDEkEFToop:jZ/IrRWkQKyRSdma2/hkryEVy/1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582189, "uuid": "2907bfbb-22de-4069-8048-aaa94bbbbb1d", "value": 643, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582189, "uuid": "e26a7177-d6bd-48d5-835a-ffe88954fb46", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582189, "uuid": "6758370e-1496-4f28-b0d0-5216f640c6dc", "value": "2.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce114dc5-c95f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679564883, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564883, "uuid": "54542c78-7cf3-4df8-843f-64826087f401", "comment": "Malware payload (Loki)", "value": "203c9ad7db5a2114b3f6a2e89ae38e29", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564883, "uuid": "266a6401-cbef-442e-8b2a-8afa69b7537d", "comment": "Malware payload (Loki)", "value": "9b121e2b55d7bd57ebcde6a362a90d941e4d7108be4438f82c1b89aa62f45ef3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564883, "uuid": "4eb00850-0cbc-40a9-a616-408e8bed32d0", "comment": "Malware payload (Loki)", "value": "974ca662a6b7470650dcb50f16ec1d1278cf375a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564883, "uuid": "e269d354-43ce-4a1d-9b2e-bff9de594461", "comment": "Malware payload (Loki)", "value": "9843ae68b4f25d6c4bfc2ea92b328baf0124a3cde98c41e81658b26a0fb85d8fcddb86d8cdacb5cca4e2e70f5694ce52", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564883, "uuid": "2316722d-c556-49cb-8d06-1fd083b4a2b0", "value": "T1F4847D0252E36861EF1347728F2EC7F82A6EB8619E177B6E125DEA3F0D701B1D562305", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564883, "uuid": "b73f9dfc-7199-499b-ab56-db6bb6df751a", "value": "18027003e68ded455b288db03553d6d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564883, "uuid": "14d27fe2-dbd8-48ea-81b3-5c8a81324ac2", "value": "3072:mBBCC4PN7CHcZF6kskG52gPOhElOflZMX8MOCGT2ddzTMa:As79ZFrg52jzlatkGdzY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564883, "uuid": "c8081421-9baa-4703-a319-b2c3f166693e", "value": 396288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564883, "uuid": "3042dd65-f29b-4062-aba7-1f4bcf8d545b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564883, "uuid": "37e238e7-b246-418b-86cd-f96ee67d63d5", "value": "203c9ad7db5a2114b3f6a2e89ae38e29.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20851642-c941-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679551707, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551707, "uuid": "1ef70381-458b-4aed-bfaa-003655bfd495", "comment": "Malware payload (SnakeKeylogger)", "value": "a1346868fa07d1e8ac447898d621c1ae", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551707, "uuid": "11d14fda-3f55-4f1e-bc78-698b6a042d78", "comment": "Malware payload (SnakeKeylogger)", "value": "9bc1e4349e18fc99f0d087259e1b659b9bb0ef08eb3c12881e1461c29a5bea31", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551707, "uuid": "7fa53e73-eb38-4c64-b35f-66d181ae5ca9", "comment": "Malware payload (SnakeKeylogger)", "value": "a649ab0a795a097ee87221568d3517846f8c82bb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551707, "uuid": "9cade3ba-040f-47b0-8818-90140d7e7ca8", "comment": "Malware payload (SnakeKeylogger)", "value": "93f0e0aed2d7414c995c23d6d7d911d544a63ad365c8444270b55b966405e563c377f113ee4316819304e1d4d0c675fc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551707, "uuid": "c924c5bc-df1a-4f45-a09d-a3a4775e161c", "value": "T11E154A41EFAA2060F01144B9216BBD1FCD51A98E99EDFB6E150FEF31F5E221D1D82E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551707, "uuid": "d22aa5ca-9141-46af-8e69-d2fbb95ef2e9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551707, "uuid": "fa633ab9-bf44-44d3-a4cd-40a50709e93e", "value": "12288:w1QttYXfCr2O3Tj6vNV88YlplrVL6KE6YgLPxaQsv3nO4+GBJvxiLATAGn3WtNme:w1Qt6fCr2O3TzplJL63OPxMfDRZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679551707, "uuid": "a8750cc5-616c-4486-ad3a-db01eecedb2b", "value": 908288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679551707, "uuid": "df2c9062-b54f-4b31-a102-975288f4f9ad", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551707, "uuid": "bc757b7c-34cd-49e6-acbc-fa923f60f584", "value": "Confirmaci\u00f3n de recibo de transferencia.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2048c94e-c915-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679532809, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532809, "uuid": "f0684c4b-139a-422a-b9ca-a4ace8f81d67", "comment": "Malware payload (Smoke Loader)", "value": "bef10e115f863e56cfe95df9326a49ec", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532809, "uuid": "3e83eaf9-512c-433c-a176-a66c756547a6", "comment": "Malware payload (Smoke Loader)", "value": "9c7197fb6e3181af122aa1c22b1f0fb91991c1280a9a47627fd239857c325193", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532809, "uuid": "a7838fd0-aa59-4785-916b-68e3298fadaf", "comment": "Malware payload (Smoke Loader)", "value": "95fcc90087dce9e91d3744d2ffbfa14aeca8dc96", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532809, "uuid": "8942b945-4e8b-492f-b175-b500fda71f7d", "comment": "Malware payload (Smoke Loader)", "value": "f8ea41ce811e599ae79122aa2551a21f91cd9e79bdfe73c15274246e1b868faf3de77d634df02dcb80b1c989177fe8ed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532809, "uuid": "027c1a32-09c0-4a9a-989e-c859342647a0", "value": "T157847D1253E36860EF2347728E2EC7F82A6EB8619E177B5E134DEA3F0D701A1D562705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532809, "uuid": "9075269c-3696-4fae-ab53-5c6058b7327a", "value": "18027003e68ded455b288db03553d6d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532809, "uuid": "6ec34c1c-a9a8-446b-a0cc-15b04a1b2d9a", "value": "3072:BaDCCGPnCgHwVWq/7TpQMPObmWRpxl5RIeEbe9LFhMu4hNrMa:aQC/VB3pQpdpl5RIlWENg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679532809, "uuid": "758345d9-71af-450f-b203-5e020baf43a1", "value": 395776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679532809, "uuid": "c1a8733c-b0d3-44a1-91d1-131e4a8abb0f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532809, "uuid": "6027ffea-7aea-4d0f-9038-b19dd1152c9d", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "514a46f0-c93d-11ed-88f6-42010a9c006e", "comment": "Malware payload (RecordBreaker)", "timestamp": 1679550071, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679550071, "uuid": "57076b8d-c68d-48c3-ace6-d7ae2553652c", "comment": "Malware payload (RecordBreaker)", "value": "585514477bdc63a06e50fb276d24aa79", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679550071, "uuid": "207c6efd-4a06-4122-ac96-52583e046f4b", "comment": "Malware payload (RecordBreaker)", "value": "9c8fefba43de5c38c6aff418e997418fbf8d0e81037f7484bf6e0da40b2bd444", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679550071, "uuid": "8b224dc1-6687-4f1b-9596-ceddc9197a49", "comment": "Malware payload (RecordBreaker)", "value": "3177c778b15fb8b1c310327391103fb4f11ed12a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679550071, "uuid": "10ae0252-7ca0-4dff-a511-b520ea97e0a2", "comment": "Malware payload (RecordBreaker)", "value": "6bec360671396853673ac90c4c78b35730f5ebd5beefa44a439a5cfef48914995564d90cdfd05bab8c0fdea1d7228284", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679550071, "uuid": "80f7fb1a-b71f-4ecf-804f-91796a021c9c", "value": "T1D3153A40EFAA6460F01144B9216BBD1FCD51A88E99EDFB6E150FEF31F5E221D1D82E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679550071, "uuid": "73b50f13-7516-4023-91c5-74e65fff0fb6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679550071, "uuid": "2aff9c61-a17d-41e2-b184-23daf8b9dbab", "value": "12288:bv1ZIsdiK4G0QFbwOguqP6h45Cxpyx0lp5aNhc6HMiJDUvxiLATAGn3WtNmBNa4e:bv1ZIsdiLGfFFguqP6hdQuaNu670", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679550071, "uuid": "c49165f3-0197-4aa6-9582-a055a0d9a849", "value": 884736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679550071, "uuid": "ca3db465-accb-49bc-a9d9-84d023589f84", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679550071, "uuid": "621f0351-6f29-47d4-b4dd-ab73e8993dad", "value": "585514477bdc63a06e50fb276d24aa79.bin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e227df4d-c914-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679532704, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532704, "uuid": "1e20a476-a47c-43c4-8e0f-eecaf1996d27", "comment": "Malware payload (Smoke Loader)", "value": "8ad82c1e09fa69b440c0f5b02362aa36", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532704, "uuid": "d4fb9116-04ac-4f2e-8112-7a4fab6a74fb", "comment": "Malware payload (Smoke Loader)", "value": "9d01862301d8d9f8866e73f9ff36c4073f596c485197e7d7f6bb0d10909897e7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532704, "uuid": "7ccc31bf-aa20-4cb6-9c09-8530730ae589", "comment": "Malware payload (Smoke Loader)", "value": "588b59b6416ba00e6e9e8071e876d8d1a11eecfc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679532704, "uuid": "e8c6f84f-d7c3-4cbc-865f-34e7d6b2f01c", "comment": "Malware payload (Smoke Loader)", "value": "7cbcc6bbdfde1d65e854c41651afd7bbb4128f584d77111dda741f2422346fa5948be3d6e50a7fdeb6137e623562a417", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532704, "uuid": "3fd64f86-ed94-4ab2-9280-7c0c291afec1", "value": "T177447D0253E36861EF3347729F2EC6F82A1EBC619D5BBB5E124DEA2F0D701A1C952711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532704, "uuid": "3cafca31-95fe-4607-bfe7-72ed848b13b1", "value": "1da652280d0e88580dfac17c8bc7ccb0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532704, "uuid": "903d18bc-d5cc-41f5-8ff7-542249f7408e", "value": "3072:kTbAHOX2ya4r/kNER8WOgucvEF4/caHt9Q/YN8IaGzJmRhU4DgTCLMa:ymyvcNBMQbaH7Q/PGCU4DmH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679532704, "uuid": "e74b068d-0f09-481d-b65b-e4947527070c", "value": 253952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679532704, "uuid": "9df682f0-f064-4a03-9794-15de935fccb5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679532704, "uuid": "c016f3a8-b094-455f-b060-dc33613cbd81", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2abecea2-c97c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577064, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577064, "uuid": "a455f11a-d22a-4e92-9d6a-fd6b16489a8d", "comment": "Malware payload (Gozi)", "value": "bacdda0a761949eb53528e6196480411", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577064, "uuid": "c738816b-7973-4b17-b0c7-26594eab07cd", "comment": "Malware payload (Gozi)", "value": "9d7b28f699e938e6ee60528d649b8877b07f3a740471a78ffc41a29e51b84209", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577064, "uuid": "858fe41d-e247-4a20-8567-4b955500bdd5", "comment": "Malware payload (Gozi)", "value": "e211aac95d8bfd6064758091231aa75682f4bb83", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577064, "uuid": "12bd488d-de05-42c3-a143-aa865f144848", "comment": "Malware payload (Gozi)", "value": "7de62d271dcc5e0fc8f6a64a09f20a55cd0ae2d30fa79d94105e4d401b2873d9a9931d8b2280d581b48cb647c595be8e", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577064, "uuid": "85154881-1a40-4895-80dc-8b7aaf5984ca", "value": "T19903C0A036C6C565218FB591AE373FC46AD49D70F1D1D8FA402D2BD3BF498B7B2A4212", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577064, "uuid": "166572ca-7a3f-4db6-a0fc-4c99e9afd1e0", "value": "768:JC7/bQ7/br7/bC7/bi7/bi7/bi7/bi7/bi7/bZ/uE0/uIHMyOY5rO9HA7RHQRHqY:JC787P7G7W7W7W7W7W7F30mQ6YxJpkOa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577064, "uuid": "c61fcf48-bbfc-45f3-a5e4-128e0f0e90ef", "value": 39743, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577064, "uuid": "7ba57d3d-5ad3-4278-a247-7bc36f14f8e9", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577064, "uuid": "95dea691-281b-4e51-979f-e65b332b6a23", "value": "documento1.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eead5e3a-c98e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679585124, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585124, "uuid": "44493bc3-44c9-4270-abfb-d88b93f1d7d5", "comment": "Malware payload (Loki)", "value": "71ce5280928170663a123b63936aadcb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585124, "uuid": "f7bdb586-f5f9-46e5-a860-21fcf73b4948", "comment": "Malware payload (Loki)", "value": "9dc06019847eb815cd4e5db3d870013d052888aa6a9785fc85e10b57d10b84e4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585124, "uuid": "5f2be75e-d22a-482e-a65d-6355299d3fa6", "comment": "Malware payload (Loki)", "value": "c01d62d656efdfd48b0583df274b46f0ed46214e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585124, "uuid": "79e03b77-1fff-40e0-9bc3-6f4d7d16dae1", "comment": "Malware payload (Loki)", "value": "eefe654ff815ea98bf9929c8ff8873b99f0ad2c03fab73685ca66bd62df40a607a85dfaaa653fe43beaf476e7811dd81", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585124, "uuid": "40e6e818-e880-4f3c-926d-58db191a4ba6", "value": "T1FED48EA25795F635E39C433AC9744B6872B8FCDE52A79B0FE1202897CA4F730478531A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585124, "uuid": "b1765f34-bb22-4ff1-bac9-17b662b9c57c", "value": "c7b336c0606fa82ef435a3a60c65af55", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585124, "uuid": "d20e9e1d-7d91-4dca-b628-0cbccbd31d54", "value": "6144:9H1gozVKh+u7pu946bYjJ3G4rTnv/L5uQquTTQ:p1goEhfpjL1WqTnvDE+X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679585124, "uuid": "2a21d072-a01a-48ac-857a-3e656d78dab9", "value": 655360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679585124, "uuid": "e0c7aed8-28af-4173-a512-7d13b7b2d383", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585124, "uuid": "36f70394-ac7f-406f-b6e8-a1bb19be3dc5", "value": "9DC06019847EB815CD4E5DB3D870013D052888AA6A978.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6474f408-c93a-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679548814, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548814, "uuid": "f884fbf1-7fdc-4eba-ba11-21a7aeacc817", "comment": "Malware payload", "value": "2e16dcc2e5da5997788c984683a9a30a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548814, "uuid": "e91efc5e-c86b-45c8-842a-6cc4e93350e6", "comment": "Malware payload", "value": "9edfddb147829f4738b7dc33a7d8bfe86671b1d90ca65127561b7be7cb53a9a3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548814, "uuid": "5591f387-21d2-4899-b920-ffc0f8a93ada", "comment": "Malware payload", "value": "4e40c6980eb20c492b9b606acadaafd986c48228", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548814, "uuid": "b9f7b6b4-2fdc-445d-b715-9858b2fdd15d", "comment": "Malware payload", "value": "935aeff1f1a61627711b51caa080c85db459caa49cf1d3e32d8799820657ffacc8a7f1c9b6bf8bd84514b5b12b28cf8d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548814, "uuid": "3da226c7-5fad-4a7c-937b-964c62a4fc75", "value": "T115E401246BAB5735F13607BE91E42299A36DB3622327D85E04F622CD4B637064ED073F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548814, "uuid": "5c799451-05ef-4c00-b59f-dc6f56688a83", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548814, "uuid": "0fe24a92-1c59-4914-9088-5cb391e02604", "value": "12288:bPqmYMUnFW/NAb0aOPDzzx2SM5o9aF5qxm7G+jtFtocluO3Oa3R/BXSHE:bPqUCIaa525/5qxgPtJl58", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679548814, "uuid": "b1360616-e19b-4d54-b689-45e09e08bcbd", "value": 667136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679548814, "uuid": "2807cdc8-f70e-49dd-a625-bdeaca4acae3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548814, "uuid": "22d6c1e6-7461-4877-aafa-4e79fca53593", "value": "2e16dcc2e5da5997788c984683a9a30a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57057e1d-c97c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577139, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577139, "uuid": "a138fc7b-4a89-457d-9686-be9cd1518b44", "comment": "Malware payload (Gozi)", "value": "7a2b0097e52f73bdcd0baaa68f1fa78e", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577139, "uuid": "b4de6037-13ba-4db7-b62a-9b6c7c1234e9", "comment": "Malware payload (Gozi)", "value": "9eee8549196ec7e634154572cc372c657e10222efc87da6f07f45b4afd86997f", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577139, "uuid": "8e7b2aa1-7c05-43c0-96d9-9f13605e954a", "comment": "Malware payload (Gozi)", "value": "ee24307b085bf212d3c4d4f867f6d143128a7d73", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577139, "uuid": "486df3a6-2dd7-4fc6-ac60-553c3cceda55", "comment": "Malware payload (Gozi)", "value": "c6bc74249b09bd998e1019c126d284aacd77a3c0fcb439c5f8761b7b97d1f6ab036b65b444f973d99d6146bc7a48035d", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577139, "uuid": "5e909909-ab00-4b9c-9438-62c64f34e381", "value": "T120D2CFD1CF964EBEEC8B0694906FEF9713A46F85E579A9A75CF341C24AC0244E106B24", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577139, "uuid": "f3116eab-1566-4cdf-94d6-04659989a300", "value": "768:tApGE53k4F/CoDXeN33NzRDqMjrJhxJhwJhDJh8p2JPKk:tApGEnP0dNjrJhxJhwJhDJh8pSyk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577139, "uuid": "17d3adc5-6303-448a-ac0c-eafd9c3487d5", "value": 30074, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577139, "uuid": "d4b1e520-bd11-4ae3-a99d-d0a4f3d116f0", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577139, "uuid": "a5a72806-ab8a-4c9e-b0b2-c33c85869920", "value": "documento10.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d37cdd2-c99d-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679591322, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679591322, "uuid": "a7e28195-fb01-4469-bd66-8fe6950b1540", "comment": "Malware payload", "value": "222e2ee4220e940aa26c545f6155e5a3", "object_relation": "md5", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "obama246", "colour": "#708AE4", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679591322, "uuid": "8f039d76-de4c-40c3-bef8-4d563d09c5b7", "comment": "Malware payload", "value": "9fd86d185a1837b9dbc5c2f5719fe7b260b226a1e1c7e8a9f14da1c97f7b13d3", "object_relation": "sha256", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "obama246", "colour": "#708AE4", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679591322, "uuid": "c9ca0f13-7a31-499c-8941-fa334e10a162", "comment": "Malware payload", "value": "ee0992a4bf56ba7dfef215fd2be97cfe0a666d53", "object_relation": "sha1", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "obama246", "colour": "#708AE4", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679591322, "uuid": "2309432c-91fd-4a47-bb1a-ae69ff157ab1", "comment": "Malware payload", "value": "e7a0dffc6d2d1e63c776c30499ce30ad873a1ad79f22035d09e0e523580977e15b503b261e2c5fa327bf2bc17d492e19", "object_relation": "sha3-384", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "obama246", "colour": "#708AE4", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679591322, "uuid": "73cb99e2-25b4-433c-8869-f02042e5b3f5", "value": "T115344B4BAD9B3D9DCFB7B94628DC9AD6280D2BDF046806C8B60E6C4847AD55F0CC91CD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679591322, "uuid": "e930a215-b84b-401f-ab8d-f811417fc404", "value": "6144:k2xAISJ4iPRb/EaOWQMrE2xAISJ4iPRb/EaOWQMe:PScavLScavm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679591322, "uuid": "e9626f31-0294-4c82-be85-c4bd49bd658f", "value": 232444, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679591322, "uuid": "fd6e7b0b-6731-4c9f-a5f0-8205bd732f94", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679591322, "uuid": "3bb38b0c-e5aa-4425-a518-522e087ab192", "value": "Claim 294095 Mar 23.html", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3de83d61-c97b-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679576667, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576667, "uuid": "3bbac893-20f4-4b92-a036-c9ad89a8942b", "comment": "Malware payload (RedLineStealer)", "value": "d10aaf4a5d454157ed99fbfcbe8e4e05", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576667, "uuid": "69d4d370-044d-4e5d-a623-51ac66e8d23b", "comment": "Malware payload (RedLineStealer)", "value": "9fd8eaf1fbe73184dea0e6321db29f8e41814de9f112c6f815668478eacb669c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576667, "uuid": "77c31445-0df6-4aa6-9824-397da8a63604", "comment": "Malware payload (RedLineStealer)", "value": "4b080b895d185629b16b74d0a2359f34ed05347a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576667, "uuid": "b91f7ebf-3c9f-46fe-9f16-84e96007b4ad", "comment": "Malware payload (RedLineStealer)", "value": "d40b141d99ce49e247b72de95ff31cd1f2a2dc83afeef96c9a5ff0d4e408355a2f9b6afca200153485ac3a3936ec9cdb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576667, "uuid": "76425af6-5e09-4cca-8f84-909c297951f9", "value": "T187252323A3D19422CDF91BB18DF652832A357D916D785B4B3394D84F0C336E29A3672B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576667, "uuid": "d0e0e2e6-b59b-4b25-8712-e0a7de123e02", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576667, "uuid": "289bf54c-c43c-441e-b3a8-2b4920bf70b0", "value": "24576:lyxGsIHRHyXtX1sGYkA8mlk0dMoSf27NFbI9:AxYJy9FGkmlkcM3gFb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576667, "uuid": "8d02ad4d-c7bc-4a95-8e70-7048c7634520", "value": 1047552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576667, "uuid": "a4a2c34b-afc2-4784-8a0c-bc69c3298c4b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576667, "uuid": "ef186d80-2d39-46af-a19f-2c561bea3ee0", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "701ffbb6-c979-11ed-88f6-42010a9c006e", "comment": "Malware payload (GuLoader)", "timestamp": 1679575892, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575892, "uuid": "b208f0d0-5039-4b39-8fb5-58974e0856df", "comment": "Malware payload (GuLoader)", "value": "3c7fffda5fde208e65954bfadec1c69b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575892, "uuid": "ffba9d8a-7a4d-458e-8aef-9ffc2277de51", "comment": "Malware payload (GuLoader)", "value": "a07c124d0f9e49d59f7fbefc40086930d21a10807f0c6b1124b9924fb20eab6c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575892, "uuid": "8cfd003c-cd20-4439-ad68-13df9c4ab5de", "comment": "Malware payload (GuLoader)", "value": "f939088169038d91e707723d53103daaed705ab7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575892, "uuid": "1db55998-aa6f-4313-9b3c-a0629cbcd04b", "comment": "Malware payload (GuLoader)", "value": "59beefd54353d48923ca285eb64d1a31cf90fa219bb9cf53fd8aa6bef0f9dfd76cfbe362292995b59d6109675fac182a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575892, "uuid": "48188cba-8398-4dee-8e4c-68edf4332d8e", "value": "T13064120A3141C967C77B12B57D2D5F118B0BCF2740615B8B73A23BE538BEAA1012FA97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575892, "uuid": "4de8d07d-34a3-4c95-bcd8-50594d4f44cf", "value": "7c2c71dfce9a27650634dc8b1ca03bf0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575892, "uuid": "b0440f0f-f709-41a5-871a-ec4171d5f5af", "value": "6144:kQLFhHAzxh9/lGie0pfbR/fpIp0qchFVDlkc2hIFQu/6PwONzkbaIdY:xFWVhR4ie+fbtqKF3kcX6PGq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679575892, "uuid": "48a18ea3-1bb0-4740-94f7-2ba990f91151", "value": 306917, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679575892, "uuid": "767fbe52-6275-4490-9f81-616459965afb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575892, "uuid": "fb5f6ab3-1c6d-441b-a8d3-542eaf92d42d", "value": "Transport Plan.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5386af45-c977-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679574985, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574985, "uuid": "0c3c11a9-ebf5-4785-9f10-bafad6ae080d", "comment": "Malware payload (Formbook)", "value": "7ecfb4ccadad061a94cbf6f70889ea80", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574985, "uuid": "16489ed2-c587-4b48-a2c3-1892331d9558", "comment": "Malware payload (Formbook)", "value": "a17cbe71dd33607776d5b1d80d7b83e0d2939ba2a5f1f8ae380c022eca7a5d96", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574985, "uuid": "777d0b98-a4b8-48d0-b2f0-5ea2a38826f2", "comment": "Malware payload (Formbook)", "value": "a9616ce80fe3d26cd6f9f594cf6fc5dc1f3d8afe", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574985, "uuid": "ca11a8d7-da09-49b5-8826-965a465c3cca", "comment": "Malware payload (Formbook)", "value": "2fd75fd9947ce6b3271bc319e918c3b2ffeafe64007cec2c49365458f4ab735767d842eb712b5b80698d1032ccab18cd", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574985, "uuid": "565be8df-6806-4004-8a33-1b8a2d985b7d", "value": "T143F43384472EB530E62E885E572A94F281F19B41D90B5D3DE777EF4AEEF4380208CB65", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574985, "uuid": "096ee9c4-2a1e-4359-973a-32527a9d0632", "value": "12288:QH0JCHp7Ku1f7qahjRgoMPaQJVf0rarheziCZM4xih4qvkmRGzE/2ZbfQgS:QUJCHp7ZZRmr0sNhXcmwC2RS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679574985, "uuid": "746cfb30-73ba-4cc7-8f39-d2d7281f4210", "value": 743554, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679574985, "uuid": "7d2d80ae-645d-4626-8631-564becd8db68", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574985, "uuid": "86ce493d-3bb7-46f3-9530-1c1ae2a262a6", "value": "Shipment_notification.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0aa8b5b9-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679583023, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583023, "uuid": "c58bb42a-7003-49f4-a7f5-5f74b7aad663", "comment": "Malware payload (SnakeKeylogger)", "value": "518e41c69dec599380cccb991d047e16", "object_relation": "md5", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583023, "uuid": "28114526-3b12-41e4-adad-deec0950e246", "comment": "Malware payload (SnakeKeylogger)", "value": "a26cf1908d8e2e9ab6e9b3fdf31d6cb5d58d7035374cd513b459a1541cc2fc79", "object_relation": "sha256", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583023, "uuid": "f7d4e5a2-0b06-4eb9-bd55-765044157b61", "comment": "Malware payload (SnakeKeylogger)", "value": "5b061c85b3c5be0079bdc830389f197c059e6f44", "object_relation": "sha1", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583023, "uuid": "048d7ff2-3f2a-4c4a-891d-9a6bdf2d4405", "comment": "Malware payload (SnakeKeylogger)", "value": "03bcb4e68e5cff70c30254e463c750447677d0c54a9b274d3042ecf9d6894b835a591527852a90cd0731e70be80c2f11", "object_relation": "sha3-384", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583023, "uuid": "6bf0064e-b94b-4f41-884c-f3080ab85eec", "value": "T186652351BDD78B43CA9AA7389DC3D22762BAFC057AA6C1077208731D9932EF18E4531D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583023, "uuid": "b9fa0e0c-1854-4970-9dcc-82c65ca8db5e", "value": "24576:w+3bqIKPsoGRwGtt6EaSE8hpaMNzl8raUtGCn113q49zuCr2+zm/E0IEWQNLGBuu:DrtKjG/n6Ead9MNzlMRtGCn113q496CJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583023, "uuid": "664b349e-c940-400e-bcd7-0cee41f6d0aa", "value": 1534464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583023, "uuid": "f31f63cb-0f9a-4f78-9d84-3ecda0ca6266", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583023, "uuid": "8cb3a38d-8eda-40e6-99f1-d0ee01bb895d", "value": "SHIPPING DOCUMENTS.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9bdf23a1-c98f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Guildma)", "timestamp": 1679585415, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585415, "uuid": "f74943f6-5ac9-4aa2-848b-ce40bc9a96d8", "comment": "Malware payload (Guildma)", "value": "8155fab6017bfc7830d44063bf1aabf4", "object_relation": "md5", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585415, "uuid": "d19d5ffb-3f8c-43dc-b398-08b9138ccb02", "comment": "Malware payload (Guildma)", "value": "a270f1e32950e88e8cf63758f37646c0df7d7a1e61536e0a225d8b05d630e898", "object_relation": "sha256", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585415, "uuid": "472f4e7b-efcf-42b6-9a53-53e066f63a57", "comment": "Malware payload (Guildma)", "value": "b697d5e14b5779a702f93e8af9fbaab5f13c5746", "object_relation": "sha1", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585415, "uuid": "c06798d1-2016-4cb1-b651-f590ecfed696", "comment": "Malware payload (Guildma)", "value": "51fbcd62ac851e263870b94ba28ea44dd39d8c55207c1baf2b9640ec86443c5818982ffa5685194710d7767b0026a32b", "object_relation": "sha3-384", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585415, "uuid": "ce27014e-b5a2-4a3d-af69-982f009c885d", "value": "T1F8F0F14EF0213EE3D21E02B78E674F22DE08B85B0F0930970A8903844620C44BA2C3B1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585415, "uuid": "d68aae2c-4640-42e7-8e31-67df5214c729", "value": "12:8rflM8OBE6ZGNgk039QjdyLnOmqm7WODFpYqD5qF:8loGNF0NQoLnOJm71Z5qF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679585415, "uuid": "e297e6e9-bc3c-493e-ad62-321045763603", "value": 477, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679585415, "uuid": "5f31e8e6-47ef-4d00-be86-07e1014c8de6", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585415, "uuid": "205bfc37-7773-4c5e-8cdf-3aba49b332af", "value": "Ref_108843474529885_501.31074321.392652.24718.lNk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d15d3bc8-c95f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679564888, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564888, "uuid": "2529053a-ecb8-40d3-8f15-29ed7dc15a34", "comment": "Malware payload (Loki)", "value": "f6222c70dabc04b2c8844ac1ecc26149", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564888, "uuid": "2272f6dc-2a6a-4de7-9808-873cb746534f", "comment": "Malware payload (Loki)", "value": "a337ebc0fdfe20b450c29e924f4be155837f583a7723db928d13d7ef6d280784", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564888, "uuid": "39539bc1-6f64-4119-a975-bd65511ad631", "comment": "Malware payload (Loki)", "value": "b8d7fb01520925729833cb6f6873c283c16c8679", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564888, "uuid": "41a739e0-a111-42f8-8368-fe4b17f77512", "comment": "Malware payload (Loki)", "value": "acd196a8c6ff7a1249b5f3d7edf252c0448296aa786b84684568d0c72ebfa727b66fff3a30774ab651ec7e6ebfabfd16", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564888, "uuid": "d613d116-5f5f-4334-8cfb-0aeafcb54250", "value": "T17C0502127BA69B42D1FC97FC14E2918063B67FA92322EB4C1FC730CE1977B549652983", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564888, "uuid": "6c76f9d3-5816-4ae4-a083-cc6e661c9654", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564888, "uuid": "eb912c4b-22d8-45b8-97fa-05940271ff80", "value": "12288:1wwJU0zl06/TgTU4AKNRpjgNT8rgv7jFLXEV9H2gGuHDTqAfoPBgWuedqYE:Dl06MFnnjglZjjFYX7HnqAfoPXueg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564888, "uuid": "5e83666b-c122-4333-aba2-3aec56564af4", "value": 858112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564888, "uuid": "5cb7caa7-83b4-4d4f-9895-693d5138ac40", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564888, "uuid": "bead0a1a-5d4f-41be-aca4-3b7d5463a13f", "value": "f6222c70dabc04b2c8844ac1ecc26149.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01f0c129-c9d5-11ed-88f6-42010a9c006e", "comment": "Malware payload (Fabookie)", "timestamp": 1679615221, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679615221, "uuid": "d7d2da7b-9807-4b0e-97a9-5eb055e3f74b", "comment": "Malware payload (Fabookie)", "value": "552dd6e64192dcb4ed10867479c3db97", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679615221, "uuid": "ca9690e7-a4c2-4e52-979a-6b5facb4c06b", "comment": "Malware payload (Fabookie)", "value": "a363591bf9d7029ab1cb4b94dae5f0ece741843e347761cfe74adf8a0f510942", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679615221, "uuid": "9262f9b0-b111-4436-b3e1-fe0a07094753", "comment": "Malware payload (Fabookie)", "value": "cfaeebe51c6e3d00bb12e99bff2dca4c6f08f21c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679615221, "uuid": "c1fac1ec-77f1-4679-aa7c-031394afa10d", "comment": "Malware payload (Fabookie)", "value": "98534d02c2a85c3e0c96dbf307592662458369ed070bebe47e7525df6e965e444737f7674436a3275c04143d4b3e5a88", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679615221, "uuid": "700fc6d3-2e07-406f-8d41-c8911b84f847", "value": "T1FED4DF81B39095D9C4B88430C693CA71CA317C64DB28569BB7D4BB6F2F32AF1653731A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679615221, "uuid": "1530664b-af29-4010-bd69-721464bc7506", "value": "4673ad56625d375f2efee239af061364", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679615221, "uuid": "393b0cb7-3a82-44de-8d69-f1774613a112", "value": "12288:G72WPC/jdAx8Xr3lRkRc4YFwjsWOfRg6gtPbcTTn7qxerx7:qPC/ZSWr3/kRc4l6g6gtPbcHn7q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679615221, "uuid": "0c6670df-ae3f-42d6-8705-fa33c1bd61ad", "value": 606208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679615221, "uuid": "2efe28ba-a679-4c63-8c2b-02aee2c9caff", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679615221, "uuid": "cc3a1dca-4464-4c14-8508-175ae407a491", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cdf03ebe-c924-11ed-88f6-42010a9c006e", "comment": "Malware payload (Fabookie)", "timestamp": 1679539542, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679539542, "uuid": "30b6f130-5929-4da7-be1f-66cac2ea45a7", "comment": "Malware payload (Fabookie)", "value": "874df3f369b610ebf912b351207c089e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679539542, "uuid": "762bff9b-a40b-460a-bbbb-07fe064c71e5", "comment": "Malware payload (Fabookie)", "value": "a3e36408cb0b66fdf932ea56d25a99dce4b0c7b64effe511d99d7b5d11cb3fc9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679539542, "uuid": "c089a4c1-5d2a-4541-b35a-dd7bb67207aa", "comment": "Malware payload (Fabookie)", "value": "8902b1902cc200460c6b073113ae401d8865e88e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679539542, "uuid": "25d7c572-7234-4438-ba22-2761aa93e8e6", "comment": "Malware payload (Fabookie)", "value": "c0b4e637588bb22bf5a1919b6f3ebd5f8841ee0a56249487755ce36ec114282eb39e765534d885dcbf52369fa788ce8d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679539542, "uuid": "eb8385d5-0bca-4dee-a6ed-eb22a07643c6", "value": "T15E156C5EB66C00E9D0B7C179D5439A03E6B6740B03B15EEB139147A63F276D88F3AB12", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679539542, "uuid": "43b57e3c-9dad-4a1a-aee4-441d8f96676a", "value": "ca4024c0e7ca045d1b257058baf9658b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679539542, "uuid": "0639ba0d-d706-4b81-bc41-7e472472ae61", "value": "24576:6yE8JiMHd/BieyIMZR9ejI21FiWOnoxkNMu4dXxbfat6Z:kCiMHtBiez+Rb21FiWOnoxkNMu4dX9aE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679539542, "uuid": "0634cea0-c9b7-4c6e-85d7-96909086d341", "value": 886784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679539542, "uuid": "8c438475-86a5-4358-86b3-63dabfe829cf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679539542, "uuid": "905f016c-93b9-4094-b121-94ac0ec0efe7", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b5420f7-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload (AsyncRAT)", "timestamp": 1679564342, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564342, "uuid": "06079b77-cddf-4b9d-bba8-dca375227cab", "comment": "Malware payload (AsyncRAT)", "value": "5cb296788614c0cbd3c912d8d2fdca36", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564342, "uuid": "720e8ac6-e23a-4746-a3fa-ab576d9cdcae", "comment": "Malware payload (AsyncRAT)", "value": "a68850f869d5a33aeedeb894e6ab9c743d35be9da971dea04361664fc00cca18", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564342, "uuid": "ebd7a6cf-7bf8-46ee-8faf-bf97b48771f4", "comment": "Malware payload (AsyncRAT)", "value": "ff9d0762b965ac37faa9f4c3cf9faaa0d1ec57ae", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564342, "uuid": "204e1921-399e-4a37-80f1-81142391c51a", "comment": "Malware payload (AsyncRAT)", "value": "1d988367c1f161f4c4ad8f6e0ac394379dfb9f9bc6e06c15590a42a92df514f4ddcac269f73ccebdca6ffd656ffe69fe", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564342, "uuid": "9638a148-6e17-4bbd-b34d-068c9988e7dc", "value": "T1E2050242F6D688B1E63319365D36BB11697D7D300E30CB1FA3C47969CA31182B636BA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564342, "uuid": "c9e4500e-15ae-4f80-8a5d-999a1d605c8a", "value": "00be6e6c4f9e287672c8301b72bdabf3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564342, "uuid": "5947edc2-fb28-4c6b-b77f-d08548704756", "value": "24576:wNA3R5drX2D7hXzwX4acpkEFhVesL0P6NuxLHb:p5ETpLA6NcLHb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564342, "uuid": "95a56e92-2a22-4eae-82a5-d979ed270b7d", "value": 834332, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564342, "uuid": "1e5266b5-96b1-4d8b-b3e5-9d1fcd067ef0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564342, "uuid": "69fc6f26-a830-4f3c-a9dc-75763b13beaa", "value": "Odeme22323.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7c9743c-c942-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679552471, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552471, "uuid": "da6f4dc8-1ef1-41e0-8d24-0796bbddc6de", "comment": "Malware payload (Heodo)", "value": "76a5f8d3bcbbff4ede15f571102eb574", "object_relation": "md5", "Tag": [ { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552471, "uuid": "77816abd-89c6-4107-b08a-848d01a236c1", "comment": "Malware payload (Heodo)", "value": "a8972c55eec9d765710b124218375b38178533f09122b6d0a4f66a8216e77496", "object_relation": "sha256", "Tag": [ { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552471, "uuid": "509120c5-100f-4cf7-a1ed-414a2b40deaa", "comment": "Malware payload (Heodo)", "value": "5b70415045ab0c1ae2dc446258064cd3af66c109", "object_relation": "sha1", "Tag": [ { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552471, "uuid": "ee5dfd6e-73b1-4c49-8dc3-08b64ed8be1e", "comment": "Malware payload (Heodo)", "value": "31b9ca366f6457e1a979c5b103e378caba25854b7c545c161349385e8229b1c1ec0ed700d7ffad5f020968928ccc16b4", "object_relation": "sha3-384", "Tag": [ { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552471, "uuid": "523c1ee2-4292-4f15-9e95-0d2650ff6b1a", "value": "T1B944F9CA6B97548CC060A3FE300476E6433947E3E970ED34E4959C2E8D66F8E61F4A9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552471, "uuid": "35faa38c-7881-41b5-bb51-82c525dee955", "value": "3072:kNjcvQx377FjDDRX4UzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaW:kmvQp1DRXKXm5ZGa3vRXm5ZGa3vuV5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679552471, "uuid": "0c3bdf45-1007-4be8-8094-a4e737ae0508", "value": 268308, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679552471, "uuid": "3a38443f-8b9c-49a4-a445-d7e030bbed3c", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552471, "uuid": "683923b0-89a5-4d97-93b4-e3f329758f0e", "value": "0983020671913586.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "543655bd-c990-11ed-88f6-42010a9c006e", "comment": "Malware payload (NanoCore)", "timestamp": 1679585724, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585724, "uuid": "f1b7e54e-7dc1-4c6d-a341-22394177eb58", "comment": "Malware payload (NanoCore)", "value": "1017fcdd21ff4ee2a5ac3d90b680d2fe", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585724, "uuid": "1832c6ca-1727-44bd-bba4-89082033341b", "comment": "Malware payload (NanoCore)", "value": "a898127d2c98fda1751d317cdf3a1d85f79de8fe762edb2415ec04e7c1c53a6f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585724, "uuid": "2e852bae-6502-4061-926d-39d61e58de5d", "comment": "Malware payload (NanoCore)", "value": "b9e040314eb74c24ad9f42ce37032ad238a37649", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585724, "uuid": "c0301929-0702-4c3b-a611-a81a4866ee3b", "comment": "Malware payload (NanoCore)", "value": "8eb5b6c38bc01caacf1dd018f0b4be5c1ca08ebe4ca24e89e52d6c20158209c7a5678c6f512d837bbd092b587177500f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585724, "uuid": "73a031ee-3d67-4e13-a34d-6bbcdc44d8df", "value": "T1ACD4F112BBC194B2C0B22E765636B7249A7877615F74CECF53C4096DDE21EC0EA353A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585724, "uuid": "06a6432e-f15e-4f73-a1a1-ec63e27f6b79", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585724, "uuid": "574a96cd-59d3-41a9-9b11-403b01ff5ad1", "value": "12288:pToPWBv/cpGrU3yJDwlNm2n+d6twT2/FRXJbIMp8NDSjt/:pTbBv5rUGGm5UtwT29EMp8J+/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679585724, "uuid": "58ee5f4a-1f59-4306-9695-0218c8e15c44", "value": 642348, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679585724, "uuid": "29256f97-fc18-4c50-b78e-a7c1aaa8e9c9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585724, "uuid": "27f3dad1-571c-402f-8bf6-4e6a0c73e2a8", "value": "1017fcdd21ff4ee2a5ac3d90b680d2fe.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d897e2f-c9b0-11ed-88f6-42010a9c006e", "comment": "Malware payload (Guildma)", "timestamp": 1679599376, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679599376, "uuid": "0ee81cfe-a92c-4459-80da-fa9e325848aa", "comment": "Malware payload (Guildma)", "value": "b5494bc002197a7f0ea4ff367e86b8f3", "object_relation": "md5", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679599376, "uuid": "d20ff8db-252c-44b4-8d01-d3baa4e059f5", "comment": "Malware payload (Guildma)", "value": "aa6b4d031de1273f09b83fc4b37dc01dea306ef75cfde34585e1d1f2cea1fa5b", "object_relation": "sha256", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679599376, "uuid": "6a472732-75db-491b-b4f9-c912296da823", "comment": "Malware payload (Guildma)", "value": "42f5d4bf000c55d438e336353d27ed29a9edad9d", "object_relation": "sha1", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679599376, "uuid": "ce0a28ed-6b37-4f6d-9866-1110a6e2a8a0", "comment": "Malware payload (Guildma)", "value": "b3dce0c9cfeef23d075f265fe848706e47f65938de1cf5f1b93e47548c957931bdaebdcf0c52801743d03f0c71079c32", "object_relation": "sha3-384", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679599376, "uuid": "74ffbe2c-a051-4ee8-bd9a-161c001a0acf", "value": "T121F0F14AB0603D71C848123DCA9F9F431DDD74020F6158072BCF1256C070E8CBA0D551", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679599376, "uuid": "debd30d1-1908-4805-b42c-94669d850661", "value": "12:8rflM8OBE6ZGFgkrnSBpjdjML0AOmqrLm7VGrbvIYj1pznYH:8loGFFrSWLDOjLm7kIYvYH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679599376, "uuid": "f67bc2a8-d709-4645-ac78-178e99014873", "value": 485, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679599376, "uuid": "4a407514-274a-4117-9e58-d4106cf4225c", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679599376, "uuid": "c3899b10-1e5e-4247-9ce5-18a730ea3511", "value": "ArquivoXMLNFSe66444742_501.69308317.035207.41751.lNk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11f722c2-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679583036, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583036, "uuid": "e1a50a8c-6b3b-4218-a424-e883d8292a42", "comment": "Malware payload (Formbook)", "value": "3807b929d4fdccbb0c863c2f5ebc625c", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583036, "uuid": "9c58a296-30c6-4f9f-ae16-9376de63b725", "comment": "Malware payload (Formbook)", "value": "ad00bf202413a51629e0bf7e0b4d48cdf6a59004dee2cad317d1f01526c5f712", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583036, "uuid": "6f6e7860-14ed-47ab-82fa-5c11a6bd6e22", "comment": "Malware payload (Formbook)", "value": "90b03cf0c970b507be7239957754626cc0418122", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583036, "uuid": "e15767f2-899c-4feb-bfcf-b711f9c54b00", "comment": "Malware payload (Formbook)", "value": "c7ab019bc46587f80c5fcdfaa7c20cc36900b0e7cdf8662e7ab194b360895dfcf94825965b895893c8ba0cca61770508", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583036, "uuid": "b74954ac-1435-4023-a001-b00a79f1b2fd", "value": "T109351213E6C48D06C54247F56BE379A8231EBC623BC6A2C72748770F6F78AF4461761A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583036, "uuid": "de2cf52e-8661-484b-8af3-ef823507ed5f", "value": "24576:hLKwWQmmav30xH+MXU6dN+MXUw3bV++MXU23bV0OWUSngfeTw:hLKFQmmQ30t+MXH+MXL3bV++MXl3bVF+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583036, "uuid": "17aa1ce3-23f4-4c33-9c68-0960784a6ed2", "value": 1157120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583036, "uuid": "28a381e3-644a-479b-8f18-a006c69d92a7", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583036, "uuid": "6b5fd6e6-85f3-4804-b33b-e291093b93c4", "value": "Our order 230310-03SNTEK-JJWP.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "900507f5-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679564349, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564349, "uuid": "2a6d3792-f35a-4937-a865-869173a04ba9", "comment": "Malware payload (Heodo)", "value": "819b801e1528c781587ff9ca632b58a6", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564349, "uuid": "b0ef9d31-28ba-441c-9ffe-9532d5652115", "comment": "Malware payload (Heodo)", "value": "ad0f6b7ecd270aefde6ad807274e1d2e567d86eac4bea3726faa25cbd2e7f10c", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564349, "uuid": "fe77484d-c6d8-4ea6-a702-4c0a2814729e", "comment": "Malware payload (Heodo)", "value": "f1c4e4c2f27075e500693a208c5ed32ce20f056f", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564349, "uuid": "af935555-5a12-483a-bcfc-412d36117ba0", "comment": "Malware payload (Heodo)", "value": "a92e09a4ec088ffdd668ca76906a7a33a2463704fdffe4bf29a9add1d391dc7e34ad4746ed022926c19e7702c3103e33", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564349, "uuid": "23163393-f628-49ec-a7e9-3576f5f74459", "value": "T11544F98C7BCA5ECDC224F379794BC8C5456C46B2CAF1196CAD8ACC158DA339D87E908D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564349, "uuid": "f37b3b9b-4a9f-46b2-8173-78a984c21388", "value": "3072:xXzeHrBwsHzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaBtuXq:FeHrBwsYXm5ZGa3vRXm5ZGa3vv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564349, "uuid": "39bd2b3f-dbef-44e1-b1d8-bccfd2d79f53", "value": 268004, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564349, "uuid": "4489ddb5-fdd7-48c3-941a-e97b9f563b08", "value": "application/x-tar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564349, "uuid": "1e4dbc4e-9ddc-4627-8d8b-129112e2d47b", "value": "ommegaonline.org_2.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c76f1bae-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679583340, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583340, "uuid": "0469dba2-455a-4d1e-af5b-22262b89150f", "comment": "Malware payload (Loki)", "value": "995da8fb50408f1c09b6b9929f3cad3a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583340, "uuid": "490f242e-4f53-4397-ac0a-b7125e1d094f", "comment": "Malware payload (Loki)", "value": "ad2f8e24ee2aae18fc8c64b281fc251801a945afc8ba9c5c9985918302b1881a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583340, "uuid": "1ea01e36-8ffd-4744-abbc-88860c8db036", "comment": "Malware payload (Loki)", "value": "b0975f37d77e71eea287848a769b9dcb8334625a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583340, "uuid": "a2877702-0af5-4ddd-8fd5-e684a09cbc02", "comment": "Malware payload (Loki)", "value": "76a7329ac367c5dba1682dd0b8662c897963796dddc22f245cc932923cdc80371256618d4ee515217564224d7f84c571", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583340, "uuid": "7fecc816-d749-4173-af57-a1a5115550f0", "value": "T1B444126C7BE1C677FDA2A7358C7947353BB99E1620855B4F5B801F4CB831282E60E712", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583340, "uuid": "a3791f0a-1ac7-49ec-b7ed-a11f683a281e", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583340, "uuid": "b13ec30b-5244-47d7-9959-006a5b83e608", "value": "6144:/Ya6aYQxWSdSkfKtl7MoATuuFPhGD9j+J97MVtPXpWc:/YUV7Stt1MoApPhGD9jbVtPj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583340, "uuid": "02ad00fc-778e-4734-bd9e-ccdcb59488c3", "value": 257317, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583340, "uuid": "20d5f171-04ca-4e1c-b303-c7743d752e8a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583340, "uuid": "571dbf0d-3ab5-47e2-a9e9-1fc77bc0ec24", "value": "995da8fb50408f1c09b6b9929f3cad3a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18e5d446-c994-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679587342, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587342, "uuid": "58d8b68f-415b-4a9a-a2c3-1e0545fc2946", "comment": "Malware payload (RedLineStealer)", "value": "06be538d980890259f83cc616d397bf4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587342, "uuid": "2d7e79e1-8079-48ea-9c1a-8c18c3122264", "comment": "Malware payload (RedLineStealer)", "value": "ad4227d7167e62d588b09e1f04043088d048c81364534491945fd54b0fb58ad7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587342, "uuid": "d0618d30-caf0-45d9-9408-08c4879c6365", "comment": "Malware payload (RedLineStealer)", "value": "083875c97333f278823d3c938d743347c2243357", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679587342, "uuid": "f70c4f79-b806-471d-8090-18cf1d06edab", "comment": "Malware payload (RedLineStealer)", "value": "4e72972c66e5d8b6c28578f9282a7a272c6faea20fadb9da45c9dbcc61424a632076ebdcc190fcd72bf7380283dd81fd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587342, "uuid": "5d90943c-c215-4110-a928-8d9e80e6919b", "value": "T18664F1223A90D032E4C7A5744574CFA15A7EB472A7B4918BB3A52F7C9E207E1F63434B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587342, "uuid": "300a7765-b16e-480a-82c7-a668de595ab8", "value": "8d9508e89d467f2b8f17cb75c34b216a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587342, "uuid": "cb0c56b6-f63e-4a79-8e7c-b88a0f4cf177", "value": "3072:v/niGY8XLzFt23TNvXTu56ytWbr1ipANfZQl0q9Uvzfb8eXUjL0B0TtNbVG5ZrkK:328XLptAR/TYmBiWJ3OUjuLbQZ4u6SP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679587342, "uuid": "8bfc4a65-a19c-4722-bd95-36d5bcf18519", "value": 318464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679587342, "uuid": "5ea347b9-1f2f-4ae2-b8b7-ea4fe7130608", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679587342, "uuid": "ae371520-4082-401d-8558-1896af61bab6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a1b12e59-c95c-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679563520, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679563520, "uuid": "c2c3a36f-9d2d-4875-b937-b530ded3f3ef", "comment": "Malware payload (SnakeKeylogger)", "value": "8301d3d1a602b5aa7e72a57fb20d1a57", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679563520, "uuid": "aa0cceea-0b5f-47de-ad8b-0cb443326475", "comment": "Malware payload (SnakeKeylogger)", "value": "ad58ce24f9e160b6ace93452b01909c30d77643dfd8445ef27d8862442455b03", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679563520, "uuid": "3e99b5aa-513a-40cd-8ad6-ff0f9774e990", "comment": "Malware payload (SnakeKeylogger)", "value": "0196e13d7e1ff5d71c994a70bc4585af52d890a0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679563520, "uuid": "cdc561ff-33d4-41a2-88bc-376410228e9e", "comment": "Malware payload (SnakeKeylogger)", "value": "278b9b6ef50c93f05e35f0846f6ecb49be8a67aaf257c623dc7ce43619e9f4fd349d89e5c0aa76deac588c41c3d9e3aa", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679563520, "uuid": "373bc2af-21b9-4c44-9497-407cbfe2bf49", "value": "T1F6154B41EFAA1560F01144BA216B7D1FCD51A88E98EDFB6E190FEF31F5E221D1D82E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679563520, "uuid": "df9c9344-6c50-4b18-a9dc-a76384ffe5a8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679563520, "uuid": "ca1f7956-ac2f-4a47-876e-ce88fcefa325", "value": "12288:OQCP4MZ1sTrbQWyQtI1op/5yKeCxXCZJjc2ydiMq3xoVbEAvxiLATAGn3WtNmBNG:OQCgMXs/bHy7U/MDCFSo2bMaxoVbr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679563520, "uuid": "735d1bd8-0fc3-4184-a43d-25fc10de5b1a", "value": 922624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679563520, "uuid": "9030b091-c662-4fce-ba8d-1cef3b2f350a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679563520, "uuid": "934ad559-af0f-46e4-ad57-b22d074bcdb4", "value": "8301d3d1a602b5aa7e72a57fb20d1a57", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3bb3d02-c97a-11ed-88f6-42010a9c006e", "comment": "Malware payload (LummaStealer)", "timestamp": 1679576543, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576543, "uuid": "520d4557-ff82-4d89-90fe-0bbb0c06ccc0", "comment": "Malware payload (LummaStealer)", "value": "ffc87cf5de85e0a6a3941bc91780d928", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576543, "uuid": "1fe79880-edbe-441e-8fc5-8a9ccdd19b5a", "comment": "Malware payload (LummaStealer)", "value": "adfb9a94a162120159f2b496ff473ee14024f24192cc13cf9f829bbae6c4023c", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576543, "uuid": "3e3c034e-3f98-42c3-90c8-9273f6375486", "comment": "Malware payload (LummaStealer)", "value": "6029ea950091d269d9626343a8defefd1b6c5c1c", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576543, "uuid": "384173de-8f49-4eef-b679-bbc0908ca406", "comment": "Malware payload (LummaStealer)", "value": "98114a1e0a556dd4b535396c74153f6cf2e30a669594d9b64b27ada1a34a2b2eb7bcba3c73f969b1e94d983a27b07976", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576543, "uuid": "b773099e-e9bf-4fa3-97f0-e9b7c356d9f3", "value": "T12A95EF37695AC997C11BD371B3839124222DBEC51B279D076AF63387FA2039E3E4C265", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576543, "uuid": "41515d3a-a5ee-458a-818f-ca878f8f503e", "value": "49152:XKcEqlms7r6WKt3iS/rmEPM/u0iEV9IHuxJxruCD:66lms3a3iS/rmOMVVqHuvYCD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576543, "uuid": "3458680b-5e22-4d39-91b8-89abb1cc6ef8", "value": 2009088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576543, "uuid": "6e087949-2535-4e68-b7fe-1a8b07dc82f8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576543, "uuid": "a17ff8b4-c1e6-43f3-917d-e1ac76087132", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c837791-c98b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679583483, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583483, "uuid": "944a3d62-1d6e-4b1a-b82e-800930ac76fc", "comment": "Malware payload (Mirai)", "value": "7032a5afcdc4987da2dded72836370a9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583483, "uuid": "828dcbff-335e-41c2-b282-7acbccfb5a2c", "comment": "Malware payload (Mirai)", "value": "ae225854416607f1b62e673e1f4c4f0fde36a4d4bd7ac468e2dedffad2002d04", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583483, "uuid": "85db2e1f-f7f2-4e94-b74a-2b6e6faf0a9d", "comment": "Malware payload (Mirai)", "value": "291f707adbbfd0dba9d063fd64507b300198dd5b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583483, "uuid": "394dc991-cb06-4ac2-842f-7090c019174d", "comment": "Malware payload (Mirai)", "value": "fbba11f57cd97ccfcba9746e48710cb066b3024454bd3787c78fc4ec52f217ab5d604667ccda96e21a40db57591f4495", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583483, "uuid": "ab769913-015e-4492-b50d-ca694f38a8ae", "value": "T193534B02B31C0A07D1A31AB0253F5BD197BBEAD022F4F684751F979A96B5E361182FCD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583483, "uuid": "ed276280-4cad-47e3-b49d-c9975b5adf2e", "value": "768:qkaZjEoakZNRGHRnDmX7Xm+t/MyV8SpXCpEM42/J9KCrMvuBxANUr6FV+tMiwW3N:MvolWm+l1pXgdxKCAWBxANee++bW3fF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583483, "uuid": "d8bcd711-4f80-42f2-b611-c9a694ebc6b6", "value": 62988, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583483, "uuid": "54c4f569-d3a1-47de-9de3-eec35593ac8b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583483, "uuid": "4361d379-9ef1-4130-80bc-ba75ae3c8a77", "value": "7032a5afcdc4987da2dded72836370a9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42421125-c988-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679582258, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582258, "uuid": "17b14874-5936-468c-b861-60a087789e37", "comment": "Malware payload", "value": "7a40c59bcf3c260585a1746355cb7062", "object_relation": "md5", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582258, "uuid": "0b924ac8-5a82-4d9c-ba2b-8029bf5ad2f7", "comment": "Malware payload", "value": "aea4d741f1261a1e4a4048196e2787252b53e519a1e36b350672d0c00776043f", "object_relation": "sha256", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582258, "uuid": "b5219667-e442-47f2-a7ea-63f2981f3d63", "comment": "Malware payload", "value": "d719693b3b94b621d4970b3f9335d30fd8ef9c6d", "object_relation": "sha1", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582258, "uuid": "01c35a41-0e98-4150-b898-922921f14a60", "comment": "Malware payload", "value": "e1034a4b0f57f41d96994a339dddbb2531fa477c1902a3d8ba3a2a62c8e2af76e116846121c5a2cc58ab132288d9891c", "object_relation": "sha3-384", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582258, "uuid": "4a00e636-22d4-487c-b708-3be22ea94325", "value": "T19BF07BB254010717C190C1E225D87B2FE5A7A241D04F18BA99CB5B52D86C8F50D89419", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582258, "uuid": "602ec292-5e2e-4572-8c43-72f593835cb3", "value": "12:jZ/I7DpVDecWimtzm+sLRNTNiaBGz7DcAKGSddRoo4D3JQGnURoo4D3JUDEkEFTL:jZ/IJ1rWxkQKyRSdma2/hkryEVy/1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582258, "uuid": "8ef50577-44c3-47ac-8445-027e828733ef", "value": 643, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582258, "uuid": "7e653ea1-547b-413c-becd-4f7865df378d", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582258, "uuid": "3e0aeb3f-b894-48c7-94ac-e356097573f9", "value": "3.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1cb0a2c2-c9ab-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679597227, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597227, "uuid": "41713e87-f994-4451-8eef-160b1227fa2f", "comment": "Malware payload (Gafgyt)", "value": "edf393c39fe8a2125dee426f77384a8e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597227, "uuid": "11acef5a-3d0b-48f6-9836-67536d94660e", "comment": "Malware payload (Gafgyt)", "value": "af21076246e2f0be9f2431a8e23122a9a998168ca08a5d9f5c6ce42d6b69e507", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597227, "uuid": "72fd0091-919e-4a28-bfa9-1bf86ab123f6", "comment": "Malware payload (Gafgyt)", "value": "4d07589209fbe76d6715c65289c8f749237b6d19", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597227, "uuid": "b5c4146c-1c2e-4b63-970d-f49b8f2688c3", "comment": "Malware payload (Gafgyt)", "value": "8168c80f7f87fb26c4227bddae8f64b06a1441a55f7e6259f04595437c81e58c9094b668d570b3a19eaffeefea1cddd3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597227, "uuid": "916fce0e-ec0a-4cd9-88d9-dcc3a3ef0ba5", "value": "T13FB3C517AB618FB7C85FCE3306AA850120CDA55612E97B6FB2B4D92CE74B84F08D3D54", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597227, "uuid": "f34bf1a1-459b-4348-a198-df61f9764aea", "value": "1536:ZLeTikthhSMOCMQS+ZjN4pjuIxreg2ONN2eDo/TUmkiSFxfC7xbXe:ZhHC3S+dUrecNTDiTUmkiSFxfKxbXe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679597227, "uuid": "ee2652ed-61c7-44c0-84ef-5a031d46f949", "value": 113275, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679597227, "uuid": "5c49af5c-b010-4a16-b61b-9552d4a90495", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597227, "uuid": "ef0b62b4-ec2e-4685-bc19-7fb2cdb5b732", "value": "edf393c39fe8a2125dee426f77384a8e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5fbbcdc9-c985-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679581019, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581019, "uuid": "255cf587-6ee6-4a75-b57e-b99847d01809", "comment": "Malware payload (Gozi)", "value": "31d1fb8951cfbd8fc0acab16de97abcd", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581019, "uuid": "ab606918-7013-45fb-9221-394bb46e560d", "comment": "Malware payload (Gozi)", "value": "afcb52953a3cc8356c4ad18044f2ce99eef35efedc9dae62a8c8c3190ef66c9e", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581019, "uuid": "d9b1cbbe-5428-4688-99ab-eca7617fa21b", "comment": "Malware payload (Gozi)", "value": "a0339f7fd48a8f4d2524a1ca1f456fd78c20dd7e", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581019, "uuid": "60f1cc99-ea88-4f87-babc-8836eff174f4", "comment": "Malware payload (Gozi)", "value": "5d1874343580f69929040365b41c36ab96db761682d68ae3bc0ae27fa2d2fab614f2e9baf34eb4aff14f2784104a4add", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581019, "uuid": "6e67fa2c-dadf-44d8-85dd-a9298b9ba13a", "value": "T1B941EA84DA15611AFF53B732C4940A96D408B670780314BE625EF001655B3E62C57F9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581019, "uuid": "b9d06776-4236-4751-933f-3ee15c6c42c1", "value": "48:9nKvwc4Uk9P1Co9bAGe+a4i8alEV2jnul:UC/99X9b1e2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679581019, "uuid": "3628525c-0509-4a14-9c94-d1922e8c8509", "value": 1949, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679581019, "uuid": "2ac6d50a-886a-4e66-a0db-928daaa07a53", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581019, "uuid": "a35e444a-3972-42b0-b448-da35978ce31c", "value": "Fattura 2203-23_012(2).zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "628dc191-c9ba-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679603787, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603787, "uuid": "feb3a75f-12eb-412f-8e0d-d7ce5317f73a", "comment": "Malware payload (Mirai)", "value": "659ff4cb401fe1d1e528510864d59ed9", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603787, "uuid": "159fa4fe-3772-4e75-bcf9-85b997817a48", "comment": "Malware payload (Mirai)", "value": "b0066d04f322f53115c4f0834e1d330b979526c2bd3455386d43c0439a1c2f3d", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603787, "uuid": "eb5976ad-804a-433f-a659-a02b8c1dcb75", "comment": "Malware payload (Mirai)", "value": "ad0c84fd7e252da3a2b234aa44f1e1c4628a698f", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603787, "uuid": "77168256-b2ee-4ca4-9766-7ecc9a605ac4", "comment": "Malware payload (Mirai)", "value": "06859e142bd6f5ec4e517d50782a59dc5e565acf45b36b7aa5ee01a3f0d657c50955c40ffec4cee21da0cbe87d510d37", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603787, "uuid": "78da36b5-575b-4854-8d0e-45afd00ed378", "value": "T157534B31BA761D2BC0C5947A21F74B25F5F683CA21E88A1E3DB10E9DBF61A406153EF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603787, "uuid": "d1160ebd-a758-4378-b72f-3138927e91b2", "value": "768:HRonHvXXf+sfZBIEiSvvx/1Qb7IrS9GOO+75VU2U9Y6QD1tww/ZIf/P:HR4PXXf+0BqSvZ/1QAs975GutB/ZCH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679603787, "uuid": "faa95c51-8560-4bc0-87af-c2e99f417214", "value": 65008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679603787, "uuid": "be15b352-7f04-4c74-9ae4-18a427c7bdbd", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603787, "uuid": "4f58beaf-3db6-45f8-9284-433709996829", "value": "nigga.spc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68e89448-c97d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679577598, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577598, "uuid": "c47cd531-9216-43b4-8395-006f4967c6b3", "comment": "Malware payload (Loki)", "value": "db80782fa8f00c408f4f17ecbf5344f1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577598, "uuid": "91481eff-567e-4d0d-831d-880a05dbf95d", "comment": "Malware payload (Loki)", "value": "b078eb9c9dbfecda42635246799bd361b9adf674d9d4df1f30b40cf8f0626764", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577598, "uuid": "180cd980-0f18-480e-958d-7756710fe8c9", "comment": "Malware payload (Loki)", "value": "ba9033f9b1668e19ee936984c1d3aaf4ea60d957", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577598, "uuid": "0b90cac6-d84d-476a-89e4-920d8a715e5c", "comment": "Malware payload (Loki)", "value": "b9c55c71389e1ceab680d7ee045e20de9276687c36cdc7fe31744638a6fbcdba64d96b5b914e590d7ed39585a491668c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577598, "uuid": "d5ed4e00-5fa3-4f6b-a8a9-11cd63c46322", "value": "T108F4DF05FD790973F8EAD7B41461233E03A9BB625066E6898EF968993CCBF5705C021F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577598, "uuid": "12d1baa6-2aed-4fb9-856e-28fa4c3bfbc2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577598, "uuid": "1a496d81-049a-4f52-b770-54d2526e6f99", "value": "12288:N8QdZQUZwdXOUVQEYAftiz6ZRBp1YI4sQfDSxMjWPorQNKAj6KsvzqFS:N8QPQUZGXxVQDzOZRr1YI4jfD/ilNB6M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577598, "uuid": "4ef79d68-08f5-411a-a285-4cc39f662997", "value": 762368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577598, "uuid": "daaefd10-9af3-42a7-92c8-378603b9daa8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577598, "uuid": "90be6496-7477-45e1-be2b-a7dcb9244fab", "value": "kellyzx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd549bbe-c942-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679552426, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552426, "uuid": "e5af1741-e7a8-4f20-9f21-bee33b25c56c", "comment": "Malware payload (Formbook)", "value": "a1a1af51bcab4d2f25637f6aa32ab493", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552426, "uuid": "5e81a72d-af9b-4fcf-b431-08cf0cb2e495", "comment": "Malware payload (Formbook)", "value": "b0e033889328ade7951390d7cf8f4e5558a12aed2d5042596e9f76d3286f5de5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552426, "uuid": "9965f5e8-ee81-4478-b5a8-995892c5a960", "comment": "Malware payload (Formbook)", "value": "70262c310a78905ed17ec15d8c341ffc283fe656", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552426, "uuid": "2368b914-988c-4589-b8be-285c4d78985c", "comment": "Malware payload (Formbook)", "value": "3f3b84782864ff6a6d959876a3debbe28d7407b335dcfa06c06469c2a39e131c02c7cd8bf5054c949aefd3af91aa7601", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552426, "uuid": "6ef5d7d7-67e7-4846-b4e2-e67ceac3c0ac", "value": "T1A244B40776415AA0C3985B72C8E7461403F7EA833B73D64E395A13DA0E563E9BD4A2CF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552426, "uuid": "ce42e1a6-fa9f-47fd-b573-71b02b6c2e6a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552426, "uuid": "4b50c8f2-9924-470d-89b5-211f7ab85e0c", "value": "3072:Zo6L7nfeVjBmaAKuZUl8EZ+ViUfDhttq9WCe+spGQ5Jh1wYFTfQlT4CVEzKLak25:ZH/GVdVfZ+VdDhVCtbsTiFE+nXk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679552426, "uuid": "b9938bee-2e5b-457c-af4b-2f04becc3018", "value": 253952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679552426, "uuid": "52f6a822-4622-4675-94a4-a495220bf20c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552426, "uuid": "985041ce-3781-424b-a517-b947411fe530", "value": "a1a1af51bcab4d2f25637f6aa32ab493", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a025cfd4-c988-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679582415, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582415, "uuid": "4587060b-0ce9-45eb-90db-d4ed2aaaca56", "comment": "Malware payload (Mirai)", "value": "88680ea3bd49fef3fe609e5c9ed627d5", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582415, "uuid": "8cdc36be-360a-40b2-96c0-4ac43d15a3e4", "comment": "Malware payload (Mirai)", "value": "b1746e84c1ad263a41a645e27b96df2930a43e84765f0cac761e20293d3a71a2", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582415, "uuid": "971212f5-6667-4eda-a533-8be7d9bbbcbe", "comment": "Malware payload (Mirai)", "value": "41d7e60d502a6a6aeb5f5fdbfecc68412f04f884", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582415, "uuid": "76fb3535-6da4-4887-b3bf-4c0094957c57", "comment": "Malware payload (Mirai)", "value": "0c42b529575adf79ebce1eefb2f75f809b76034351d156e3012bb8199c39af0e2a38c7fc70cf25f189e2545990d781d0", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582415, "uuid": "1aadfc86-3780-49a9-9d9a-921d17288e21", "value": "T18203E17051F1C91EF45642B30E9B285D0ED0E145F2CC3EE3FAC1B4E6EA62F194E84AA5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582415, "uuid": "65bfd966-e7be-4eef-b528-b87d05d7eee0", "value": "768:3D/4NG2Ak3A/zkvp7/rooPQB7FUPgGXhwKvIa2s8KDSGB3QgA0r7LDSXnbcuyD7A:3D/4O/qXQFFYZXhwKvVTui3g0/HEnouZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582415, "uuid": "72e6c0b8-2fda-449c-9f8b-85b31fa440fc", "value": 40356, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582415, "uuid": "72c29c02-9ccf-475d-bd74-d170412ae907", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582415, "uuid": "6bd4ec5e-fb00-4e41-b5b3-5e630ec823da", "value": "okamiii.1586", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c331d0f8-c94e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679557563, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679557563, "uuid": "223611e9-f525-4798-a9f1-7018833df454", "comment": "Malware payload (Gafgyt)", "value": "2c2f3ede7a522ee1e49c6c50dee8d129", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679557563, "uuid": "b4378958-acf8-4a98-bf3d-0f5c5c13e190", "comment": "Malware payload (Gafgyt)", "value": "b17e1c68fbed576899049f287797b3ea2d65c1261af77fae296dee3e8a9b7cc1", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679557563, "uuid": "83ee5fea-8ec6-49a8-9fd7-21572431656f", "comment": "Malware payload (Gafgyt)", "value": "a564cb8b453419f8b40f514d2ec132744dd6bc81", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679557563, "uuid": "9fb0bf91-ca00-42a1-b66a-7df11c45956e", "comment": "Malware payload (Gafgyt)", "value": "47e4014c175ba1f666e8134bbe269fc35ddb1ba2173152ee8907c4514b10c7007f5b03adfe8be84af9698eed4f36530c", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679557563, "uuid": "4fcee235-9857-4c7a-b13d-544240272cff", "value": "T188A34B17A613DA7AC08352F016DB9A219C23B5BD1B32321773D4ADF1AF215D53E6BB80", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679557563, "uuid": "459e4d41-727f-4637-98a8-6aae869e3474", "value": "3072:KVfYvEXjXz/ChD1kZHZfphas1Yg9luJXuFJZiqX:gXf/C7uphasOg9luJXuFJZiqX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679557563, "uuid": "f8ea122a-18bd-494b-b63e-01ca173d267c", "value": 104970, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679557563, "uuid": "bf1819c6-08d0-4241-afd2-c0e4c342eac3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679557563, "uuid": "bb98fac8-b627-42e3-9b1c-322ae693d63c", "value": "2c2f3ede7a522ee1e49c6c50dee8d129", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed3016e5-c942-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679552480, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552480, "uuid": "42daa4ce-ed28-49e8-8d00-b9e53c673e13", "comment": "Malware payload (Formbook)", "value": "906ba8b0f4361a3935005c60f0f66822", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552480, "uuid": "d16105f5-9b78-4be6-bb82-c52d2f1cf090", "comment": "Malware payload (Formbook)", "value": "b1aef9e39277be61bb04e4f83d4a4abae685718718b898819a8dad041ae259cb", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552480, "uuid": "d7d040b3-2d26-405a-89c4-68043957ab5b", "comment": "Malware payload (Formbook)", "value": "2d94bbc87882446d78bc5f35c6e95e8b47895278", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552480, "uuid": "6f6456f0-ebc9-4150-a496-8d89c6d63398", "comment": "Malware payload (Formbook)", "value": "993017bbd30ab122ae1eb4790abf2266c362594ff62c4444d953601be62cd5055f39e2afedbb1f5f56055b69e7da317b", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552480, "uuid": "1ad5b854-9c38-4444-880d-b9219b62ad30", "value": "T1A3450213F9C48D46D44247F92BE37989232EBC622BD5A2C72358B70F5F78AE4864711E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552480, "uuid": "42819e1b-f444-4662-896e-7dd94a871602", "value": "24576:QLKQWQmmav30xn+MXUu9/Ak+MXUu9L3bVs+MXUu9c3bVoaYSea/bU3exft:QLKlQmmQ301+MXV9R+MXV9L3bVs+MXVE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679552480, "uuid": "75e75196-8432-4cf1-9152-18d9173c1cf3", "value": 1164288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679552480, "uuid": "072ef3d1-7ce3-4840-9006-429fa6e7add1", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552480, "uuid": "d72eef0c-3013-41c8-8b98-52f0694998f2", "value": "products description 23.3.2023.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e70ee71d-c970-11ed-88f6-42010a9c006e", "comment": "Malware payload (AsyncRAT)", "timestamp": 1679572226, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679572226, "uuid": "3e065c85-bd72-43fb-8110-dfbb00371a29", "comment": "Malware payload (AsyncRAT)", "value": "8441ddb18dfbc80ddc5e814f2566ab54", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679572226, "uuid": "7a1c1c8a-50aa-43df-b327-b48cabd95a73", "comment": "Malware payload (AsyncRAT)", "value": "b32c3079004939613c101ecc860fa21101596f0c81ea0580882576293c63b31f", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679572226, "uuid": "a7103b9b-079b-457c-b483-4621eb21daad", "comment": "Malware payload (AsyncRAT)", "value": "e961dae02d49c649389241bb0043b9eb1908dfd1", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679572226, "uuid": "bd7110ed-1ac9-4e60-9cbe-be6604f8729b", "comment": "Malware payload (AsyncRAT)", "value": "590ed3a379121e21c26961a961c101a4266597f8d012861ec3e3da3ad6ca3454018b92fdadfacab4c32d19ea54c1d28e", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679572226, "uuid": "7ae0c52b-e237-404e-84af-7006b96d3c52", "value": "T149234B0037E8822BF3BE4F78A9F22105867AF2673602E55E1CC441D75613FC69A529FE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679572226, "uuid": "c0084ac6-8822-4992-8009-1fa0ded5a78d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679572226, "uuid": "7107a5f7-71e8-491e-89ad-0a19d0a71fca", "value": "768:1uwCfTg46YbWUn9jjmo2qrzaEOO2vIhwuKWrBYjlaxZ0bHd99P2VRCV2jFnSagZG:1uwCfTgpM2ogvIh/rBYhqebHdWPSjvdw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679572226, "uuid": "929c5ded-268e-4ee9-abef-730990e63530", "value": 48640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679572226, "uuid": "49be179a-71ee-4275-9184-2a5923b3767e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679572226, "uuid": "6e520c84-5c6c-43fd-9ef3-176a1f829427", "value": "8441ddb18dfbc80ddc5e814f2566ab54.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b88747f6-c915-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679533064, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533064, "uuid": "474ecea4-d621-46d8-9ed1-8e6f5a912229", "comment": "Malware payload (Smoke Loader)", "value": "d6aa94945dea8e0661e3294884010cfa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533064, "uuid": "80d6afd2-6e5d-4c7b-9f06-3c1f22791ce2", "comment": "Malware payload (Smoke Loader)", "value": "b39e67c2cd9ebd133f44a646abca8142630c0eeb149c7521a46b1d281fe6b171", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533064, "uuid": "452bfa03-f708-418c-98a4-4a9a53653321", "comment": "Malware payload (Smoke Loader)", "value": "5ef28930cde4e9a86f984afc16bb2f1a01ecd503", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533064, "uuid": "35759bf3-0e49-49d3-bf94-ac40cd07c897", "comment": "Malware payload (Smoke Loader)", "value": "72636965f9a93434895d413c5f0dcbf4e4f4e6b9f1086995bfed0bca8e0e91eb62ba9800a5b1825f8f590940c1df82c3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533064, "uuid": "2690c78e-4e1b-40bc-b587-21f5fe461a80", "value": "T16E847D0293E36C60EF2347328F2EC6F82A5EBC615E17BA6E135DAA3F0D70161D562715", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533064, "uuid": "8914cc07-8f8b-49d3-8847-29afff8dfd5e", "value": "8800deabeb7a145ec7133669ba643dcb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533064, "uuid": "a351b75d-2703-495f-9e9f-433b59c4eb70", "value": "3072:bMlp8xZPHLU4xztLVKfOCEdOX+a5+E9oQadzYqqu4GVztB6hMa:3xdLLzt5ZCEzcN0Gu5ztB66", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679533064, "uuid": "dbe7f65f-893b-4894-a872-cd6307043218", "value": 397312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679533064, "uuid": "7b047c29-c4d3-414b-b3de-c3dd45225400", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533064, "uuid": "8aa3e9b9-a6ca-4fe8-ae95-8bacdf538347", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93837aa0-c988-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679582394, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582394, "uuid": "ee76d210-c61e-4af8-9886-4ec377fe103c", "comment": "Malware payload (Mirai)", "value": "0e6e44c36d0e1daa3f5c72a42ad4f216", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582394, "uuid": "4670418a-41c1-47c5-9dd9-dea411c7dc59", "comment": "Malware payload (Mirai)", "value": "b3aa93b96f6318050a7ede7bf1dd27cb839ae5881454f55dcdeb4971c025e3f1", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582394, "uuid": "b2e35fcc-cc10-48d2-9cb3-71dd1bb328c1", "comment": "Malware payload (Mirai)", "value": "dbb728fcef8ac693044a700572fa7e1fcf3fdf69", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582394, "uuid": "e3916b5a-f610-45f0-996e-c2bef2ff70d3", "comment": "Malware payload (Mirai)", "value": "7abbb10b73151874d90f9cc19f09c5e3fb5059d443432266b2063b67be79206126d1fdf57b03b3befa7a38cb2974b0c1", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582394, "uuid": "d29099bc-a96e-413d-8c40-61d114344e35", "value": "T1AF13F2C925AB90B1C43CE5F319B605CDF9D93C21815BAB271D4DA8BDD8D8033AF25A63", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582394, "uuid": "26acef3b-60cb-490e-a4ff-73c7e0cd028e", "value": "768:mkBvsVCNhIOKkNduATXGdi6JRstR6blAt1L6fpE74tn+vKBofpb2v9sPf/gktfgf:mUsVwIvkrzXaiTyZAt1L6fYKwA/FunP+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582394, "uuid": "2b25cb76-5aa4-47c7-9221-9fff78f496c5", "value": 43800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582394, "uuid": "6077a776-6d81-4bf1-a09a-e6ee898b3d22", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582394, "uuid": "b8be3d01-0ddd-42d5-addb-9a59a9cd981e", "value": "okamiii.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "699776f3-c918-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679534220, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534220, "uuid": "613f26c8-303b-4c1d-b6a8-e1f46f6734c2", "comment": "Malware payload (Smoke Loader)", "value": "18a26b80d2a132512ec6b66c1e12a048", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534220, "uuid": "b80117c9-2dcb-4130-8de6-27860e499ef3", "comment": "Malware payload (Smoke Loader)", "value": "b3c38d2db008a9f4d300d49f6d2d572a49ca2ed74fb61443f1c78dc8aa79a437", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534220, "uuid": "a90ad033-1682-46a9-a530-22c8b3861662", "comment": "Malware payload (Smoke Loader)", "value": "92523bbfdf3b01510e9d079f18bdcc8137024443", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534220, "uuid": "b4933508-83bf-4ed0-8a10-ca9fbad204e7", "comment": "Malware payload (Smoke Loader)", "value": "8f07a0ea5e4a2587e8d399a2311f418ab4f1e70af93ff5cf77f6fc231b2e56f62ef844116f05e6b3f2b0dea490d8d953", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534220, "uuid": "abfa5962-2076-4c9a-98da-c26541653c05", "value": "T150845D0253E37C20EF2246728E2EC6F4262EFCA19D5B7B6E164DBA3F0D741A1D552706", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534220, "uuid": "e3877f84-8278-4332-9cbe-1cf40ec14cc0", "value": "cd10f4930e443428517f91868d83e9a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534220, "uuid": "695b4e85-3190-4eb8-8722-68e25319b5da", "value": "3072:QgrEaPOFiOAJtLnDYybyWNt9V/nt+EvKaNGLjQrIRpMqJ7:+W2yeeYEyaNsEypM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679534220, "uuid": "817cba04-0d3d-4d03-b555-32835a33c875", "value": 371712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679534220, "uuid": "eb7ca4b1-3506-4d5f-90d3-215589e2fd72", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534220, "uuid": "79be2949-6da2-4d82-9402-fdeb5089ab96", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "732c08d7-c94c-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679556570, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556570, "uuid": "f098bdc0-28aa-4219-adb9-d3f9820e0476", "comment": "Malware payload (AgentTesla)", "value": "3e5939b03704da3eea961b6c2d1b6da0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "chm", "colour": "#080B02", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556570, "uuid": "fad08971-2f85-44fc-92dc-3e7f3360c031", "comment": "Malware payload (AgentTesla)", "value": "b45940fd77c73c0f1d9a77391d2bfeea5a11e4d083542bb8daad8cbae5932620", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "chm", "colour": "#080B02", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556570, "uuid": "3132533b-6a59-4d78-b2fc-ad7e5c5658c7", "comment": "Malware payload (AgentTesla)", "value": "cf5481894b53256d08c3af49218bc4e03ef015da", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "chm", "colour": "#080B02", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556570, "uuid": "4ab7ff61-f684-40c3-a614-f638a5d02a80", "comment": "Malware payload (AgentTesla)", "value": "08f8777788577f6c578289bdf4b5eafb7fbd204aee8760e9d0eb8139a9a19562154b6bd87dd79032ed4e285597fe1015", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "chm", "colour": "#080B02", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556570, "uuid": "d47f6b28-ddc0-47a6-ad60-8deefc9d8dcf", "value": "T131627DF0612D414FC0B649337BD715B1326B3D3ADE68A267650EB66C0936D091772A39", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556570, "uuid": "0a9c5d50-bdd9-4394-809d-db27eeb886e3", "value": "96:7U8fRaQogQA6f/221jYuU1nc11d4eedYNIxA6rywvMkcjMVhX3WjDD6/eHL/9:7U8fJruBJY8V4e0YNIxHOwvkjes6g/9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679556570, "uuid": "96041d60-a92f-4c75-ad9a-581d37996109", "value": 14589, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679556570, "uuid": "8912aa47-6c9c-42f5-a00a-cfdfd6bb8b13", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556570, "uuid": "4c5abcdc-d9c7-4582-8698-8825e76501f8", "value": "OrderSQ010928..chm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f31a5dd-c9ab-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679597392, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597392, "uuid": "b58943c7-607f-4e49-ab9b-eb77b6b5a8c7", "comment": "Malware payload (AgentTesla)", "value": "771a4f1bed87b5336b188cfb31c5c200", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597392, "uuid": "76dff959-9816-4eb0-bd60-c5f7cf0d915d", "comment": "Malware payload (AgentTesla)", "value": "b608ae4e41f90a368ec3b9d29346c01a0322f6b7d8e96334070240fbbeba2c70", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597392, "uuid": "958d7656-1992-4e3e-80e5-1b4463ad920e", "comment": "Malware payload (AgentTesla)", "value": "e54c44c009fb78e3cb053af5bee0a728fcf4dcb3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597392, "uuid": "6f22222f-1c6e-4739-885d-cbcc9befcda7", "comment": "Malware payload (AgentTesla)", "value": "e1d86e5b3c7ebad7eb41c26bbf3123e6cd7902a2393437dd40c4947e1a4da3f6f1f4e920f3f2a4fc72a4bb97a8ab54b9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597392, "uuid": "37024a03-5c7f-467e-865a-8484ea5e2457", "value": "T1FE05DF01AD7A4F71F5E5C3F51920233A03A97BA21071D6188EFA68CA2DEBF6345D065F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597392, "uuid": "65cb1100-a9c5-4956-b698-555bdfb47a61", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597392, "uuid": "cc341c9a-a2d7-40f2-bda7-cc37b1bd51f6", "value": "12288:Ag5Zwdbch9SgZWoXylevNyZeAC9aSyBZOYNsg0aTAHru5iMHixKCrYrE:AeZGbch9/Eo1Vy4794BZODg6Hs9iMCc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679597392, "uuid": "de24b7dc-449d-4ba1-84ea-6972f12a70c5", "value": 827904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679597392, "uuid": "2c6f7b35-02f2-4e8c-9014-d6217f5ba298", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597392, "uuid": "ade80b33-70cf-46a3-9998-673d4e69abe9", "value": "New Order 2023 03 20.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9decc2be-c98f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Guildma)", "timestamp": 1679585418, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585418, "uuid": "0646490a-3cc7-44be-892d-cb03b7b28e76", "comment": "Malware payload (Guildma)", "value": "2a972263f880e73f38a6bc04b3013df9", "object_relation": "md5", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585418, "uuid": "a93de9d4-0d51-431c-9037-8729f1eb0041", "comment": "Malware payload (Guildma)", "value": "b681dd6deabc48ddb4c2c5c0623a2d82ddb3e0a1dfbf4d6a15f12eea96c3e2dc", "object_relation": "sha256", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585418, "uuid": "466c5b27-20ca-4fa4-b02c-e1204a251efa", "comment": "Malware payload (Guildma)", "value": "31e44a7f44c4506789425f60c31ca34472cf75db", "object_relation": "sha1", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585418, "uuid": "06f3bb75-a875-4d7f-a778-791141a6272d", "comment": "Malware payload (Guildma)", "value": "511c15e5a6934300958837cede700f9929b81a5309fa24ab4c2ab541d70075d7345469b459941de0da216e70e41dc5fb", "object_relation": "sha3-384", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585418, "uuid": "1b65695e-2675-4ae2-83e2-422af2aebb37", "value": "T12C82E41C26C2103A9732C7F9E4B6DD1DEF1D46A74D7AC0CEF99855282EB877820E1B19", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585418, "uuid": "c30862ac-bb4f-4c2d-a5ab-73add172b460", "value": "192:I6NFsmHMjzlDa/RID5ybeaQ3jznGA4TdAlD6sdppnW/5fImq3m9K4yITxZ7i9jG1:IgwBI5dc2rW3ktBFmc7H75w1z51Q5x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679585418, "uuid": "62c24f14-0ad8-422c-94dd-a01d1b321476", "value": 18748, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679585418, "uuid": "e0f5edbc-9c16-469d-b384-203b98eb2b44", "value": "text/xml", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585418, "uuid": "fad9644b-1564-43a5-b1b3-278a2a2089ae", "value": "payload.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "718c255c-c97c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577183, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577183, "uuid": "b0ceda22-85b3-4d08-96b3-359ae861dff8", "comment": "Malware payload (Gozi)", "value": "ac8b79687134fdcb0cf73a43af514cce", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577183, "uuid": "7fcd2a73-dfb4-49e7-bc90-071b7455fe00", "comment": "Malware payload (Gozi)", "value": "b6b94ae859cbd80af39ce32cc52e4288342445cc1d6486b14ff76b1c257e446a", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577183, "uuid": "52d2b80c-6e4b-42a9-9349-6448c91bcd05", "comment": "Malware payload (Gozi)", "value": "5da8fad152095f2cd9269e1690daab93fdabeb85", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577183, "uuid": "e67ac9a0-ecf8-4153-9dde-bdb129c1e9ad", "comment": "Malware payload (Gozi)", "value": "49cb1f67a57e36767cc64e389948cdc47cc9b6055d5ae7ad94d177dea4df14993b9e27072bf229a240de140bf4f2c28f", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577183, "uuid": "6d32f34d-4adf-4684-9611-84ce277bfa1e", "value": "T138D1573682582FFF287631AC081886F325B2957B7A7F1DE7B47104E9251CB1081B6EDB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577183, "uuid": "304e4d08-01ac-48b8-a356-ffc3cd4855c6", "value": "192:M/fnUwLR8EzDM9a9gJ3txM5N9M8SfPLrFaLc:dY4u7sn/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577183, "uuid": "7b211d26-6d60-4a03-ba1a-ec584ccc8997", "value": 6566, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577183, "uuid": "f52c235b-0db1-40be-ab70-5422cf490d3a", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577183, "uuid": "294663f9-e4f6-4b9a-843d-e0d1e6ae4f9a", "value": "Fattura 3562 2023-300929.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c00e5f30-c987-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679582039, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582039, "uuid": "d1a52822-0dee-4ca8-bd12-003330f3cb40", "comment": "Malware payload (Gozi)", "value": "7aa6f788234537837a9fb5ade2a0dad7", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582039, "uuid": "e8e92054-8ab9-4887-8e45-65a841fca938", "comment": "Malware payload (Gozi)", "value": "b7f0b16dfc95c81abfeee0982b7039c4964f8a871f2f7a0be13c294a89c00d5d", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582039, "uuid": "2668125d-1747-489d-ad88-73b2f7106e4a", "comment": "Malware payload (Gozi)", "value": "1825e02ec4659d7969dc262d76549b424018ea2a", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582039, "uuid": "fdfb6032-a13a-46bb-8c12-ba33f9a76765", "comment": "Malware payload (Gozi)", "value": "ffa03a60e4b2e5b3b37df426bd132565ac1b90329b0e48a5fc55d86ae0ee3db1c0a878a74c5363589c4179d6c27afb99", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582039, "uuid": "a6e1662f-bc97-4bbb-bb6c-60dd6b747e21", "value": "T140D3E10C7695DC0BE9F94632D468EC92932AB7F287FF55157C9EC412F723EA1AC92201", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582039, "uuid": "8a7eeedb-5f07-42c8-8b79-fdaa3c5d6081", "value": "3072:3plLUnJS0g5u6jejkszxSxhCtY30JvyizUW6tox5nO:3plLKF6jeTmmaZHox5O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582039, "uuid": "6f7f29fa-ba36-4434-a805-a23ef30a9b38", "value": 131841, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582039, "uuid": "af4e7343-5c0f-40f3-8f82-575ca8a472cc", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582039, "uuid": "c8cd82c1-c61d-421e-920a-97b4c64a54a1", "value": "Fattura 3601 2023-3000440.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b80a08ba-c940-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679551532, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551532, "uuid": "10089e9d-88dd-4b7d-8292-b95f86f6df4b", "comment": "Malware payload (SnakeKeylogger)", "value": "7581a5c867ffae96ede937125b13dad6", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551532, "uuid": "56936f27-85e8-412d-a4ba-5b26bc1ba5ea", "comment": "Malware payload (SnakeKeylogger)", "value": "b85cd5adf481181d46df9cee2dcde6db46ed4d27e143f201a093d06e32587d06", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551532, "uuid": "0776c6ed-0ffc-47b4-bfc6-1818a453c124", "comment": "Malware payload (SnakeKeylogger)", "value": "0432f474d57d8684b88c003e73ff10796458c253", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551532, "uuid": "dd4c054e-6724-4bed-a7d5-b162945104f8", "comment": "Malware payload (SnakeKeylogger)", "value": "b038b8d3d6df91efd3d3d4d3d81bd21f6315bb0a3f07089efea6a21eba06a5d3ff54948aea958d4636d9e8c0a48e20e4", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551532, "uuid": "98ce0aa7-aba5-4cc1-b2e4-da239229e508", "value": "T1F36423983D2064DF9CD351EB79CFC419E20BC91FA9AD919FE038A556F201B53DB104AE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551532, "uuid": "304e3280-5707-4cd7-8f40-f6c260adb13e", "value": "6144:Z+vG07R3PTf76/dF3JceV18TlKPdzvbkBTz4uyrTMNarvhVCyn+DFe:4R/TsFP18TlKP5bC4uyrTMNU5IyP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679551532, "uuid": "dd869d58-7198-48d3-b665-bed5da9cb25a", "value": 326596, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679551532, "uuid": "951669ea-452c-4d2a-90d1-6f54a5f78a8a", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551532, "uuid": "a9d45f37-66ca-4a00-ad48-0dc5a8c7d2a8", "value": "clip_image001.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0a82fbf-c942-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679552486, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552486, "uuid": "34d3d388-589f-4746-a40d-3882319f8637", "comment": "Malware payload", "value": "17fd991451ca72bc9852120461e7b49c", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552486, "uuid": "38de4679-06bc-4266-9647-20b8f1a4da67", "comment": "Malware payload", "value": "b9516bf0026b68a8749edf1bb65ef984d9541ea3d9ad2e6d02dd6ce1a9ac2cd6", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552486, "uuid": "fe44e0b9-aa7a-4331-a73d-c7f579bf53e6", "comment": "Malware payload", "value": "77aa2cd330daa82bc4cacdc85647f0cecdf32eca", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552486, "uuid": "12aaa586-091f-411d-87e8-7f3857de9608", "comment": "Malware payload", "value": "80a2d470ccaba281ccbea11a323c1eb3548a0ea29d940b8cc9facac1618b903c8ab6c30c6cad28aa7bc0414a9b8ac475", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552486, "uuid": "6f77fc26-2835-4e42-b0c6-e36f5948e9f4", "value": "T16A350213E9848D46D44247F96FE379D8531EBC226BD6A2872344B70F6F78AF08A4711E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552486, "uuid": "b95620d3-470e-4423-86ee-9ad4d505744b", "value": "24576:BLKNWQmmav30xR+MXUu9/L4+MXUu9L3bVj+MXUu9s3bVmj+F1LAiHs4E:BLKsQmmQ307+MXV9k+MXV9L3bVj+MXVM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679552486, "uuid": "eb16691b-2b3a-4c61-a353-0ea4c8727b7c", "value": 1149440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679552486, "uuid": "6f9208c7-1c9b-46b8-ac03-36634a08591a", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552486, "uuid": "31636ad2-7a09-4d76-8bfc-35ce5b18a9c2", "value": "Statement as of FEB 2023.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a9c30713-c919-11ed-88f6-42010a9c006e", "comment": "Malware payload (RecordBreaker)", "timestamp": 1679534757, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534757, "uuid": "edaf8e26-d768-4e35-87cc-a8c10223645d", "comment": "Malware payload (RecordBreaker)", "value": "c0e13179a732f32dbbf952ef290fe712", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534757, "uuid": "f4ee19b0-ed16-45ff-b19d-18b41974788e", "comment": "Malware payload (RecordBreaker)", "value": "b980bbfda0d21193b1274593fceeae00f01f7abc6a0498ae6e98582b7079ab13", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534757, "uuid": "4c75f4a8-787f-49c9-af62-ad4dafe360f0", "comment": "Malware payload (RecordBreaker)", "value": "830b50e4e0873eadbbbe4817fd66a75f874f5880", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534757, "uuid": "53419593-288d-481f-8dad-9267ddd755ec", "comment": "Malware payload (RecordBreaker)", "value": "664f656e3d71fb6ed1fd670eff1b9e6ab9db47783368b0f93720fbdeb1d019cd3cdcaee821f6f2222eecb5de1ba38fd5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534757, "uuid": "ba7e4d56-6426-4015-a3e0-52804e899a31", "value": "T14A746D0253E36C20EE124B328F1EC6F46A1EBC619D5B7B9E174DFE6F09741A2D162706", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534757, "uuid": "fc1b1153-286e-4c14-ba78-54bda66add42", "value": "cd10f4930e443428517f91868d83e9a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534757, "uuid": "76de7c94-d0fa-4780-b0db-1065cf427f82", "value": "3072:TBo+EBPEx+xSK4nDYpzIjbtBKHJIQN/Krnn8uLHrOPKAkYWQB++5WyJJ:TZXIpsfoJIHr8B++", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679534757, "uuid": "08298237-e29e-42f3-bc52-c7e88ab4808a", "value": 368640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679534757, "uuid": "571942ee-2d44-48ca-aa09-aa19bad293af", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534757, "uuid": "56998c2f-c93a-4c64-b3fe-dfe555ab4b83", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d7c86e9-c95f-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679564694, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564694, "uuid": "8f3593f0-d319-4012-a33f-f0dc4f5f6adb", "comment": "Malware payload", "value": "8d4f667a4ae114a9a548e5eb39074ab0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564694, "uuid": "246e284e-42a7-4b0f-9d51-89e6800f8fe9", "comment": "Malware payload", "value": "b9abe02f66ca158cec5767c8c2943321812cb63e4eb56d0a2b02d11bd998e708", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564694, "uuid": "7aab996e-c390-4e23-be21-0e809e50ec37", "comment": "Malware payload", "value": "86a8746676ac927cd8b36e79627d470eedb8ff9f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564694, "uuid": "59074338-fe16-4d38-a5af-11778a524844", "comment": "Malware payload", "value": "18be1858c08c3e4bd8451b20174aecf6a17112a2b01008a6c69b93699507c5fe90e23488dbc8fd67475c5f236dec5cea", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564694, "uuid": "4aac030d-abdd-424a-9af3-05a2507eae8e", "value": "T19AA533C3D5B5405CFCFA0AB6ECD7E86C23821275CDDA4E99E9C65CA87F67E02408469C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564694, "uuid": "f4e57c0a-1703-4780-bca6-9e59ce2ccc8c", "value": "db92c70e84efff2229f061081478803e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564694, "uuid": "c7d742b8-5577-47d7-bed3-4ebee3b819a1", "value": "49152:lZOSfoY22xH4/+nWvNQVJZ9+pS6eyWG2G/HJGxM2:lZOM2gHw+Wv7pSxyL2+HJN2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564694, "uuid": "223e4634-dc43-40e8-aaa6-8020e65c3e12", "value": 2081857, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564694, "uuid": "370b6695-0b24-4954-926e-c34ce09d011d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564694, "uuid": "222a185b-05d7-4b57-afed-06497b9dce7a", "value": "8d4f667a4ae114a9a548e5eb39074ab0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48a38aa9-c97c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577115, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577115, "uuid": "25c38da1-639a-4d93-a246-730d407983c3", "comment": "Malware payload (Gozi)", "value": "f41530aef8d4ef1f13ff1640b7261a11", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577115, "uuid": "77b77d6d-fffe-41c9-b004-6d69661af8b9", "comment": "Malware payload (Gozi)", "value": "b9dab30041190bb18571af729fcaf328f98220666f650dbde2a1b53eac66fc03", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577115, "uuid": "0969cc35-a61b-43a1-a11f-48b8b5492018", "comment": "Malware payload (Gozi)", "value": "28a06028da78e91725dc936ee562d75a841238d2", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577115, "uuid": "1d0367b0-f669-4e92-95a0-410b50c935be", "comment": "Malware payload (Gozi)", "value": "9b3cc7421f17907ee5a15bd192ef546be1ad96a62168915c24a237ce450a986ae92c0c6478ef1678944acb3a711f9a72", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577115, "uuid": "d8af5627-f43b-40fa-ae67-a4b5575c427c", "value": "T13B039E234F833516C63B3A942DE2438A5D6FCDA698B386A134B81101F7465ECEA7DD1F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577115, "uuid": "93eebe22-55d9-4a21-94c8-7e6710788c11", "value": "768:UY1SoS9S9Sevs3KhusLzg3lH0pUnjKunwmhmhmhmhmhmhmhmhmhmhmhmhmhmLxNg:2pIIG8D90mjK6wmhmhmhmhmhmhmhmhmr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577115, "uuid": "7fd71e41-bc1d-433e-8738-49864dced72c", "value": 38351, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577115, "uuid": "f28b80a2-771c-44dc-9d19-a6d2eaf792e3", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577115, "uuid": "0c73fcfd-a7e1-48b2-9215-8e0639652569", "value": "documento5.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1e954d3f-c94c-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679556428, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556428, "uuid": "60396159-d210-440c-a798-1cb84a013bcc", "comment": "Malware payload (AgentTesla)", "value": "d7471737766ed2a78d4f60aadb70d3f5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556428, "uuid": "043d4292-7b4d-42eb-8fcc-f4c73ac0166c", "comment": "Malware payload (AgentTesla)", "value": "ba9c286a047a01adc201526f28acca6bcc971e7714429e2bc0cb9c6c17660c6c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556428, "uuid": "8f9a456e-0911-4f6f-8da4-81f2d2e54e67", "comment": "Malware payload (AgentTesla)", "value": "cdcec40701b923c5227f56342578cc53fd00fa9c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556428, "uuid": "a72c20c7-371d-45c8-aa66-9ac740e91d9c", "comment": "Malware payload (AgentTesla)", "value": "f254fa7e7ed224136bebfbe745a0a89e0f9e16c3ef9d5ff595cba7ccfff42af6f9d340f5daf4283fcd00c2fff7c3145d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556428, "uuid": "5c5c36d6-cf7f-4099-82ae-b934c9842bb3", "value": "T163154B40EFAA6460F11144BA216B7D5FCD11A88D99DDFB6E150FEF32F5E220D1D82E22", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556428, "uuid": "62fb8fbd-125f-4478-aeb1-dfc79297b8a2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556428, "uuid": "5fedf3b7-7e51-4e39-b18e-ef7646b555a3", "value": "12288:Z+wGQHsUK+yLf3R54+Y0Qkln4bHacfV1lth9bU8XqWxevxiLATAGn3WtNmBNa4OX:Z+wvHscKZy+JlUHacDDh9483xC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679556428, "uuid": "9458e078-d498-4221-93e5-c76909d358ad", "value": 950784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679556428, "uuid": "c1444f8f-5cb3-429d-82b5-0acf98ff725a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556428, "uuid": "3aeeae23-4678-4a1c-9fc2-591c761a6503", "value": "DHL Shipping Notification.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "496d869e-c9d1-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679613623, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679613623, "uuid": "2e047a53-6466-4ebb-9a74-c38c1d3d51ed", "comment": "Malware payload (RedLineStealer)", "value": "1f6c10027fac3c9ddf65f8671d92a8a8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679613623, "uuid": "7ae93466-72cd-4700-8f1f-feeb93f92cdb", "comment": "Malware payload (RedLineStealer)", "value": "bc4e6fa560775c5cd628fda9b39df43db02310ad5b6ed8703fe8ac1d19884b94", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679613623, "uuid": "49f6bebb-fd7a-47e6-af09-6b0d3a473f8c", "comment": "Malware payload (RedLineStealer)", "value": "3edbfb47160f79999e2a60368489a0aa622de6bf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679613623, "uuid": "2fda95a0-0cea-4411-a70f-d31fe348585f", "comment": "Malware payload (RedLineStealer)", "value": "1ff8795afe4844aff8468764e03c4c089c4ad34463dbff1591817248436722efbb4a3a02e7353d8f7b847cc46d3471ee", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679613623, "uuid": "aae85e01-a977-47cf-8ac9-e05cc4967656", "value": "T17924C06067AC9F19D9FD0B74B4B2111443F1D08A9091FB1B8DC498A72FA3B86594BFF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679613623, "uuid": "2d533a77-115d-4bd9-954d-39af5ae29c71", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679613623, "uuid": "ec4a03af-bcd4-4c9e-a616-31c02569f618", "value": "3072:XTuOYj+zi0ZbYe1g0ujyzd98xc4wK9axJJx80st2hRcLuPR1/WUz4:X6OYqG0LahyD+FE7s8p1Oh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679613623, "uuid": "f57ac3f0-21f3-4a80-9a00-423a57bba3c3", "value": 228209, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679613623, "uuid": "7415afb2-1716-4e7a-936c-cb5a2e82da08", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679613623, "uuid": "4fdcc0c3-531d-4b85-a5b6-ce91bf2c5454", "value": "1f6c10027fac3c9ddf65f8671d92a8a8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23c9ce2f-c97b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Fabookie)", "timestamp": 1679576623, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576623, "uuid": "02a1b9c1-b069-4888-a057-391c5fd2306f", "comment": "Malware payload (Fabookie)", "value": "cd6e0bfa3b1b754ba1e6da8b06258d35", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576623, "uuid": "99638347-1b97-4fab-b23b-ffa1c00da1be", "comment": "Malware payload (Fabookie)", "value": "bd623529b38881a3b4f6c2f73789bb2b7140f9d954f19e9d7603bc342339377a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576623, "uuid": "6aec6791-c6e1-4e99-a8f2-e7762e614623", "comment": "Malware payload (Fabookie)", "value": "1b03507622ee545f769483494594135b572508f2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576623, "uuid": "006f395d-2b7b-4063-afd1-9f5ba48a828b", "comment": "Malware payload (Fabookie)", "value": "71e4e212b2c1cd9c529beb9c98c5baa821e975302cccab75993d506846f1f8265c01668d42689d62911de3fdf6e90b17", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576623, "uuid": "ebc172f1-619b-4d83-9e82-4fa2f7552985", "value": "T10A156C5EB66C00E9D0B7C179D5439A03E6B6740B03B15EEB139147A63F276D88F3AB12", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576623, "uuid": "55aa1a89-6a27-42d6-8bd0-d9c4568db89c", "value": "ca4024c0e7ca045d1b257058baf9658b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576623, "uuid": "afb142ae-0cf6-422a-993b-bfb0141a4b46", "value": "24576:6yE8JiMHd/BieyIMZR9ejI21FiWOnoxkNMu4dXxbfat6Z:kCiMHtBiez+Rb21FiWOnoxkNMu4dX9aE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576623, "uuid": "f2e2a93c-135b-4343-a04c-d91a7e17b904", "value": 886784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576623, "uuid": "be46c203-6039-4eb2-8904-12212a6b1ac1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576623, "uuid": "a4610165-e312-4f32-a220-273c8dd765f0", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "53fbf3e1-c97c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577134, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577134, "uuid": "82b9ab41-1799-4bbf-baf2-1ed0249f2fa7", "comment": "Malware payload (Gozi)", "value": "216119daf20d8898a3ba051f1d8e5d9b", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577134, "uuid": "efb44614-2ae0-4568-8cf7-f57a13cb6e0a", "comment": "Malware payload (Gozi)", "value": "bdea9a6d29b232bc69e3502ee4710f0c5e99c2d0ea996624545d39760a104750", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577134, "uuid": "090beb5a-33b2-4733-afe9-6bf552d1014e", "comment": "Malware payload (Gozi)", "value": "f031a4c279c853e79eb67f6b52329ebaf4ccf8d8", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577134, "uuid": "bf3f5401-ee84-4e52-a47d-71a07599a39f", "comment": "Malware payload (Gozi)", "value": "d94d4b3ee63c863882575340644ecc8ff9a07a044b5cc0dec8f7a678e4e8d305c8f3820045b46f8f661b5fa8ace967d7", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577134, "uuid": "95373d8c-481a-4530-87e6-0891ef45923a", "value": "T15EE2C06B1C43DBD9E1E60B0531EA26727F44E660851BBC6316392C5217B2BF970FE81B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577134, "uuid": "f7294a2b-ad82-4fef-bb38-9e60c99d13dc", "value": "768:WGu+++I6frB7NyYHboi+P/0fQ4DV3KEp3KEW3KEL3KEf3KEo3KEIv3:U6f/yYHbUX0fQA3pp3pW3pL3pf3po3pk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577134, "uuid": "7bf0468e-db2d-44af-a06b-4fb6f275d12f", "value": 33531, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577134, "uuid": "31256492-dfbd-445a-9c46-15377a362409", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577134, "uuid": "b85afa80-3e84-48e6-aefd-a8c314dfb927", "value": "documento9.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30915c4b-c9cf-11ed-88f6-42010a9c006e", "comment": "Malware payload (DCRat)", "timestamp": 1679612722, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679612722, "uuid": "137e5518-895c-45ac-96e1-6af2f7e59b4d", "comment": "Malware payload (DCRat)", "value": "1ebda5cfb762d7884f46792cb1d12adb", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679612722, "uuid": "c22d5f1c-dfb9-4ffd-afd7-fbe24118708b", "comment": "Malware payload (DCRat)", "value": "bec2656a4413d2cb9d64f99d3b72472989197434a637ed136858ed782b293a50", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679612722, "uuid": "7971b851-2f24-4ceb-8e4e-f487226b308a", "comment": "Malware payload (DCRat)", "value": "22f9c3c64dd3d13c2453a1872e3ad59491f6d101", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679612722, "uuid": "b4a73e56-4e52-413b-940a-f8d742e3c632", "comment": "Malware payload (DCRat)", "value": "9e566f07161b91a71b0d8fa0aba23e08f14312e1ddcfc4bdfddd25c2fe3c600f1074de82ecc68ec9e4d64fb790461644", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679612722, "uuid": "801800b1-95db-4f26-8709-490e9e9bf7bd", "value": "T1778633A5537109EECC68D238D5C1CD30A3B2BC671B74C68B439486673F63A99683FB19", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679612722, "uuid": "3059430d-98da-4568-9700-9c33d257584d", "value": "ba5546933531fafa869b1f86a4e2a959", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679612722, "uuid": "6890957a-a68d-4a4a-84a4-e79a47ce926e", "value": "196608:0PbgMfpayqnxbAQ5owejuJDUX47dwdW0vnFwBTYPERR+:KzYyoxCaUX47d4XnwZQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679612722, "uuid": "d2e9bb25-9e24-4894-ae06-3630932077cc", "value": 8423657, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679612722, "uuid": "3e927c7a-70a2-4890-a193-f0cb9787fbb3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679612722, "uuid": "076b196d-93ee-4626-ad0d-88456703d1b7", "value": "1ebda5cfb762d7884f46792cb1d12adb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5c697dda-c93a-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679548801, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548801, "uuid": "b451f842-729f-4f51-8878-a0c3d5e6f312", "comment": "Malware payload", "value": "9789c8bc298591b7e910fa77b08da478", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548801, "uuid": "d2c65c66-ba0e-40e3-90b6-900985fb2aa2", "comment": "Malware payload", "value": "bfd4a0f3bd82a7ea4d9f714e4b641a24cd489b958a836b8eda3603bf6093e9e3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548801, "uuid": "9f7b7c61-2a3c-43f0-91ea-54efa90a0dc3", "comment": "Malware payload", "value": "e39c61d0b44ce3a30b27a7dccc0d263193bc766f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548801, "uuid": "791dbd45-d541-4fbf-8ea1-d7fefd6556ac", "comment": "Malware payload", "value": "4a4d3cded026d02239dae88530c50f050462703c072b716951a92e23576d61ed3862dabe11fdd121a9e206c4cc8d6ccd", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548801, "uuid": "21b4689b-aef1-4840-931b-6d1cfa52415b", "value": "T10645D702FE9ED563C3945B77C4E618240B65E942A523F71B358E23AA0947777FE0CA0B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548801, "uuid": "283c11b3-b352-44e7-9ea1-db68c64fbd88", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548801, "uuid": "c9c2d99a-edc2-485c-801b-044c294ee976", "value": "12288:U3Fm459NcewAv+ylerAQ64ZH70O35eKCTwiO1eDRi2Uv:U3R59CSvJgnwSE+eDRi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679548801, "uuid": "886f713f-540b-4a15-854c-f359954dadcc", "value": 1193984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679548801, "uuid": "09c0a9bf-b8e0-41e9-b174-4677a6487bcb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548801, "uuid": "36334c42-33a0-4b9f-9de5-11a57bdbb416", "value": "9789c8bc298591b7e910fa77b08da478", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d9cde3e7-c990-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679585948, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585948, "uuid": "f398408d-8c56-4ebf-a009-c99bcfb566af", "comment": "Malware payload (Formbook)", "value": "ddae367e828d169834f7261f3cba74d2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585948, "uuid": "b5c5b0ef-f9a2-45d0-91a4-11d19f21efef", "comment": "Malware payload (Formbook)", "value": "c09f9057e4341633036324cbe43955122e503d1b73a979977b43030f4cf1ef10", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585948, "uuid": "7e77af0b-20a9-4fd5-9389-689bc1bb6030", "comment": "Malware payload (Formbook)", "value": "0a7f61bc670a38cce473053b93c3796649f3ce57", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585948, "uuid": "97dbabd5-774e-4ed7-9962-c3c49d896ee5", "comment": "Malware payload (Formbook)", "value": "f508c19053ac3feecd9722d75876a1150e8620ead87cde824f62ffb727e6a6a7cfe8c2a0c2ba52a308fc1dd81c22cf6f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585948, "uuid": "39814a2a-5004-4b53-9641-f01c8af2c805", "value": "T1F0456C4513886A16D1FEAB33A4F1275A8771DC64E7AEE30B348836AD4C767721E87313", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585948, "uuid": "fbc44a4c-0317-49d1-8447-cdd7051ce1cb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585948, "uuid": "1d0f2430-c353-4900-a017-92f55c8f6e90", "value": "24576:m3hJAVEoHlqRTPEZjimfAygETqHnyCPTONsM:mRJJNRTCbfAygETqHnyCP6NsM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679585948, "uuid": "64bc517d-bc9a-4835-975c-4e45e50fe0f6", "value": 1255424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679585948, "uuid": "ab05c74a-8b3e-4462-9d36-9abfc653b5a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585948, "uuid": "e1214ee0-09f5-4b05-9911-063c5162ab1c", "value": "ddae367e828d169834f7261f3cba74d2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "39087e45-c977-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679574941, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574941, "uuid": "098e4319-d0f7-4624-8538-5eb0288910bb", "comment": "Malware payload (Gozi)", "value": "2a1447202f7fa4b43a21f34a4f5caf46", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574941, "uuid": "af1fe0c4-3ad3-4b79-8230-85f680b4c7c3", "comment": "Malware payload (Gozi)", "value": "c0e1ec547efb4fc050806d414d9fead46a962aedcab05a983d29b0e87330b994", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574941, "uuid": "eea0022a-b8be-4c2c-8563-a7f9477e08fa", "comment": "Malware payload (Gozi)", "value": "6c709a772ed327270703511d0d4c88a3bdbcfb1b", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574941, "uuid": "7d954fb9-03a0-4d03-b4d0-029551ec20e9", "comment": "Malware payload (Gozi)", "value": "1e029d222a808df4ba9f122f71aa7e9c65f12a341672af6f75d2e328e0c943509d2a0b71b3e4a43d3830453f93e81e2c", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574941, "uuid": "61b1838f-3e0b-426b-897b-6b3242740cd3", "value": "T18941086EC98C229FD0380B35C3A10F28B44452088063E503B38B639E6C4D9F3912BC3A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574941, "uuid": "aca5cfa5-ca19-441b-83f2-e27838a9e814", "value": "48:92yS+qkdUVBQywEie6spIgqSBfqPD64y7W2VKNkYcb9Jnl:HskdUVwv2IQBfqb6N71KKZb9Jl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679574941, "uuid": "9451b38b-c9c6-43e3-8ec5-6c60c44052c7", "value": 1992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679574941, "uuid": "75fd6af8-cd06-45d5-a5f7-5d535e7056b3", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574941, "uuid": "0de55f4b-7e3a-470b-9960-cfd8026a3599", "value": "Fattura 2203-23_012.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6cec6fb-c988-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679582480, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582480, "uuid": "e8b50b16-4211-4b86-ad1d-3382b583fbc2", "comment": "Malware payload (Mirai)", "value": "50ccf934c9e500784ff815c53fec5c77", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582480, "uuid": "f301183e-4bfa-4c34-94bd-d677b175a846", "comment": "Malware payload (Mirai)", "value": "c357ef99e64362676448206b3b5e9d77127345bec9168e078f11468745e37fec", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582480, "uuid": "c4907021-f1f7-46c8-b6e9-c4717c2a1ec9", "comment": "Malware payload (Mirai)", "value": "c47f29927276afa85175b7d6cad176a0b7bbf46d", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582480, "uuid": "deda70a7-169a-45ea-aff9-dbfed2ffed4d", "comment": "Malware payload (Mirai)", "value": "fbdd84738abbbab1b7c0c5d8493f18514eab6a11161930df95c1440efcaf4ead1541c7b60432091e710c719003f993dd", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582480, "uuid": "29c1fec6-7601-4c85-9e0b-881c98e6c959", "value": "T1C0B36B17B7A2D67AC08356B427CF99E19823B47E0B32321B33D47DA02F59DC55E29B42", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582480, "uuid": "3d591aa2-2cbe-4141-852f-3c71ac49cd68", "value": "3072:wLkNh9TyMKq0fQfoOR1JciHSb0JQtphavFWx+DegRWX8GO0FkNc:LwJiHqRphavTDegRWX8GO0FkNc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582480, "uuid": "6498c006-a36b-4e18-9cc6-b4e9f0ef0264", "value": 113181, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582480, "uuid": "87ac273d-952f-4dd9-b5ef-f2b92711fcd6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582480, "uuid": "f771b9cc-8ba5-4eba-8656-4498a1f9dad0", "value": "okamiii.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23e50f1b-c97b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Metasploit)", "timestamp": 1679576623, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576623, "uuid": "a9660070-42e8-4114-866b-d165b02473e4", "comment": "Malware payload (Metasploit)", "value": "367030209dfe9a7f1631b8edad37cfa3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576623, "uuid": "6f7be8b2-aa25-4ac5-bdf3-bb4a791ff46a", "comment": "Malware payload (Metasploit)", "value": "c3fd44421f0c143c5903d2000a44840393e75e85e2f839c5a4c6b368e398d509", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576623, "uuid": "71c9e465-b423-414e-93a0-f697d98b50fe", "comment": "Malware payload (Metasploit)", "value": "46804a20dc4389d0ac3d76586a00e9f63919976b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679576623, "uuid": "3f0b393b-9e9d-4dee-b008-0e5335a30dde", "comment": "Malware payload (Metasploit)", "value": "9f62cbc883a966ee5868887773377eec19cb8c43c325281d5fb9c6d4c28356493b25de8b1ef3fea7225044a5e9ad587a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576623, "uuid": "1551176f-a0f3-485b-9d98-3f1002889819", "value": "T1C9E1751337145DB6E87D0A7C4AE2FC67A1885E393F3B92728E28030B397212479B4E04", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576623, "uuid": "65d410f7-d52f-4d88-a138-27f7483c43d5", "value": "b4c6fff030479aa3b12625be67bf4914", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576623, "uuid": "2ef344da-b092-41bc-a83f-61f6c51d2f0e", "value": "24:eFGStrJ9u0/6WwHnZdkBQAV2G1Y+mwKZqpeNDMSCvOXpmB:is0VwjkBQWq+3nSD9C2kB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679576623, "uuid": "f7188244-577b-4025-ba55-1465e2a242f3", "value": 7168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679576623, "uuid": "8146f171-9b4c-4c1f-bd5d-e51b176cd5dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679576623, "uuid": "7094f8e9-d873-4d8e-84d0-33148abe871b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "444ba21f-c97c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577107, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577107, "uuid": "5f0db995-730d-460f-887f-59b3f8afe9dd", "comment": "Malware payload (Gozi)", "value": "39bd58ab4c2c58762a5064e8eb2db032", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577107, "uuid": "28f35a8e-dae4-4a31-b20a-2d413133006d", "comment": "Malware payload (Gozi)", "value": "c56e2905b19c4d15217d6df39cd7311285762325a94a2f8764c4f5a0f2ede889", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577107, "uuid": "d23a5736-b155-4e70-8149-f6236c55aa68", "comment": "Malware payload (Gozi)", "value": "102986f0599c95d47e491417831c4a95907bcf88", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577107, "uuid": "fbb39931-edb7-41dc-bcdc-419895171b27", "comment": "Malware payload (Gozi)", "value": "48fcaff305f2584d937081a450a7c77eae6d99b614c9b1927a6c93a2f2ad0f705efb1419b5ba854657c0ed3f6f05dfaa", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577107, "uuid": "2fa9efd4-cc36-48af-953e-c3367e0b1744", "value": "T1B4B2C0F96C108D20E0345DF8E4BC2D5D3C686FB23A045EEC992A22CF8D566A9053B7DD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577107, "uuid": "02c1b874-187f-41ad-a227-a400505edf46", "value": "384:Moqq4qvF0XQ4yGLABpqu28hTqrzVNWHC1xKFQtOM8zl0m8Im8Im8Im8NIMBK0gLd:MoP9vF0A4yGLd8hTqfVjPtt98h0m8Im/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577107, "uuid": "aa3f484a-fd2f-4d1b-8c65-d80ec2aa1486", "value": 24369, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577107, "uuid": "ddc88786-56c0-4042-b94a-16f8e15aae9d", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577107, "uuid": "1d7e6291-07b5-4cf9-b333-26cd3242947f", "value": "documento4.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76086e2d-c9ba-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679603819, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603819, "uuid": "fa70ed0b-098d-42d1-8c84-fdbd2c0473af", "comment": "Malware payload (Mirai)", "value": "740bea3b9c8ac85f330def94afd2db2e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603819, "uuid": "a8f88b56-cf90-4306-b6c7-1b4c75308506", "comment": "Malware payload (Mirai)", "value": "c58c75df22d76c3e8aabef7c3ac0fe693b3e791d5aa45b22233de94b37a8b531", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603819, "uuid": "4e27ca9a-044d-4dbe-b816-6e3f5c5b65d7", "comment": "Malware payload (Mirai)", "value": "7ac14b6c1ad9e3ff33c53802247d27b701ffe81b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603819, "uuid": "2d6fed56-c1c5-4db8-9adc-b100c9af99d4", "comment": "Malware payload (Mirai)", "value": "79dd105157a3428c514949fc1e9aff20211c3e0f103782ac33ffb4d7675841ea0c9318ca95653c604c20a1b9dc4cf474", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603819, "uuid": "a458d303-03e9-4890-9689-a0e7321a7561", "value": "T106B2D0B894A44D3ACC0717BF68FE00ACA651A4061A7FC7C9EE5E7E8365FB192730C404", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603819, "uuid": "e713ecd8-aff7-48a7-8b16-4bf501ac7779", "value": "384:MYiiBi3f2PSrf64K5WFSlvNjJ6Bqg22JR3Ze5lkBBArl50YYl2S8GTv1Rl:AiBiv2PSbePxNN9gfMkBo07u2l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679603819, "uuid": "aa50ea0d-1c9a-4ba5-9f9b-6641170481e4", "value": 23432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679603819, "uuid": "09079712-9bbd-4f9f-ab63-58815effde6d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603819, "uuid": "d5c12ef2-3d98-4676-b1f3-aef17c4d848f", "value": "740bea3b9c8ac85f330def94afd2db2e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8db6c470-c963-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679566493, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679566493, "uuid": "1d3a38f7-d624-49bd-9b60-b268170aab9b", "comment": "Malware payload (Formbook)", "value": "e6e3d50ceb12663e01d4abf89cb62318", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679566493, "uuid": "96494512-00e9-434e-8dd5-6b0613b112a1", "comment": "Malware payload (Formbook)", "value": "c6645061d744760f8f85692273d06946478e3f804f4f972a74a1764daece8b4e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679566493, "uuid": "ccce8281-2ec1-4183-986d-42ebaa827237", "comment": "Malware payload (Formbook)", "value": "5aa207cac0d7812a41086c8b3267e55b7f275053", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679566493, "uuid": "12a08820-c70f-4ac0-b00b-8a5c4138dda7", "comment": "Malware payload (Formbook)", "value": "1b9284dd831a66da262cbc2dd180781286341fbd7534ab544cd54a04718a5b30d2a90b5da413a687aa4e8194cfc42a71", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679566493, "uuid": "07c6babc-4dc9-444f-b1d3-08937f653854", "value": "T10374129233B6C07FE6A70971097ADF620A9BDD372195934F33E12A063CB1182C92E775", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679566493, "uuid": "7642879b-1cf9-4414-b8cd-3c220feb6615", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679566493, "uuid": "fcc1d437-596c-42ee-9bf3-3c624e5a8146", "value": "6144:JYa6eeJGlSd2oo2OaNnpFipDDZkAnFCoxr6FKswGNm2N2rSfto+dGpbQWu8:JYgyKc2oJrmVnpSKup0mlcpbX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679566493, "uuid": "92ec8f3b-2810-43d1-b683-c94439e7b2fe", "value": 365627, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679566493, "uuid": "8c6d1b09-e3a0-4c29-98e9-5ded652c54b8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679566493, "uuid": "7181e075-e02f-4939-a2fd-30390dfb81aa", "value": "e6e3d50ceb12663e01d4abf89cb62318", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48a5b113-c926-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679540178, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679540178, "uuid": "1470c6e6-ec46-4c8f-8616-f16bc1042dd8", "comment": "Malware payload (Smoke Loader)", "value": "32d38efb3beb3a1cb63b572bf9c43076", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679540178, "uuid": "e0ca0bc1-f041-4ae0-90b6-8cd710ebaa4d", "comment": "Malware payload (Smoke Loader)", "value": "c8914f248385ff7eadb10ce1429e014d6fa8d2b85dc6eb55bd7e7da4eee42d3e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679540178, "uuid": "192e8ad0-87cf-4175-bc7b-85acbb4d9a1f", "comment": "Malware payload (Smoke Loader)", "value": "635e29559e6652be6fb65ac3c656f2722cb15db6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679540178, "uuid": "940736ea-51b1-4928-b61f-3a6c0a55e32a", "comment": "Malware payload (Smoke Loader)", "value": "37baa8d0c5da201e36fd65f7ca4c1e8a6d5ca39038d5e4c0cb5387e8d467b1bd0a7282a0e2bedca4288db52b7553a18f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679540178, "uuid": "701e3eb0-9420-4aea-b56d-329dbb1c96f1", "value": "T13E446C0253E36860FF2247728F2AC6F82A2FBC619D5BBA5E174DEA3F09741B1C552711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679540178, "uuid": "f4df2776-f717-4264-9279-c4739d792c59", "value": "0c7d5e3cc418522bc761bfea9cf074f4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679540178, "uuid": "520ddc5b-1a5b-44f8-bc04-83951840645c", "value": "3072:tHQQqSOWvDv4di4NEhunCVUTypQ/FjogjY91vOL4gW1riy+yQ9ruMk+Ma:qRUDGfNLqUnSJFrxQAbn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679540178, "uuid": "28243e59-7974-468c-9b12-fe8aa5c8ffa8", "value": 254464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679540178, "uuid": "be1dd0bd-c34b-4d82-8a4f-9441a698039d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679540178, "uuid": "70e22abd-5a7a-4e63-a5ac-4c7b8da03b5e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31b7ba20-c941-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679551736, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551736, "uuid": "1ff2b38d-db44-4f59-bfbd-c76a74a55c14", "comment": "Malware payload (Gozi)", "value": "7af5f52bd44f4b87343b476cdea2f689", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551736, "uuid": "eccf4968-c68c-467c-8af8-1cbbd6ccb54e", "comment": "Malware payload (Gozi)", "value": "c971918f112596944e1ef5b3e89a1edc3fbd45ea0442d18ed9d03d06f16a82f3", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551736, "uuid": "84cde9a4-28df-4557-96dd-4c22f3ccce64", "comment": "Malware payload (Gozi)", "value": "de848efc83bbff87d742036ee553c497fb2c48eb", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551736, "uuid": "9e0b83b5-cd7f-4288-9e30-1c9957de9a3d", "comment": "Malware payload (Gozi)", "value": "ba67c880008da149623a5cbd11cbf3e1e44b7da33798d15979e1b3f9dadd4291ed68a9b941f33c4c7795f44551ba95e9", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551736, "uuid": "d8894184-a985-436a-89b3-7862f9af7efa", "value": "T120F05C23C056703FE31FCB7509F8B290957080DD96E2D467CDA811C168EABA82761B84", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551736, "uuid": "4fa54e55-ab2c-4c85-a764-2cc402ebcf1f", "value": "12:5jpEw9rEkEWyn9JKGWytF3WIr2ZxExbMYGEkEIB9Mxtn:9Ww94zT9Jt7ma/xoYlz2Mn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679551736, "uuid": "d5d9ee7a-c075-412d-b118-57753e472168", "value": 505, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679551736, "uuid": "19c351f7-d7a3-4bc7-8ab2-881175cec39d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551736, "uuid": "d712d99a-ab68-44a9-b522-794b840e3041", "value": "Informazioni299.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c34f79f6-c933-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679545967, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679545967, "uuid": "51b7b9f2-0f56-45a7-93b9-8b8086fd0c5f", "comment": "Malware payload (RedLineStealer)", "value": "0fba69e599437eb61d2abc86569621be", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679545967, "uuid": "85e00883-5c9a-46fc-bc9f-915e373666c7", "comment": "Malware payload (RedLineStealer)", "value": "c9dd9e8e2c42dcaca6c8f24e073c53b89cf8cd1bd55d8dd95553f967099d5808", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679545967, "uuid": "501a63da-6162-411f-a118-78141dae4a86", "comment": "Malware payload (RedLineStealer)", "value": "2563ba04bf4cb1bfa6ac4262c06bdd852b79a0b2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679545967, "uuid": "62278b2b-49d6-48fe-b670-6377cdf281ac", "comment": "Malware payload (RedLineStealer)", "value": "de877e59043e6a66e67da5046b8c41d4afb7092801ad1925424dcfadbfbe6a1f0c6280a2dc72b14d88b43fe33c40e652", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679545967, "uuid": "806effe1-c2dc-407a-a6f8-5bfa800e1dd8", "value": "T1AA35E101B5C0C071D5B325320AB5D6E19E3EFA314AA54EAF2B9C0E7E0F316D1DA75B1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679545967, "uuid": "1fbfa485-42e2-4efd-bdb1-466437b07786", "value": "9eb04b55fd629a57d204326e64f95475", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679545967, "uuid": "ee4bf81c-6ff1-4b53-868d-88e0611f2043", "value": "6144:1fP2ruTLG1WlBLO8KUU1LOWYeXBc7BVXYJXWGhDtF:1fOroQUI6WZBc9oLhD7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679545967, "uuid": "28da8e3f-75a8-45f5-9c15-bdf4c8d136ea", "value": 1116160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679545967, "uuid": "03de2e24-f877-4656-8fa9-765bef33b650", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679545967, "uuid": "65165c81-a5be-4c29-a10e-a7246d043fcc", "value": "0fba69e599437eb61d2abc86569621be", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11d3d39c-c919-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679534502, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534502, "uuid": "f3e37eea-52f7-4510-a5e2-56387692cb52", "comment": "Malware payload (Smoke Loader)", "value": "9b321dc2366ecad18834bf2d08471b90", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534502, "uuid": "1b31cd16-f6cc-44f0-84db-3c376cf1fbff", "comment": "Malware payload (Smoke Loader)", "value": "ca3c712d02c7a8aa14b4741878936cb548d6a67067aa0465b21e23a89a1f61da", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534502, "uuid": "390132dd-577e-4bbe-9c87-711ba5a1d9a7", "comment": "Malware payload (Smoke Loader)", "value": "82f65e152bd0cfa584106c3a1162a5aac62bdc6a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534502, "uuid": "aa9be085-51ea-4ba2-a6a7-92a094a6d369", "comment": "Malware payload (Smoke Loader)", "value": "1fc629a0e4ecbce93a20c617abe850733413bc02f45f94b709e1771045add656364091b038b840076d6665fcfa86219d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534502, "uuid": "8e34d7b4-1b9d-4e45-a449-aa78f6428499", "value": "T1EA744C0253E37C20EE1247328E1EC6F46A1EFC619E5B7BAA134DFA3F09741A1D562716", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534502, "uuid": "4e808f46-6b52-42f4-a33e-8f6c4216c308", "value": "cd10f4930e443428517f91868d83e9a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534502, "uuid": "444ac0c8-8633-4baf-8c16-9fa7808fa108", "value": "3072:8srgSP1xi3JtLnDY7KDX6tzOlOIxHTaTGpqwkI2hc9ZNRZv28hJJ:Hu27igOZMTGEwYSh4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679534502, "uuid": "3147213c-38d3-4e20-bc22-8ac8d63643e4", "value": 368128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679534502, "uuid": "64b1d506-f24f-4611-9b76-2a6c4fecdb9b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534502, "uuid": "ad2982e2-e157-4e61-aa38-1796c4504efe", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6fe32f82-c985-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679581046, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581046, "uuid": "93445afd-e0d0-498b-a81f-5ee8348f0f4b", "comment": "Malware payload (Gozi)", "value": "9cd212a00d5975fd7b6384a2156e7a95", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581046, "uuid": "f622b2fb-b777-42ad-856e-2a23ec518e06", "comment": "Malware payload (Gozi)", "value": "cc03c16e6dcc2e104081596d65583533bdf7c5fd81bb82930f4f7dc14744a113", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581046, "uuid": "6985888a-fe4c-4d7f-8318-bd99292f3094", "comment": "Malware payload (Gozi)", "value": "a1523e404cbfc91ef2a475fc14106e25d154ff67", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581046, "uuid": "2502855b-ed3a-452c-9462-3ff0f83c26ae", "comment": "Malware payload (Gozi)", "value": "fba3d8ff08e459a52fefc5503f363441b0cabb4d697722ca64f332ac8f682a823c54389a8410f6faea0ce9ea861f4f88", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581046, "uuid": "1fdb2850-e6d9-476f-adc9-f18778f3217a", "value": "T106B2B0088E3B2B50B4AE2CE83D8E79C585F9EC7334544CE915AB70D9C9720F5747A85E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581046, "uuid": "b139be55-11fb-448a-97ce-0c18e21bc8bd", "value": "768:uOFOfKPiSF5x43MDeOA0ekJd1LyPKnSRnS0ed:uOFOMiSlWkeOA0ek56KSRS0C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679581046, "uuid": "8794af50-288c-4cfd-b922-aebb8a29ac22", "value": 25648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679581046, "uuid": "f7acdeb7-a2cf-41be-b07e-e131862d214a", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581046, "uuid": "628e9e2e-d254-4857-9c8e-4db3da4bf006", "value": "documento2.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f8e406c-c94c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679556403, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556403, "uuid": "9c793ec4-9250-4814-9135-7573bd09bca3", "comment": "Malware payload (Loki)", "value": "6eec1f21ecbe2c4370526b31933ea84c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556403, "uuid": "409a3059-800b-4fdb-86a2-96f7f86df41f", "comment": "Malware payload (Loki)", "value": "cd119f3aa0743c251db71ac44d9da7942b5db801063572672276bacb3d9dec88", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556403, "uuid": "6808882b-a898-4e7f-b981-bfb139c2c6fd", "comment": "Malware payload (Loki)", "value": "4f4040b1f96bbee2aea5920f3715ed9cac5b1911", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556403, "uuid": "408be4e5-78c4-49ca-9797-caebc8110da5", "comment": "Malware payload (Loki)", "value": "dff62fcabb576951d0d780f4a0a2b92a8eb14cddd051fe50d324b4a6c718c827c0fda1e77a029c043645c8283c155a35", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556403, "uuid": "016e790c-0ee1-469c-80f7-f42a59f2fdcd", "value": "T136154B41EFAA1460F01144B9216B7D1FCD51A88E98EDFB6E190FEF71F5E221D1D82E22", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556403, "uuid": "139d6ba8-e1b2-4750-bb46-98d03fda292f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556403, "uuid": "4bcfdd10-0240-442d-870d-3739c9b8e7ae", "value": "12288:2Q1P/9fumHNuJZwOlLsRjNJmc0bHaXfOWKILJI0PGSqMe5zEKwvxiLATAGn3WtNA:2Q1H9fumHQJZwOlOwaXNLPPGSZelA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679556403, "uuid": "6c19735d-483e-48c2-aef7-c164a8b6a296", "value": 891904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679556403, "uuid": "ff9ef156-6a3c-42c0-8674-0e546d962b5b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556403, "uuid": "212141e4-1009-460b-bdf2-f8599f4f9df7", "value": "FedEx Receipt_AWB# 10223551671763.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f0412a6-c9ba-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679603781, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603781, "uuid": "84a7840d-b757-48bd-b215-839f6773e11d", "comment": "Malware payload (Mirai)", "value": "c4f8435efde0b918d194b52a6c17ee6a", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603781, "uuid": "3b6f679d-d50f-4609-a574-fda9b17b810d", "comment": "Malware payload (Mirai)", "value": "cd9d61b3944032ac42ee2e3a930221e4c131b9301b26010ece9de5b8328cff26", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603781, "uuid": "1af9cf54-f0c4-44e7-91e3-e1be2d11e35f", "comment": "Malware payload (Mirai)", "value": "2425384ba52ef2e5948c18473015876f5ca47e94", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603781, "uuid": "887e3ba9-8d07-46e8-a2ef-0d0e609e016d", "comment": "Malware payload (Mirai)", "value": "7ff370369f3eedc3862b9a2f261080b4f5cc0fac12503bcca50ff1d04557c097ad7c127aa2fdd80565c5ff764c690d0b", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603781, "uuid": "6c21655e-6baa-4211-bf69-f04004d3fc48", "value": "T1E9532895FC819613C6C112B7FA5E028D3B2623E8E2DE72039E255F2037CB96B0E77955", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603781, "uuid": "2e8768f4-49ff-4a40-9bde-b149b271fbc5", "value": "1536:eMyMCJe88saexmcTZ9JxF/fDENBDpe/vvXgV:eMowcl9Jv/fDIt2XG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679603781, "uuid": "3d7b3a31-84e8-43ac-9015-79257549e049", "value": 63936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679603781, "uuid": "83f332bc-5703-47b3-977b-2cbb299f71bc", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603781, "uuid": "61e1c118-97ae-4173-bb11-61f872ad19c9", "value": "nigga.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89dd42d5-c91f-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679537281, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537281, "uuid": "30db03d1-17e4-4606-8d33-971b406ed86c", "comment": "Malware payload (RedLineStealer)", "value": "48b58761bbcc3e35d55d471d092e8a5c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537281, "uuid": "c758d0a8-6d13-483c-a31e-4b99948a8693", "comment": "Malware payload (RedLineStealer)", "value": "ce0ade23fee1359edc1d28f12cbcf9ebbf97e67b6b09bcaf26d99af6ac0a14b8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537281, "uuid": "3299a5fc-bd37-45fe-976d-fbe4ac0ef0a9", "comment": "Malware payload (RedLineStealer)", "value": "8f467cd9342a52c692ab562dae15c4cb8f778cd6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679537281, "uuid": "926925ea-1be6-41dd-8eee-081e582d7376", "comment": "Malware payload (RedLineStealer)", "value": "f5673c66e26a75f1346e3be846ef4c1dcb35bb6c12d9db8b338d8b15fe5279a672ee6440c1d045229f85a8e0d55cc5dd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537281, "uuid": "492ebb2d-cb85-441c-8042-75d7d671b5f7", "value": "T10B74AF0263E36C60EF2247728E2EC6F8261EBC619E5BBB5E164DEA3F0D741B1C552705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537281, "uuid": "5c608948-23a0-42c8-ae2a-b4f740d3cc48", "value": "0c7d5e3cc418522bc761bfea9cf074f4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537281, "uuid": "4be6ea2f-7965-4969-ac59-a4b7e52c2f72", "value": "6144:wgLEsNT8AUm+CR0oUhjxukSkktJU0cF1FP6W5tgB3Vf/:NLEsNT8AUIfUtUkSk/zrSW7gBp/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679537281, "uuid": "9cabab1c-3abc-4811-95ba-3ff0f5a2d844", "value": 362496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679537281, "uuid": "705ca2cb-1647-4ee9-a068-0add0fce8fbf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679537281, "uuid": "bdd5b4ec-9aa0-4cf0-89bd-928be217e6fa", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aec24321-c974-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679573850, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573850, "uuid": "ce3db14e-a35f-428f-9edd-1a403c5b9d40", "comment": "Malware payload (Formbook)", "value": "7f7f667d69e22ff0715e154d9ec6e6ec", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573850, "uuid": "0288d600-b57e-4f01-a36e-4dec6c092d2f", "comment": "Malware payload (Formbook)", "value": "ce68ada5dfacf171dce08f25bfacbe4374486aae283892a218fd001c56600e4b", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573850, "uuid": "08231207-ef79-4af2-be78-fdae02e2e5ae", "comment": "Malware payload (Formbook)", "value": "dd0881d826b87b794baeeec689eb3bcbac61a94f", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573850, "uuid": "b5a74a1a-4ab2-43c4-a5cc-08a32aaf7dab", "comment": "Malware payload (Formbook)", "value": "2be171664b2af6ff717997838f3cef39014f87ce8942b80fb79399b0d1c3745b51192f70cdd52b4506f8f044f157d884", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679573850, "uuid": "2855259a-cee0-4c81-9d59-0b6982a8fae6", "value": "T15EF43384472EB530E62E885E573694F281F19B419A0B5D3DE777EF4AEEF4380208CB65", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679573850, "uuid": "372eeebc-d7b9-4306-80b3-6300a2bcafa0", "value": "12288:TH0JCHp7Ku1f7qahjRgoMPaQJVf0rarheziCZM4xih4qvkmRGzE/2ZbfQgV:TUJCHp7ZZRmr0sNhXcmwC2RV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679573850, "uuid": "3470c159-2d31-46ce-b6d0-47e6c7de29cc", "value": 743548, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679573850, "uuid": "3be96a69-7618-4403-8cd5-429e23362766", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679573850, "uuid": "3215c028-169f-45f6-ba16-31a9ab7b69aa", "value": "Shipping_documents.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ea38e4a-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679583030, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583030, "uuid": "b5feee7a-d6b4-4859-880c-23af7baa6253", "comment": "Malware payload (Formbook)", "value": "8e43b63132ed27c5e230cc78d8e1053e", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583030, "uuid": "00d86c1c-f8f8-4965-a37d-1db586713af3", "comment": "Malware payload (Formbook)", "value": "ce86ac22bc71fedaacf10e3f1ff4847a398a1e204589d0bfdbe35c26daf63bf3", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583030, "uuid": "9a0b66b1-bdfa-4001-8328-c12416e18c19", "comment": "Malware payload (Formbook)", "value": "0692f10c3414d60f21da045ec8ef4061feda94ec", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583030, "uuid": "bd7a3841-43f5-486c-b7b4-4e3c5c4e699e", "comment": "Malware payload (Formbook)", "value": "3bc1fc7ed0a3628b59af21dde43e3d25584ebda01e2febf1842107bc4f2611f0387b8f2f48414007f3032faf557a40fe", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583030, "uuid": "d8166886-9bfe-4a30-91e0-1962a1681dbe", "value": "T168350213F9848D46D44247F92AF3B9D8531EBC626BD6A1C72348B70F6F78AE4864311E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583030, "uuid": "55d65ae9-4514-4382-be2f-c37e9cbb97cd", "value": "24576:7LKVqWQmmav30xl+MXUu9/e9+MXUu9L3bV5+MXUu943bVD5ctcvaX26UfU4:7LKVPQmmQ30f+MXV9y+MXV9L3bV5+MXq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583030, "uuid": "be71d849-6afd-4122-be6f-6a03932c9d16", "value": 1149952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583030, "uuid": "fa53fead-78e4-4922-8268-6e4a3d88b043", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583030, "uuid": "d7accaef-ae66-4e6f-8cb4-0b6511034d40", "value": "81304938_19012023_083155.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62631e1d-c916-11ed-88f6-42010a9c006e", "comment": "Malware payload (LummaStealer)", "timestamp": 1679533349, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533349, "uuid": "c08c0308-fad4-4196-882a-98c83d2a7522", "comment": "Malware payload (LummaStealer)", "value": "48f30b9ce79f2837b931d030e0c53b47", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533349, "uuid": "5d959cf2-5ff1-439f-8cc7-4a75afae7501", "comment": "Malware payload (LummaStealer)", "value": "ceee4a6ad525c4f19fa728f00864cfae805a4e76d3c450679c2d0ff0161be253", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533349, "uuid": "0b6812e6-27f8-4953-ab4d-43ed89330fa1", "comment": "Malware payload (LummaStealer)", "value": "d68dd947a11810c8ba111e1a5bc027e959e0898e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533349, "uuid": "c4cd6f50-e693-459b-9680-3ab71fa9ef80", "comment": "Malware payload (LummaStealer)", "value": "cfa18f866233004338b37eddaa671f544c602d3f781480c52ad2bc1694ca24be1816e73ff3ef207505994e99b4b1189a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533349, "uuid": "3c2c72ef-91a4-4893-86bc-a2e2431940b4", "value": "T184846D0253E36C21EF2247728E2AC7F47A1EBC619E5B7B6E164DEA3F0D741A1C162705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533349, "uuid": "02890209-8115-4291-8210-ac88ba9b621e", "value": "05d87b5aa905cc75972feaf183240d59", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533349, "uuid": "72acde7d-245f-42a8-bde2-959b5126a276", "value": "3072:aud3ZaBOPct6lyatj3YdgJctuTeCyenSS3aeMBsyMrkx4dr2mJUvinYMa:auMXNdOoufyenSAwBs3e40mJUvU1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679533349, "uuid": "85db750f-d8d0-4f1a-9c38-f5e9d841469a", "value": 372736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679533349, "uuid": "9e0cf49f-cb56-4ee4-8962-4933d0832754", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533349, "uuid": "cc0f9a1d-6032-4593-b481-63a2b61b832f", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b82da82-c985-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679581012, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581012, "uuid": "a33bce76-311a-4adc-a6e0-952c070f4ee8", "comment": "Malware payload (Gozi)", "value": "aecbadb0189a6e799d756061706cc139", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581012, "uuid": "653280c4-e60f-4889-9961-28465ea32d3e", "comment": "Malware payload (Gozi)", "value": "cef4fb0a13cee35450689a669e7dcfc81b6402c527397d77ceed2ce51a89eecb", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581012, "uuid": "d6373c98-9d74-4828-bfe2-27502fa39fba", "comment": "Malware payload (Gozi)", "value": "1403552eb1932426e5e28f8191f3cc310f9c6297", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581012, "uuid": "22235cb0-918d-47bf-afb3-f62567404404", "comment": "Malware payload (Gozi)", "value": "fdfbd66efc948871132a0ba728079d40ac73b15f26c83d0370e5973aeb3ab961a111c2272a8efa0460978c8db90b16a9", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581012, "uuid": "2bc53473-50d3-4e58-87c9-9c32f34ab84c", "value": "T1CE412AAFB057C771EE72901630049C9B85D4A6A0A90F464B5B1348F858F6A858C2A8BE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581012, "uuid": "6e667322-b202-4166-8fcf-e1d11e47c9ff", "value": "48:9Lvl+pQtWBmditTShRs5VGOrN+zTjngAKMO8FooFnJ:/+OgBu0SHmIQ+PjngAQMFJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679581012, "uuid": "0af0bb62-3d6c-49fb-861a-f8e3c773f1d1", "value": 2022, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679581012, "uuid": "21397b6c-faaa-4d8f-9bc1-5ade9e66eb42", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581012, "uuid": "681f9a1b-cc63-4757-914f-268e91189bc3", "value": "Fattura 2203-23_012.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3021b9fa-c98b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679583516, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583516, "uuid": "37466942-0ae3-41c2-a9e5-4b079e550d1f", "comment": "Malware payload (Mirai)", "value": "0732bb1de8cc1ffb14e7319db502d688", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583516, "uuid": "aa002c68-ae8d-4bbe-9f47-351267ff66e9", "comment": "Malware payload (Mirai)", "value": "cf9cfa22538b37c90785bd698c94fb605a78f309cd991d694749a1c2fa65a245", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583516, "uuid": "eca73533-2f16-4596-ac1e-28d6848873ba", "comment": "Malware payload (Mirai)", "value": "5f6cb82630ce0741f9631a6258163ad09baeeaa8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583516, "uuid": "6ac8af33-2e99-4398-988f-a63e906e92da", "comment": "Malware payload (Mirai)", "value": "efe6232fc68c3b88a7eb173a33d8f8add1a8d002a6779f1ed43ac15027e12a56cad352bd9dd89ca32aad3b00b0b3d79d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583516, "uuid": "de9c2986-6381-4047-b0e2-38293cec82c4", "value": "T1EF030751BC829A37C2E1137ABA6E5A8D336163E8C2CF7217DD214B20BAD511F0D23F85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583516, "uuid": "571fdd69-b520-4c6b-8b02-6c9410d52a9d", "value": "768:MglA4CbIsG5f0OhnlUl0O9FRA1wArb9/3W5uv+bhLZAZXoT2A/NbwWe:MyabXG5fDlUlXjwVe4v+cZWqW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583516, "uuid": "dc09ffef-158f-4dd5-8d55-4cba9810bda8", "value": 40744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583516, "uuid": "7bc69a10-e5e6-4dc8-999f-2ed538879e43", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583516, "uuid": "4f98e977-aa93-415b-b01f-69925b8e1d0e", "value": "0732bb1de8cc1ffb14e7319db502d688", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23b43b9f-c949-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679555148, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679555148, "uuid": "d902bb25-b35b-481c-b098-78f174bbef2e", "comment": "Malware payload (Mirai)", "value": "5bf8189564c7a098c22a12ad001ca0e1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679555148, "uuid": "e74d74d1-8531-4c26-bc54-29d46da7d340", "comment": "Malware payload (Mirai)", "value": "d048f678d2012959a3e040bf950889548bbc38d3b96b0a2d0f60930889741471", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679555148, "uuid": "a59c014a-271a-4dda-b4f8-7220525aa29e", "comment": "Malware payload (Mirai)", "value": "f76f7be2afbe61c7c52ceb1314fd372103491e57", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679555148, "uuid": "564efbde-92ea-49ca-8f2c-494c09d343ec", "comment": "Malware payload (Mirai)", "value": "9854a1d41b015fa754a7542a37e596ecf352c3c2627226fb46752c0ab7d5f4220a525393edec2c8887ba7a5c8b31013c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679555148, "uuid": "4a4678cd-02e1-432b-9947-4727e14b4b3d", "value": "T19A82C099D8188B94C5BE23F991067CEF6010BF98579EE701793CE2CD73E229841A4B9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679555148, "uuid": "ed80809e-29c2-4f1e-b366-b13f6f989f40", "value": "384:MqyjNCRuN/XzwJ1F1eTxfBDRyS3H7SbFL4RppUouOCw+PtN7PeQLq5O:eP8J1F1kxfvyoHYL4RppUo4Tb7Go", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679555148, "uuid": "696ebe99-6e3f-457e-8ff7-11d4c9df7e87", "value": 18752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679555148, "uuid": "f6748ae6-d55b-4837-b1e7-077b5027cd21", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679555148, "uuid": "8a19b7d0-2ec9-4a49-9388-40c157765eab", "value": "5bf8189564c7a098c22a12ad001ca0e1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74d69959-c919-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679534668, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534668, "uuid": "ccc12d82-4eaf-4c41-934d-b3f0d119697d", "comment": "Malware payload (Smoke Loader)", "value": "f89a148ff6807589fd9614efa1ffdbe5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534668, "uuid": "087611f7-e42e-4e78-aa31-461b8f9cf7d6", "comment": "Malware payload (Smoke Loader)", "value": "d079e9fcd6bb012db832d5e345a545d2778a01fd48c7171dd7113bdf34d14afe", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534668, "uuid": "0b19709b-388c-492c-b5e9-f63b2b95c9d3", "comment": "Malware payload (Smoke Loader)", "value": "8fa130320fbe773bf1493565d7e1243fdacbdebc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534668, "uuid": "bd34dbea-82db-47de-8b1f-f30e45b9efac", "comment": "Malware payload (Smoke Loader)", "value": "1f71765517b9374de34be12f3d27a15102b63eec3974d1676d4c5de5fe68c3468c41a75f06badf6a3ff1fdcdc28bc606", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534668, "uuid": "ab0ca1f3-37f9-4b2d-adfb-f3b8f0594514", "value": "T1AE745C0253D37C60EE1246328E1EC6F8671EFC609E5B7BAA264DFA7F08B4171D662711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534668, "uuid": "3709360a-d7e7-4f45-b01f-e022de861a61", "value": "314565592a4a5f015f9741680eeed0ec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534668, "uuid": "23549c2c-8f0a-409e-a205-5ba8a4885892", "value": "3072:dvSjln0JsB7j4Y5CNEq/KYEeyblPVcR3RXZXBCgD6bxE6nz/2tTJJ:+775YWNblkRBBCU+n6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679534668, "uuid": "efca476f-1b32-49cd-954d-ef6d30de7938", "value": 367616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679534668, "uuid": "5a726adf-4ce6-485f-aa79-5bbea1c124e3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534668, "uuid": "151510de-0672-4bb7-abfa-9edc763aa667", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ce529bb-c98b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679583510, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583510, "uuid": "5cd46f16-8861-400f-8562-4910acf0ec73", "comment": "Malware payload (Mirai)", "value": "0debfd7c721761b8658bf6ebebcc72c8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583510, "uuid": "8f8ae493-5598-4610-9d95-37c06df8ce42", "comment": "Malware payload (Mirai)", "value": "d105546da3df5ad5c56962e73ff159cbe181a798751e7a492523d29c83c2c5ce", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583510, "uuid": "c2b8b87f-33f1-4e5a-8c95-d719328b57b9", "comment": "Malware payload (Mirai)", "value": "593613e70a11a5685233b1a11ea70a3cefc7e551", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583510, "uuid": "fa997d56-a199-4597-80ef-bf4309018ff7", "comment": "Malware payload (Mirai)", "value": "0c72d5441edfd9313818d0c38c0612e49f157591a41244a001f06cdffebacec4135c21d5361610e5bcc28cc194af81c2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583510, "uuid": "9744cfc2-290b-4d80-a6bd-a0c017b3b77b", "value": "T143633891BC819613C6D1127BFA6E028D3B2613E8E3DF72079E225F2137C696B0D37A55", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583510, "uuid": "cfcf2ccb-ba95-45cc-be86-3ba6bb5e3a0d", "value": "1536:xZ1ltKm9nMtfTa7/KrVJY5szLvkuyCG3wfqvfW0:xZkhDYszLvkyEbfZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583510, "uuid": "121c62fa-b34e-4893-8e30-0cce84299117", "value": 66900, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583510, "uuid": "5fa34d66-8143-42ac-96e1-284e9663da80", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583510, "uuid": "ffb66a51-38b9-480f-a768-86be475d72e4", "value": "0debfd7c721761b8658bf6ebebcc72c8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4f365a0f-c9ba-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679603754, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603754, "uuid": "35b62828-34f4-4113-96a9-b80f347f94de", "comment": "Malware payload (Mirai)", "value": "174476ba66c543e415c59d3bd679b70c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603754, "uuid": "3793245a-87ad-4477-bf73-f906f028b01c", "comment": "Malware payload (Mirai)", "value": "d17aa6c28e54d26815333a9754dbf283f33b6df2e7e59edb0beb657f01e557a0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603754, "uuid": "8d8394bd-25f0-4c4d-a0de-62e8b505b165", "comment": "Malware payload (Mirai)", "value": "539941064655b12e87dfe9d7bd31b5638fc46258", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603754, "uuid": "cded85c8-7d55-42b5-b072-dcfe696c98e0", "comment": "Malware payload (Mirai)", "value": "e094bd33f3952f631888d3b739fbeaa16a80c22c007a06e0450204334cccd972064b8df1d2f5b0f35ac24e8745501b37", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603754, "uuid": "6009147f-276f-48f5-9506-847b0c36e7cb", "value": "T18AB2D0CC61943084CA8D7C7C1B8C4A664F6CA1D0BAEDDB16E354CD9873BEA8B345D079", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603754, "uuid": "048deb8e-c9d7-4779-93fc-0352c8f6dd7a", "value": "768:obrQlS07dEv0UXqUhvQE+CXQKMQKCXBpZ1ZqSWvs:4QlS07FUXqIYSXQKqulq0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679603754, "uuid": "ac57ee56-f5fe-41bc-acbe-64f8342eec2d", "value": 24912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679603754, "uuid": "ad30d0a0-b2d7-4f35-8bc6-430f471bb12d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603754, "uuid": "7fa6240a-dae8-403d-9a97-9ccde4d87bff", "value": "174476ba66c543e415c59d3bd679b70c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b1132dbf-c973-11ed-88f6-42010a9c006e", "comment": "Malware payload (Phonk)", "timestamp": 1679573424, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573424, "uuid": "7db92cfd-e103-483a-94f6-6e217225504e", "comment": "Malware payload (Phonk)", "value": "9b6d2b6437185e31baba1e96b3b04f6b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573424, "uuid": "2773f2c2-6220-4f7a-b668-4ab777f6bc8e", "comment": "Malware payload (Phonk)", "value": "d28e6e9ec6eaf6113e21054187ab8590cf632de9ef90ef59443a181747f5784b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573424, "uuid": "459b178e-9d8b-4b70-80d8-bf9ce0686ae1", "comment": "Malware payload (Phonk)", "value": "20801a96049ac2e70437fc5122ec74e957c9de89", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679573424, "uuid": "84fff0ea-d6bd-406f-ba28-109ce54be9fa", "comment": "Malware payload (Phonk)", "value": "3a1e5937a61ab6e42d53546b524c81a42f8228964db09a1438148591e53bb89d052367898b1f99fa6b9940a601f49a6b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679573424, "uuid": "ed644b8d-f423-4f32-bc3c-eb824d73fe16", "value": "T1B6153D593A0749B2FD4E01FCC3213E4B5F70DC5AAB3492E63961D4C9AA4E543AC9DC8B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679573424, "uuid": "d8f3925e-04b1-4c19-b039-89e083c757e9", "value": "12288:Fz3OGOHSf8BShAx0Hwb6teeEU47ePuURfh4y:8y60HaL7ePtf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679573424, "uuid": "8a7ac8a1-f075-4e35-a4f1-66bcdb4d4068", "value": 882176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679573424, "uuid": "4e4df632-d9de-4f63-b9cd-751bf82822d4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679573424, "uuid": "2ff55036-1a69-45d3-a47d-7a778f54b76c", "value": "D28E6E9EC6EAF6113E21054187AB8590CF632DE9EF90E.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "463ec5cf-c998-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679589136, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589136, "uuid": "a18aabfb-c8a1-43c1-9efa-7eafd8fcab66", "comment": "Malware payload (Formbook)", "value": "b9e1bfbf09491bfb164214ce2618acb7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589136, "uuid": "b3dc15c4-f90b-4ed1-86b8-dcea0c7fffab", "comment": "Malware payload (Formbook)", "value": "d341b6fe8642df50756dfc1fd18bf37e605718a7b6c2944d117b3a8bf13b4650", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589136, "uuid": "1e906fa3-55dd-48f1-a422-8de57d9b7336", "comment": "Malware payload (Formbook)", "value": "2cc767b4e9ba2214a0a1211045c1841595080ba4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589136, "uuid": "34d1e2be-348d-4e11-8d9e-d95a3aaad161", "comment": "Malware payload (Formbook)", "value": "3ca220af8c0cb34848e0fc730e9ff7d33fc528a6999ecfdc913f459881a89559f4092937ebb7ae7aa5fd326ca69116ca", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589136, "uuid": "a1d71626-0957-411f-bcdd-4c2abea3e150", "value": "T1B6742306BF20F41FC9A326724A7913630A70A412197CD72F5B849BDD7D7B252AE0E793", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589136, "uuid": "051c32cb-e7d8-4adc-9155-1d1ee64c9cdd", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589136, "uuid": "6e4bbc0c-cc44-49f8-b05a-6e3fe320abf0", "value": "6144:/Ya69VrczRI4gnuqFhFHNwNfbsOvFgyJTfVnBbBcIH4e+Ms:/YHVrcDiLvwlsaFg6aIH45", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679589136, "uuid": "6d678180-b9cd-4ece-a7ad-339059b3b718", "value": 361917, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679589136, "uuid": "55aa0850-78dd-4f42-975b-ad1d87bbe5c0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589136, "uuid": "cbfed7fb-3f44-4572-bf59-beda20c82586", "value": "b9e1bfbf09491bfb164214ce2618acb7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35c3bd29-c9ba-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679603712, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603712, "uuid": "b1a6983e-1f49-4d88-b2a5-0025993151c6", "comment": "Malware payload", "value": "0b4a6253a702aed822f2b56c900327f4", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603712, "uuid": "0a577e0a-0b85-4fce-bec9-0f276d5e4528", "comment": "Malware payload", "value": "d393111cbbbe9eb7f001e8e0799d602bd3039ac200e833869e5768f83d30280a", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603712, "uuid": "1eec3cc4-6921-4c82-b2d4-1c049f5710ed", "comment": "Malware payload", "value": "81eb1ba8f9a13538f59c2670b6a6e72eabc3ca7d", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603712, "uuid": "c25ff7e4-ab4d-467d-98ae-3d9f6f03736f", "comment": "Malware payload", "value": "193f1286eb15822bda77ce8e559abd6019a15b3f97c0a7d8bb707ef21071a949e34d07d92e9fc3222edf0c0d594095c5", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603712, "uuid": "44de1604-5398-46e6-b1e7-4393299a37fa", "value": "T10901DE8F2319915D884E8D44B46B47946B6A8FC072780F59EB8848735CDDE007469F4F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603712, "uuid": "196b9cbf-231c-43e2-b678-bd6f6e36bf31", "value": "24:VS5kaANI7wAK53x+z0CmVT9GtBM68Lqxv:VS5kalwAq3x+z1mVBAM6Qqp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679603712, "uuid": "e422508b-9341-4be5-a674-d4b2bb46d041", "value": 778, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679603712, "uuid": "2c04b75c-4a35-4408-ad4b-3156732ef228", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603712, "uuid": "51abb080-4123-4257-9a87-9df7748df248", "value": "d393111cbbbe9eb7f001e8e0799d602bd3039ac200e833869e5768f83d30280a.raw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8cd9f30d-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload (AsyncRAT)", "timestamp": 1679564344, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564344, "uuid": "7972df63-c7ed-4e3c-9ac7-b3b816ee01f9", "comment": "Malware payload (AsyncRAT)", "value": "d5e9854750735f368a80beb0b6dd97c4", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564344, "uuid": "e1cf5937-75c9-4e13-8ef4-1e00dfc520b9", "comment": "Malware payload (AsyncRAT)", "value": "d4d4f37aa785f75cb096d0a6b275b0c9f8744e7cd0ea8c84f639c89258f4d992", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564344, "uuid": "540886f9-58a9-4158-b8ae-28825b25fdee", "comment": "Malware payload (AsyncRAT)", "value": "d53b59f041d432a251053eff27055c9eee91bbe2", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564344, "uuid": "6b43dfec-8fc2-46e8-b320-f99a3d62f9fb", "comment": "Malware payload (AsyncRAT)", "value": "ba4d5101631db88f34bf1398dd05a03bff898ec794702dfd09bfcf03ab271a67b3332ce849b710ce3eb56dbb7a1ffe2c", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564344, "uuid": "6e545229-ecaf-42a9-8281-7669800db04c", "value": "T16DB4232ACA671457E056DDCBEA8C9328365900E8C194E30AFCD540FE29BD4A857FDBB4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564344, "uuid": "ed2edfab-1a8c-4b5b-80f7-aab304dc1db6", "value": "12288:TxR4g66m9h3lMb67WDfJbLEBJmD7wgdeh/RwJ6DM:cgf4MbYEfJbeYD7vqRJDM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564344, "uuid": "71ef29cf-837c-4237-beb3-88141459d4f5", "value": 526176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564344, "uuid": "040545b6-7dd5-4c33-a71f-66202e43bb37", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564344, "uuid": "92bf4ce0-269c-488c-8a41-a6a511176cb1", "value": "Odeme3222023.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5e9bfef-c91b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679535717, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535717, "uuid": "654b358a-9e5e-41b1-ad90-5f05d24efd73", "comment": "Malware payload (Stop)", "value": "095047dfc19e7420c48dedcdef234ae6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535717, "uuid": "3eb1c967-fb79-4ad0-9e99-e9df181a23a2", "comment": "Malware payload (Stop)", "value": "d6fa27ddc043e34425a257f7e5a4af46e12209b838e6ba0587800fbaa58bd303", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535717, "uuid": "84702cc9-dd5d-49a0-a195-865f50a1c171", "comment": "Malware payload (Stop)", "value": "39a7977331083393844fce96e5750ce6ad240698", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535717, "uuid": "96be5071-f734-488b-a3e5-84f39a3964e8", "comment": "Malware payload (Stop)", "value": "e3cdb83dc09a2ae4c6db3faa9ecab12d1219caeac1d9d49599e16e2c363d8c1e59c37fb896d77d47e847d6722fb71448", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535717, "uuid": "4d6c0dec-dc1f-4b2c-b8f9-84b40221b34f", "value": "T15BF4011252D37860EF2747329E1EC7F42B2EB9608E177E6E224DEA3F0CB11A1D562715", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535717, "uuid": "ff368025-7988-46e2-af86-c5d8c605ed92", "value": "0c7d5e3cc418522bc761bfea9cf074f4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535717, "uuid": "ee9e1a8d-ab0f-4f65-b7d7-2b3d3c2015a4", "value": "12288:GzuyNAtFsbhYnaR9WEb34ixSyasJv7U8QDW4N0EYKTwZM+lBvWRFq:GKtFCa2fJa+zci4ylK87/vWR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679535717, "uuid": "78afc0ef-9371-4f86-a4f4-0b088d71cb58", "value": 775168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679535717, "uuid": "59fe989f-219e-489a-a569-c565bf3986e8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535717, "uuid": "7c5488b7-365d-4656-abe3-ec3ab4447dd9", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a5b3b7d-c979-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679575883, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575883, "uuid": "003f8a02-d632-41b6-8339-f2e3388f222a", "comment": "Malware payload (AgentTesla)", "value": "23c2675b4931301f0e5894230f9252df", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575883, "uuid": "bf776a7d-1114-41ac-8a90-7533b44fe6f5", "comment": "Malware payload (AgentTesla)", "value": "d806cfc69b09b789a24288486f894e7d4e24e06d731f143f5033f67d0cb9cc9a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575883, "uuid": "ff8ee9c0-7fa5-4479-9d60-62e3d65e9b53", "comment": "Malware payload (AgentTesla)", "value": "85c68b857bfae67a792093bac78e1c2069e1af8d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575883, "uuid": "53291633-d830-4894-96b3-21bbc6dcdb5e", "comment": "Malware payload (AgentTesla)", "value": "b409becf4f18b747cc08f143cc1fe7388b140202a99e5a5e1e3696f458952be6c5760cc369e7c37ca21915a460d6b599", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575883, "uuid": "53098884-4751-407b-b183-8d4f41d3916c", "value": "T1D6E2EA16E79E03B48B910173671E07C99BBDA23E3351916278AC9274339DC6E43766FC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575883, "uuid": "7e981685-926f-4dcb-89d5-07833b1d7687", "value": "768:/Fx0XaIsnPRIa4fwJM/RCeZpF+nPdkgPO9fU3hW:/f0Xvx3EM/RCeZpF+CNChW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679575883, "uuid": "3316fadd-8af5-4063-aed7-204128c9ffd1", "value": 32120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679575883, "uuid": "24338108-3584-44c3-9438-713f1a56cfa7", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575883, "uuid": "20584b62-c278-472b-bf0e-f0a4c2de0156", "value": "PARCEL COMPENSATION.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25a45e55-c929-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679541408, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679541408, "uuid": "f3274423-85f9-424e-b58a-540582662f81", "comment": "Malware payload (RedLineStealer)", "value": "43a38c60a8fcc5f77d2b2bd052278635", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679541408, "uuid": "fcb5f6b1-87c0-467c-acf5-3854b66e8a06", "comment": "Malware payload (RedLineStealer)", "value": "d8dc87b7618fa6a718bb5e22aaa79d7874d4b931400d75a5ce889d07490437ce", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679541408, "uuid": "b472238e-ca44-491f-b431-05134a717d7f", "comment": "Malware payload (RedLineStealer)", "value": "2a4ca9653b3246e7df6d5023719ad2c8b2e77223", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679541408, "uuid": "1c48b9d2-aa5b-485d-8b23-5ef24b5be1e2", "comment": "Malware payload (RedLineStealer)", "value": "4535562b5f31b6764dc9d103b9c9d0949591cfda6212044529450e6abc0838ca606c985d598fed3a8a1d991a4485f4ca", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679541408, "uuid": "a1e4afc1-31c2-48ce-bd5f-1a0c6597212b", "value": "T1D074AE0292E36821EF224772CE1AC7F8266FBC609E6B7B5E170DEA3F0D701A1D552711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679541408, "uuid": "543e6114-8577-4dd9-95d1-fd355cbb25fc", "value": "0c7d5e3cc418522bc761bfea9cf074f4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679541408, "uuid": "da885f29-7aaf-46e8-969d-7f5b3c1010fe", "value": "6144:lSP3sNB5aun56zpMCpQ6mJu2N+K9yU8RuRpb1m:gP3sNB5as6zpMagJ7/OuRx1m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679541408, "uuid": "913fd15a-2697-4d5b-9d20-d8d6bac5cc70", "value": 362496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679541408, "uuid": "0b7c81e0-2ee6-4010-8b1d-32959abcfe6a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679541408, "uuid": "f4dd7956-7853-481b-8d52-6acf129ede30", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cff84beb-c917-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679533962, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533962, "uuid": "ccd34d4c-9c3a-4a7c-bd89-588a700297d0", "comment": "Malware payload (Smoke Loader)", "value": "9c62b956c9e6535119755366ac0659cf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533962, "uuid": "c56d2e9b-1dd2-4789-82a7-f71f88308558", "comment": "Malware payload (Smoke Loader)", "value": "d9059206bdda39b373429c83f3821d89840661ddeddec525fa0f67e8800b9232", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533962, "uuid": "580e578e-44d8-45c7-bdb7-7adee49ef5b3", "comment": "Malware payload (Smoke Loader)", "value": "982e7641f30262cbd362700c810b24cedd456f67", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679533962, "uuid": "b4b341f1-d071-46de-8f25-0cbf8e4a94d3", "comment": "Malware payload (Smoke Loader)", "value": "639675e9372936e508d90f581a4e2082b3fc737af4dfb2dd2039f022dd4249ca34e563e46f252b7b82cbba63f710939a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533962, "uuid": "f378dbbf-1c7d-4191-b219-ad613d39a4a7", "value": "T17C847D0243E37D20EF2246728E2EC7F86A6FBC619D5BBB5E124DEA2F0D741A1D552311", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533962, "uuid": "31986372-df31-41b5-90f4-2041b21706ca", "value": "05d87b5aa905cc75972feaf183240d59", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533962, "uuid": "a07f29a8-ede0-494d-95c3-8fc02a993a6e", "value": "3072:vud/X2AwP7x+LLqrj3YGmovkuTeUIrHsmvOwAr2R7QU9RlWYMa:vugIzGR8ufWHGtrgQUjY1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679533962, "uuid": "a11bb406-0e28-42ab-af55-4383b514431d", "value": 373248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679533962, "uuid": "6dbf1078-4b73-4bb0-ace5-290e973e03fb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679533962, "uuid": "8e6d740f-f991-4852-bcfb-7e17bf771fe6", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b9c9bf8-c98b-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679583535, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583535, "uuid": "435bf159-0a9c-4c60-92c4-cd3f318545ca", "comment": "Malware payload (AgentTesla)", "value": "7ff571e8d43bdefd4fb9ca3177dfbc7e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583535, "uuid": "6b1b7923-8763-4654-8bdb-480fe469dc94", "comment": "Malware payload (AgentTesla)", "value": "d9136458c333f03b11beaaec3388aa1bd3afad5b5f6920fa992b8e5c05b8c62b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583535, "uuid": "5abbc648-fed2-46dc-8860-f71095db90cc", "comment": "Malware payload (AgentTesla)", "value": "1cee0c951d9b2841bf6ab2b86abd3cd6d1a4210f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583535, "uuid": "ae765b7d-0c2a-45cf-b977-b33b496d93d8", "comment": "Malware payload (AgentTesla)", "value": "61ddd05cd0b4eea68d42eef05dcef75e3a768e85021a84391c51581313f12f05ab3f4e66282616d621896edc703d87f7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583535, "uuid": "1e13ac9b-317e-4c6f-9d0d-27b603486d82", "value": "T1AA05E014ED260C73F8D5D6B91484233A07A9BBA550A2E599CEF968D93ECFBB305D004F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583535, "uuid": "d081b88d-79bb-4cb7-b88a-0faa3adbdd17", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583535, "uuid": "31912581-186d-42e8-9293-80268a9727d5", "value": "12288:CZUpZwdqiKnLWeFXwg71cAwV6rmo6f4oKcBsInfwDUXgZtEjHD/d92JTDAd:hpZG4XX33mo6fZKcBdNimnd92JTE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583535, "uuid": "d7a03823-e9a8-439c-9dfa-e718a874cb5d", "value": 871424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583535, "uuid": "eb80283f-5a10-457f-a4d6-e2199365c9b3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583535, "uuid": "3e4bb419-dcd6-428b-aa9e-abdc7418ff86", "value": "7ff571e8d43bdefd4fb9ca3177dfbc7e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35a89974-c94c-11ed-88f6-42010a9c006e", "comment": "Malware payload (AsyncRAT)", "timestamp": 1679556467, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556467, "uuid": "3736fcdb-fa97-4111-8552-cfcfdddefe24", "comment": "Malware payload (AsyncRAT)", "value": "4d9ca283e6080bc1bb3e6817e8b27cda", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556467, "uuid": "951952f8-6f4c-475c-80d1-7184790cae61", "comment": "Malware payload (AsyncRAT)", "value": "d961c18d8817ad3cc2c414d3683eb9ba1dd1b0dd3d1578ca1eec353ad904a3f1", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556467, "uuid": "c04eee89-3d10-44da-a6c2-386998f5e508", "comment": "Malware payload (AsyncRAT)", "value": "1b79943f6755b21255c214915676eacc7f645ddb", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556467, "uuid": "8b397d86-a25a-40bf-9d49-5cfa6093d42a", "comment": "Malware payload (AsyncRAT)", "value": "2c918062f5dc41dba78ef23eb0a3a51bccc9bdf237c09c9ecee24520481b17d1da5edea3f78adf5e5ee6ec3e33eaa4eb", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556467, "uuid": "416f4915-7918-4cb1-9ac4-60f1a03d7522", "value": "T19483051FAE63AE92DC1808122E63083DDE74296F5DF058BE9D9693D17CEA04E5DD1CB0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556467, "uuid": "b97ef283-44b6-4c8c-8c4c-1c7c013f9425", "value": "1536:ojjjjjjjjjjjdjjjjjjjjjjjVjjjjjjjjjjjNJjjjjjjjjjjj6jjjjjjjjjjjb+8:l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679556467, "uuid": "772b32c1-77c7-4294-9809-c00308de9211", "value": 85473, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679556467, "uuid": "c676036b-f2a9-419b-b63e-df998b1a6335", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556467, "uuid": "24eb1fc7-2c54-492c-aa55-b9a1fbefd5e0", "value": "mWaWCBfTJo.JS", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57b06cdc-c95f-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679564684, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564684, "uuid": "1e91d076-2947-4aa7-ae08-9df594d38a9e", "comment": "Malware payload", "value": "a7d44a32fcf911de0dae1b535ca3fa1a", "object_relation": "md5", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564684, "uuid": "ef842d4f-b952-400f-b527-2176ce76edd0", "comment": "Malware payload", "value": "dac71c21f264036c2c0288340ad6889002a4ed8f4dee74da35b15f7a8a26b473", "object_relation": "sha256", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564684, "uuid": "594986d5-7e1c-4219-a477-4a8c14a27f1f", "comment": "Malware payload", "value": "857ac7db37e6d387f9f1f60a2541567684ce5489", "object_relation": "sha1", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564684, "uuid": "1c4b1d78-95e7-4f82-915d-29aa00c5b5b9", "comment": "Malware payload", "value": "1ea5a6cd502c630f0854298b76e738f59bfb069501c0fbf35d972f186269a294fd4d1ebf903991b00dabeefd1737240f", "object_relation": "sha3-384", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564684, "uuid": "213483d3-d1d4-421a-b67f-2b64ab560761", "value": "T144B19B3C0B734D6750E3643DE8A82285DFC67C5BFD567B20CA0AA9817562F273A4743A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564684, "uuid": "0bc6b982-14d2-439c-abf8-7e1e55f17d20", "value": "96:EazNSQrH2wsAFBYpy40RXK7iVOEoIhsH3ZWN95+FpAbNtWWOP3hImk9pFxgxsxaS:EazNSQrH2wsiBYpy40RXK7iVOEoIaHJg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564684, "uuid": "b036d872-d48e-46aa-9a34-8c74a9f05aa1", "value": 5350, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564684, "uuid": "9ad867a7-e544-4c5d-838d-2b76aa593038", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564684, "uuid": "15e06238-d590-4251-ad32-5c15daffddb7", "value": "a7d44a32fcf911de0dae1b535ca3fa1a.hta", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65f43da1-c985-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679581029, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581029, "uuid": "a620e6b4-a62d-4438-91e3-8f0bab3a2bd6", "comment": "Malware payload (Gozi)", "value": "49b387fafdc3645ac4d02e1452b2cd3e", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581029, "uuid": "89622803-45b6-4a53-bed5-ac31a7d52bdd", "comment": "Malware payload (Gozi)", "value": "db49953cc2ba54a1ee63afdf474cbf5f07c0b91aecb0560243dfacd37b74ea0e", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581029, "uuid": "048fa435-2bdf-4fb5-8b30-c2299e0ab16c", "comment": "Malware payload (Gozi)", "value": "e37f043e40af84268a9fc45823a8a23b4b6cb2b0", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581029, "uuid": "20475419-ab1a-458e-9436-5226708a544c", "comment": "Malware payload (Gozi)", "value": "ecbfcc181d7e96084803e78002d37257e342c5e94cc53801849fff9651964e81f301129fbc84cff98433f2d1499b0d7d", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581029, "uuid": "4889a5d5-1333-4afa-a29d-9b29aaedb93c", "value": "T1ACD1587682581FFF383631AD181886B225B3957B7B7F1DE7B47004A9250CB2081B6EDB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581029, "uuid": "919ec3d6-f9f4-457b-a0c1-d6cec33e36e3", "value": "192:M/fnUwLR8EzDM9a9gJ3txMSaXaaWfPLrFaLc:dY4VwWn/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679581029, "uuid": "34ad9125-7eeb-49b8-8d6c-4fc364fe19ea", "value": 6548, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679581029, "uuid": "848be76c-865f-4056-aa3d-661fdabbc287", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581029, "uuid": "28f83bcc-7145-4cce-ac97-5ac65e01d8e8", "value": "Fattura 3565 2023-300932.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c95d5c3-c97d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577551, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577551, "uuid": "2dd99fb8-65c2-4914-9291-abdf9e14b869", "comment": "Malware payload (Gozi)", "value": "615c52f3c93356596b782238bf59b42b", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577551, "uuid": "685cb4e2-eaac-46e3-88cd-e06c32d468cb", "comment": "Malware payload (Gozi)", "value": "db5d311db1c28bfd7ec45fc9d4bb86950a8741af1304a5fdfbe59a90e06e533c", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577551, "uuid": "b4f15f98-aa12-42e5-811d-71bc628fad7d", "comment": "Malware payload (Gozi)", "value": "6de95bcb78c61fccfae5830f51a04e141eb108fa", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577551, "uuid": "f4d5c9fa-6a36-48f0-a094-08e07c774b98", "comment": "Malware payload (Gozi)", "value": "7a41f77f5a6896a680004341c2bcddc2c37139c8c161ec835a7010c83ead50bf791db743f7922ea73c8ca44cb86f513d", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577551, "uuid": "745e6dde-5d91-451e-83ea-6ed7506e489f", "value": "T1F3412809A0C026C4FBAE83368AB0061F2CAAA5928C830DEE701CD10A406779A43667F9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577551, "uuid": "fe1b7e0b-3f05-4ae7-a8d4-9b6e70b14f21", "value": "48:9NpTBwmI8HupFFkXWkuwsqIPy9/Ln95la25xvU1Q1dvsvoOx3+J/fAYnK:bBB88OpFHfD2z9Px81Q1dEvoOx3O/YYK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577551, "uuid": "6b36f79b-7591-41dd-9544-19a3cf49be9a", "value": 1972, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577551, "uuid": "c8546a41-1985-464e-9846-ba6fb1dce990", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577551, "uuid": "b01dd843-8e2a-495e-a17a-e87e0b333551", "value": "Fattura 2203-23_012(1).zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f7aa5b3-c91b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679535492, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535492, "uuid": "b54feb69-2f7b-4672-948a-95fcf5a5daf3", "comment": "Malware payload (Smoke Loader)", "value": "722624ad4815eae7bbed77beb7fe22b4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535492, "uuid": "76e9bc5c-9f05-4d03-940e-a3869408b25d", "comment": "Malware payload (Smoke Loader)", "value": "db6f339f907ecd37dbe67c459ed9351a50aa513476e4e59f1850bc810c972f5a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535492, "uuid": "cd098969-b36a-49ee-96b9-9993aa3305b7", "comment": "Malware payload (Smoke Loader)", "value": "39b0544b97e6628d8c50438c2b9b0010d7b19f71", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535492, "uuid": "628ba861-e19b-4f7f-84ad-23aa62c5c016", "comment": "Malware payload (Smoke Loader)", "value": "61ff66e0f5ade1d5d8003c22b8091f44d1578afa9798feb988a34010b656d3b5bb09a9c14447a0ab7d006f911c00d5ae", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535492, "uuid": "9dd0b531-7149-4bb1-8dd3-45004d73a8ca", "value": "T1CD44CE227292C07EE95701754C61FBB46A3BBC704B258AD72788677D5E303E1DB3A386", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535492, "uuid": "9faa83ba-7150-42db-a5a1-d513e3cea743", "value": "a4559d1602669b68de352c9c26c5d967", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535492, "uuid": "007e0474-578d-41ff-8c9f-d44a559147ed", "value": "3072:Cyxcs+KmVGa8cYoLH7804WNneJ9AMWtZnXtE0Z4eYLaX5hkd2m9:1KF1YoLHI0feTe+q4Kw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679535492, "uuid": "09a233e0-43e0-4426-b056-0cf64893d26a", "value": 257024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679535492, "uuid": "fe09c718-d168-428b-87e5-760d22be72e7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535492, "uuid": "b71c4533-910c-4e65-b009-b9cff7382ffa", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6206b826-c9ba-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679603786, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603786, "uuid": "a9a080e2-ff0d-4e81-94de-0d5219330ade", "comment": "Malware payload", "value": "f93cf0382ef230ef271b20b9fcc56d72", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603786, "uuid": "ec288fe2-e488-4bd6-b5c5-66ada4783686", "comment": "Malware payload", "value": "dc622bbb9d72e4aa89f84e51c10aa088a89ac8250e9b26a506ddd43452d07a57", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603786, "uuid": "08b59d4b-2da8-484c-b6d5-ebb8c0d680a8", "comment": "Malware payload", "value": "8ad5170e40b713e6012534ead41710ed40101cda", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603786, "uuid": "060aea02-d60c-428b-a4ec-1b4f8590c577", "comment": "Malware payload", "value": "d02d0bc94a41a775e378b6e1e6ea924dd7c642728a4553fb3a3f4a19a3ae531f0a11fbac205cb404bfdde311a9bb6fb3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603786, "uuid": "8b04ab46-da28-4804-86cd-2edc7223419c", "value": "T169721982EEC2EE79F86913BAA53B17329B7BE12E241DDE02DB7454B1AE01100D71734C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603786, "uuid": "4656018c-1b39-4e58-99a1-1e91b49667d3", "value": "384:fysmR/UTSfI0+khD1Js9Un3j9OG3nnwfh:to/US+UDvr3BOG3wfh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679603786, "uuid": "06ef337e-e9be-4940-95b9-ae655f29d9d8", "value": 17484, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679603786, "uuid": "e4adccd5-f89d-4bcf-8082-e2b23af0365b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603786, "uuid": "764097bb-b2a0-41fd-97a8-29bbc62a9596", "value": "f93cf0382ef230ef271b20b9fcc56d72", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7b81c29-c990-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679585918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585918, "uuid": "edeb45a3-23ea-40ab-9688-8797c1419997", "comment": "Malware payload (SnakeKeylogger)", "value": "9575620fe1758d6c5686dfec839e639c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585918, "uuid": "c4a2f8b3-ac62-4406-9149-0fb35de1f42d", "comment": "Malware payload (SnakeKeylogger)", "value": "dc89fb6fea674bafdb5f7945ece7ba57090647996caee4fd06e7f2a4c20fe4ea", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585918, "uuid": "c6c970bd-2807-4ec1-abac-2a89b4537b22", "comment": "Malware payload (SnakeKeylogger)", "value": "869d58bda7f29739742cf8820307529ea27f04d2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585918, "uuid": "60d2f6b1-8b62-428e-9a0c-c7e039b11aa2", "comment": "Malware payload (SnakeKeylogger)", "value": "924ce8dc2782cf34a9b3d1cc643ffc84a4d862dbe44c97d159e8e4d12a358b1098389ccdafc2b224612abdec6b29cc13", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585918, "uuid": "bfa8aeff-c71e-45a5-821d-de636336c87f", "value": "T16175E022B2D18437D1721A3D9C6BA3A5582ABE512E38794F7BF41E4C5F3E6813C252D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585918, "uuid": "f89c3850-894e-4de7-9f82-bf41081e4dc4", "value": "332f7ce65ead0adfb3d35147033aabe9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585918, "uuid": "a6867ae2-64c0-41ef-b862-a3c0f7fe2524", "value": "49152:hnsHyjtk2MYC5GDeH7pC6S9JULdGJWXMvzRcYR:hnsmtk2aNH7Y6SMLdGJKGRcY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679585918, "uuid": "5e0e88a1-7d44-4033-a3c8-743d26b2853b", "value": 1672192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679585918, "uuid": "e1714961-f594-4fc0-957a-89cbbfb5a616", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585918, "uuid": "1e18456b-7f0b-4424-a121-6fc3d9d921bf", "value": "E-Ar\u015fiv Fatura 800-388-000-279990-80555-8888.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41b7ee34-c998-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679589129, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589129, "uuid": "67bbe047-f9fa-4579-bde1-b2cb788453be", "comment": "Malware payload (Mirai)", "value": "8dc05e0da85052bff8337ad6ace7d4f3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589129, "uuid": "de3bc123-6244-4676-b870-c1718d817437", "comment": "Malware payload (Mirai)", "value": "dc8d128a7875a52c337b6b346ec63d86eeff662b95d9cee107ceae2297f6294c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589129, "uuid": "94a22056-3c05-4c94-9099-87ac72328a44", "comment": "Malware payload (Mirai)", "value": "ff52460d8522775451b5a3b5ccd20079b43b1280", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589129, "uuid": "c5c5d873-4518-441a-848d-7ae8fce941ac", "comment": "Malware payload (Mirai)", "value": "d4016c644797aeebe7cc1f28fb7759e0955aa49277245d3c83147dbfe38f50a32fefac99fdf5f908e5e507625ae12225", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589129, "uuid": "9e8daebc-1de5-4498-ac71-9e6f6e3c9f98", "value": "T1C243B7C0ED933DF5D2C6EBB4E9DAF27928E7840197664756E4CD8D61C46FA88200E39C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589129, "uuid": "669a927e-af67-4b66-b8f8-937c87c2d4d9", "value": "768:Z+41rWH6hbDa5ML4xP+36zr8zkOa3OYyHc+n31Ouk:tBWahb+G4ZRnskOeOYE11W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679589129, "uuid": "011fd4b0-11d6-401e-aedb-6fd0bd80d755", "value": 55714, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679589129, "uuid": "18a313e2-2dc7-4701-b2c1-bcb5eee06f27", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589129, "uuid": "054326c0-1fa1-4692-83e0-3b7357477633", "value": "8dc05e0da85052bff8337ad6ace7d4f3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1853ee10-c97e-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679577892, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577892, "uuid": "86f4739f-60f4-4568-8c7f-29efca51171c", "comment": "Malware payload (AgentTesla)", "value": "6aa8165d84e10eca4efeae8cf6b2bb7e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577892, "uuid": "97e9f868-55c7-464f-9fb8-dec13a32a080", "comment": "Malware payload (AgentTesla)", "value": "dc9fe72e588b9814beb814a7864c534cda5dffa477ea3cae21240a02845eafad", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577892, "uuid": "217994cc-f579-43f8-b09a-0d5c8521e1f4", "comment": "Malware payload (AgentTesla)", "value": "2348660a3e668236c1eb7ee8ee70c5152fd59364", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577892, "uuid": "d0a706f4-1761-4e46-a5e4-c0cd93378d08", "comment": "Malware payload (AgentTesla)", "value": "da6d3d4821694b7b7d8bf491f8c7fbd381b0338bb8a3be1770a4cdb3f872f3096cea6956e9113912ab0a97e44994f714", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577892, "uuid": "9bdf065b-30a6-4baf-9c95-97fae37dc2bf", "value": "T1BC455B441385AA96D2EEDA73E8E1674A8B70FC20D77EE38F168435AA4C32F527D01717", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577892, "uuid": "80ac7dad-6c70-411d-a885-8384707efca2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577892, "uuid": "49562a96-15db-45c5-a97e-2652d8c65e62", "value": "12288:nqHGo5H1P3sRg+K8VGwD2QHxgB+z/dIgVEM6iM83HJf1z1myAywPccF/l2P6NsMJ:nqHR+KTwDnHI2OTPoHJfB1/q2yNsM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577892, "uuid": "1163369b-627a-4812-8e8a-4fb8ef1fee2d", "value": 1254912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577892, "uuid": "f95aa752-838f-4648-ae66-3da59525f860", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577892, "uuid": "23f465fa-f672-4165-b84f-1f1af638284d", "value": "19-0415 MSC Open Tariff for ALL TradeMSC.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84aedfab-c91d-11ed-88f6-42010a9c006e", "comment": "Malware payload (LaplasClipper)", "timestamp": 1679536413, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536413, "uuid": "7d28c970-f87c-43cf-b2d3-fea8afa57c96", "comment": "Malware payload (LaplasClipper)", "value": "c744e2d74b828c767877c52e125087af", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536413, "uuid": "7b89786a-84e7-4e04-840e-4bbfe683a30b", "comment": "Malware payload (LaplasClipper)", "value": "dccb7a134aae7970fc13ab3db3737b62b733ba33627945a1d5cdf61870ff4842", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536413, "uuid": "ce18915b-cf26-47af-a78b-ff440c2c7e3d", "comment": "Malware payload (LaplasClipper)", "value": "444809a0b355b365fadc03e50ac577b1b1fa50eb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536413, "uuid": "9199d958-1be2-4521-8c62-4652c5f19751", "comment": "Malware payload (LaplasClipper)", "value": "c6c868426c0af9e597c9d2968bc73d8637df61403c68bd23fceec01b3ad0e5239627ac6812004cc83a8f6882a0b18767", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536413, "uuid": "6a207a03-155b-44b8-9d8a-65998e72bbd4", "value": "T17895238187E17C20F2175B32BE1FCBF87A6DB425DD1A7B6A1254AA7F04780E3D166708", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536413, "uuid": "a75e0f15-35ee-48aa-917e-4779c86bc189", "value": "cc53b13062b266a67f6f160bc15b424d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536413, "uuid": "67cf7b2f-31fb-417a-8b2d-d16522e7c7ea", "value": "49152:xKcn0Cjj3zONh6qrCf2TXEUPsNq3WVAThDWZaXQZh8:ocdDZqCIbPzWVyhDWZaXQZh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679536413, "uuid": "bd0e3064-875b-4ca9-9dcb-34d1aacdabd2", "value": 2036736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679536413, "uuid": "cdeb3d0c-5d73-4500-b571-c4de98aea79f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536413, "uuid": "ad9e6a2d-29cf-4412-b519-0ffa72c5e995", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6189c819-c9ba-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679603785, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603785, "uuid": "9bebea61-62ff-46bf-89f5-927f00400bfa", "comment": "Malware payload (Mirai)", "value": "bcb350832433e04723786c4761010eda", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603785, "uuid": "25819f5e-979e-4063-878d-c9312c009d09", "comment": "Malware payload (Mirai)", "value": "dce52c87c534d90020dac0ef1d7800bd4c23586a6e2c3bfe3728bae19dc59893", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603785, "uuid": "bd9a18e2-6412-41cf-8038-211332067489", "comment": "Malware payload (Mirai)", "value": "778f23b9dcfdacf7881fdd9259ac6e8bf786eb00", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603785, "uuid": "ffe501b1-1959-4b79-b5f1-cb180f5fbbc9", "comment": "Malware payload (Mirai)", "value": "ff1c2dc0d6d379831495483cebcbea4b700b94fd94a2eccf135b73eacae13f866ca03fb1399cd46f2bf011ffa192b17d", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603785, "uuid": "a61def8a-6be3-4cdd-b4e5-826c079819ad", "value": "T10383D609BF614FBBDC6FCD3305A90B0138CC659622A87B367534D828F65B64B49E3CA4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603785, "uuid": "4f9bf1d1-f94b-4c47-a4ae-c70e06ecbca4", "value": "1536:brqChH3izQ/NpsSZ29bg27W7kBPaZ1kA4HYQJgj:brqChHyU7+bTW7YirwA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679603785, "uuid": "2983fd56-d96a-43b2-98b2-d4585dbf7e56", "value": 81376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679603785, "uuid": "23f09a65-3887-40b5-a0cd-90a38d6e1308", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603785, "uuid": "c31cbb5a-c68c-40b2-a97b-5d33e18bf2aa", "value": "nigga.mpsl", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78d10b89-c998-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679589221, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589221, "uuid": "163712f6-336c-4ee5-9d02-902e0dadcd37", "comment": "Malware payload (RedLineStealer)", "value": "f60b705328fd3c9cdf8aa1d686d3536f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589221, "uuid": "d624a00c-be3c-482d-9562-f9bfdfb4803b", "comment": "Malware payload (RedLineStealer)", "value": "dd00bd0c7152aa6be1e2a3ff69bcede3ace51bafc28b03fb14d82aaef9db5736", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589221, "uuid": "a1261846-e72f-436f-b4f0-785065e5d42d", "comment": "Malware payload (RedLineStealer)", "value": "fb838a8ac7e4961ab4fb63cf8b77f3405ba08ba9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589221, "uuid": "ddc99608-5935-43b4-986e-a36ab00b120f", "comment": "Malware payload (RedLineStealer)", "value": "7f04cfde91d3ed22de739d49532db7461960624e5c8579b1e0280cf48a1aad09e610c372f32628ccc4dadfb9d7962973", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589221, "uuid": "26541433-7ba4-4ac4-a61a-68f0b78b7a07", "value": "T1FE445AF07D381899D42DA974817EDE91B77DB519AB3B86372E34B883913E3BD6B10108", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589221, "uuid": "1b3f7eae-ae20-49ce-a5e9-fef1636e5968", "value": "9ccce235b0948e702108d60e5a6f9990", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589221, "uuid": "82da7c38-669c-442e-99ba-6a2573379717", "value": "3072:e11vJxTYjNw/Xy3qBCHv3mf+9l5HwcYX3Uw+CIedbag6DQJt/bvvyZwCzk3sxZX3:2vJCBqBw+0/WXfag6cjby+uUi7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679589221, "uuid": "19689bd4-e671-4878-ab87-400bb8762287", "value": 264272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679589221, "uuid": "d9c59211-4338-40e6-b86d-fe8973f10900", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589221, "uuid": "b710bdc1-932d-44a9-aeed-7144deaabbea", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd4fbcf1-c95a-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679562815, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679562815, "uuid": "983f255b-3c76-4dcd-bb5a-e8b8e024edff", "comment": "Malware payload (AgentTesla)", "value": "80b94a478d485f29cdcceb1d1f082d07", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "chm", "colour": "#080B02", "exportable": true, "hide_tag": false }, { "name": "ftp-instantprint-ro", "colour": "#0566FC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679562815, "uuid": "096b9ca9-942c-4dbd-babd-8476510f0a9e", "comment": "Malware payload (AgentTesla)", "value": "dd34218ec303f96e4aa14e67068989ef6d965fb5d715a90c92fbbf5065098480", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "chm", "colour": "#080B02", "exportable": true, "hide_tag": false }, { "name": "ftp-instantprint-ro", "colour": "#0566FC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679562815, "uuid": "e8f4e4d8-3e15-43cf-9b79-40682f588982", "comment": "Malware payload (AgentTesla)", "value": "24035e5722067c4ee6911f65df700117516fb3ff", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "chm", "colour": "#080B02", "exportable": true, "hide_tag": false }, { "name": "ftp-instantprint-ro", "colour": "#0566FC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679562815, "uuid": "d0f6e74c-5fa7-404a-a894-f90e6d2f2965", "comment": "Malware payload (AgentTesla)", "value": "cd976d935ad53f8fed2b759dea14b8aa822dd0936788aed39c6f9e55cf6e0a313cbff927772876097a8d7671c037dd24", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "chm", "colour": "#080B02", "exportable": true, "hide_tag": false }, { "name": "ftp-instantprint-ro", "colour": "#0566FC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679562815, "uuid": "0fe41ea3-8e49-48ee-b27b-ba393431fb6d", "value": "T1CB82AF2036644B82D488173B7B47E9767429A153DDD8B80AB02DFF243DEC905F6E8D80", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679562815, "uuid": "daa30639-1d77-4edd-aa0c-78cca0c091f9", "value": "192:gQfQUEl0Apqx9t+kb2ZpUTCvJzFdiH1dt1dHAcswcO:gQ4NunC4+1FUNHAcs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679562815, "uuid": "81f7e117-8004-4ec9-8a89-21ceeac4f5ee", "value": 17597, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679562815, "uuid": "faa7aaff-2070-46a1-87f9-c4ead84c7c56", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679562815, "uuid": "fca6024d-ead2-4f23-8a45-b0181350979e", "value": "document_23323.chm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6778ef65-c979-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679575878, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575878, "uuid": "51743778-0765-443a-81da-7c7d3cd1d139", "comment": "Malware payload (AgentTesla)", "value": "d2683b1c541d7ae99fe7f11b6b0f6648", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575878, "uuid": "a0f6e179-7e6d-4598-8900-03f7455a99b2", "comment": "Malware payload (AgentTesla)", "value": "de46ab143d523dfdba34843a47df51f1112cac3bc7b3c8c053ab791b2c0a5010", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575878, "uuid": "c4fd82c6-27d1-4bde-917a-12914b093be1", "comment": "Malware payload (AgentTesla)", "value": "a3be2ba589dbde4295bd49f3a9c1fa376c3a33d9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679575878, "uuid": "8aed3f0e-3d6c-4b3e-8950-bb9ce76e806d", "comment": "Malware payload (AgentTesla)", "value": "a9441696cae13d9ddb04e834fb7bf7f871a96e7aa7055ebe35a15f2345909c32aaddef82ea3e40abab93bd2a2f14ffe6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575878, "uuid": "18ca2945-cf50-424c-b45d-504be9b063ec", "value": "T1B305E041FD7A0973F8DAE2B41560273A0369BBA55062D68A8EF96C8D3CCBF6301C155F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575878, "uuid": "a71db225-d619-4369-8971-0a6a2e631027", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575878, "uuid": "e43a6975-4347-460c-9e2e-64dc8a656a2a", "value": "24576:68QthUZGDh5tp+9mJPhopeR1Qf/A3VAzCOiLOX0:DQt6ZozcmZhuzfQ/OiKk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679575878, "uuid": "9db4affd-627a-407d-8e32-39506a6daece", "value": 864256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679575878, "uuid": "8c18d460-4efb-47dc-8503-92e1bfbb9fec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679575878, "uuid": "f2406d99-9b89-4fa1-b451-7bfc4f9eba4a", "value": "obizx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49bed68f-c9bb-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679604175, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679604175, "uuid": "c9c4b9ee-722c-469f-96e2-2c3811a59dec", "comment": "Malware payload", "value": "fab2cc9e8a64f905fb0e84ac8f014bee", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679604175, "uuid": "2262fb04-966e-4a15-a37c-e22472872208", "comment": "Malware payload", "value": "df921c4f173a6bd6fe0b347f2494ff8c2c4a5407de343e87061e43b89890a712", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679604175, "uuid": "ebf7a564-5785-4c79-b5ef-3e4b3f1548e5", "comment": "Malware payload", "value": "4cd94c381554f8a2ed956acb5b073c4f5a704de1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679604175, "uuid": "443c3710-0f12-4b4c-8d61-d06c15d3607e", "comment": "Malware payload", "value": "bace27faa0953b24f2d9009f74026c1f61ccd8ac327137d273857d2cb82a2fed2e981dbe9bc05083b15d413360874eec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679604175, "uuid": "b49fa6a1-2677-474a-96fb-29000f6f84d4", "value": "T13826CFF21286BEC9E37F0E30D1643B608E10982B97ADD349BCC4299E97957A4DF185F1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679604175, "uuid": "142f4521-2a73-4937-8806-4ce7ee5325f1", "value": "49152:uD/knfTs+mL/LQHL+G7JVmlyWTl2rYJyINJf+Wymt0dkCKOuzqubg7m:8/0fTs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679604175, "uuid": "bd724db2-bb25-4df4-b8ea-a45b0bd493b7", "value": 4789760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679604175, "uuid": "92c37ca6-2e66-4fdd-a4b1-a4beacbbd808", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679604175, "uuid": "82b7c613-dade-4046-9396-b84a2eb306b6", "value": "RFQ2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "630c1f07-c9ba-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679603788, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603788, "uuid": "72a59d5c-d9fd-474c-abd1-2b288222c12a", "comment": "Malware payload (Mirai)", "value": "ae15c38745c4c43a91b2645a10f5181a", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603788, "uuid": "87f420e1-1d47-4447-9205-073688bbc05b", "comment": "Malware payload (Mirai)", "value": "df9ed0fe24e6dad3b5ecb6bfcaefa56c96dfc81efc82bad90c97298ac546b49c", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603788, "uuid": "4894f9da-da6f-4174-98dc-82620a5ca2aa", "comment": "Malware payload (Mirai)", "value": "c4bd00c24ad46356c41955b5c2a76d74005b5aee", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603788, "uuid": "098f6a97-8a45-4bc8-8b65-701403a4acf2", "comment": "Malware payload (Mirai)", "value": "879a766d3056383b2808a24a58b19688168d320b83b40e0d9809e1ea0e134fff49d3f42d054d067ecfe2ff5f642c4fdf", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603788, "uuid": "9623a3ed-c743-47cc-a8fe-9b1344cdeb31", "value": "T197336CC4F683D8F6EC530170607BEB328E72E6F91229D682D3B99631AC56542E507F9C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603788, "uuid": "1fbb80d5-0999-450f-ac73-d9071470b5ca", "value": "1536:Ux+v09GM9u8FStuMhGtglHc1sMntrfuCsYYYYYYYYYYYYYYYR9YYYYYYzYYYRYmD:Y+v0ENt7higlHIfnJ3k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679603788, "uuid": "ed400d59-9472-471d-97e6-8f6d259934eb", "value": 54352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679603788, "uuid": "e614ee12-30f9-4cdc-90c1-6e50238c364a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603788, "uuid": "3efbd85e-4d9c-4cc9-a3ac-c93af1608eb7", "value": "nigga.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "45fb8cab-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679564225, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564225, "uuid": "4501551c-0e35-4572-b20a-6528142c8136", "comment": "Malware payload", "value": "1ee8ebe94545affe4461204ae968b32a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564225, "uuid": "780c72a5-c227-4492-afdd-0812631f7892", "comment": "Malware payload", "value": "e0ec81f74a6ae2509f2b8fcf815f3d03b83192bd83f0b3a2de6e220a362e4ee8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564225, "uuid": "66fa2baa-9ffe-4aa2-bf82-0df6c8a548fa", "comment": "Malware payload", "value": "e09306a9c449ceb7ad29fa3dce2e2496f7aefc50", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564225, "uuid": "40ae8fce-ead5-4896-b747-1b12fb956f28", "comment": "Malware payload", "value": "5cd8ed0434cb4bf6fdae626700fe5e3bd00a718664a8909df6e60d124130b495bc8b3eda037eb1b814a9f921198a28e0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564225, "uuid": "7b2f6d3d-aa7f-4cb7-b20a-3e18211d5e38", "value": "T108263320D6D31D93FC213ABD7A815D8E89F1E8863166CA8B64651837FB1F472B3C9381", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564225, "uuid": "acb325cb-6521-4690-ab7b-6014a83e2fe9", "value": "9aebf3da4677af9275c461261e5abde3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564225, "uuid": "406322d1-dfa1-4328-893e-62437dcaed65", "value": "98304:fpu2nUXmb9RLP5W8pOl4FkAblySaBbviZKUXMgl6acmaiQDSo7TR1kD3T8:hux2b9Rdhp6QkOglBbvsKeMU6acDzGcL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564225, "uuid": "3c338667-24c6-4dfe-a372-0939643b1f97", "value": 4510720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564225, "uuid": "f999f165-d900-4776-be9c-276d2dca0956", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564225, "uuid": "6e311685-25b0-4eb6-9eaf-702facbdb430", "value": "1ee8ebe94545affe4461204ae968b32a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d19c0fd5-c990-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679585934, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585934, "uuid": "76a6f9f3-81c2-4640-8203-9bd32f324c65", "comment": "Malware payload (Heodo)", "value": "fe420123d021253a9944fe2a146d5fda", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585934, "uuid": "5f95c085-e23d-4347-9295-bd4b38da3aaf", "comment": "Malware payload (Heodo)", "value": "e0f279917c0f6926bff87f75e39dc30b44cf7bc940e807755544b978bfd9b12c", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585934, "uuid": "fa56fafc-1ab7-4d21-b0cc-1693ddc087a8", "comment": "Malware payload (Heodo)", "value": "2ba3cbbcba3a04479d2ec90000e80e55715c36ad", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585934, "uuid": "d91594b6-1385-4388-a678-a0390d53a3b8", "comment": "Malware payload (Heodo)", "value": "7ed11bda77bcc04d2a8ce5d6644d3ddcb39b2fecd95c939c517943b31ac2219e48e5c13a706fdd67cbe5228c6839574e", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585934, "uuid": "fa0a816f-a6b6-4f16-843d-e900f8849094", "value": "T19844F9CA6B97548CC060A3FE300476E6433947E3E970ED34E4959C2E8D66F8E61F4A9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585934, "uuid": "7e4246c1-6a9e-48b1-85b6-c8619cc2432a", "value": "3072:kNjcvQx377FjDDRX4UzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWav:kmvQp1DRXKXm5ZGa3vRXm5ZGa3vuV4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679585934, "uuid": "ae4575c9-8a3d-4564-8326-cabb387f7b40", "value": 268308, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679585934, "uuid": "70dbee8c-3f4c-4a1b-a6e1-b140256d2218", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585934, "uuid": "446288ba-d915-4a9a-b600-00fd8c81ff6b", "value": "OPAST GROUP.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c600b29-c97c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577201, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577201, "uuid": "b88bc639-df78-4ba9-bebd-c67dd52532dd", "comment": "Malware payload (Gozi)", "value": "d1525ede28ff7a74d5565cd293904903", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577201, "uuid": "fc0fd930-9d5b-4999-99b6-f75851926443", "comment": "Malware payload (Gozi)", "value": "e1335db6cbda410887c0da7a16a717ad50a685380c4c1262ed6d6b374af073c0", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577201, "uuid": "53dcbf6d-a1a4-480e-9cf2-6a5b1a2fc627", "comment": "Malware payload (Gozi)", "value": "7b10735a32ed119f3abdf73983a4c9141f0e5fd1", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577201, "uuid": "9d97fe7d-209d-422d-a5c6-f055c576c123", "comment": "Malware payload (Gozi)", "value": "2af3e32421677a9c1c7e29ffdb09b03148efe7947bc6b6f3cb947acd300311cc0bfd57407347510c52fadcf7b577a9ec", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577201, "uuid": "d9227fe4-9e7a-48a6-a425-b86251470873", "value": "T1DFD16976825C1FFF283631AD5C1842B221B2953B7BBF1CE7B57005A9250CB6081B6EDB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577201, "uuid": "a42cb31d-ee05-4357-a9d4-7f58fdfca578", "value": "192:M/fnUwLR8EzDM9a9gJ3txMErhun9jqWpfPLrFaLc:dY4p0ZJpn/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577201, "uuid": "4ecb8014-8879-4846-b7ca-430b1d6426ef", "value": 6576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577201, "uuid": "408f6f3a-4167-4244-8f8d-54466724020a", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577201, "uuid": "cd45a4f1-fe4e-4981-ac71-bc3d6ec26cd9", "value": "Fattura 3562 2023-400929.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c2425a7-c9ac-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679597870, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597870, "uuid": "d3b5f43f-6abe-4c65-a46f-9eb4cbeb607a", "comment": "Malware payload (Gafgyt)", "value": "7d6a777ca968ce80e7e025636633f5de", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597870, "uuid": "e0f94bc0-3144-4809-92c0-d75f8553f50e", "comment": "Malware payload (Gafgyt)", "value": "e2824860aa028e57ed7ae75e97c9dbc856e57d5235e6147a31f3172d336074f3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597870, "uuid": "afef705c-6d00-480a-a277-3a8f0486d74b", "comment": "Malware payload (Gafgyt)", "value": "9da31df1dcaadec947292dc4660de1534371e546", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597870, "uuid": "b32fbe6b-99e7-4c3c-aac4-c52dc36501be", "comment": "Malware payload (Gafgyt)", "value": "462c27aa026d6f8b33fd5b07fe00a92b6bfa268ecb24b2db56df878228abf84ce5761e6cefa7954fc9df076872056f4c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597870, "uuid": "fd40758c-ae7b-4691-9bd1-26f41a45237f", "value": "T17D930941FD418B27C2D237BAE78F435D37366A5467DB33016A396EB42BC27982E39520", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597870, "uuid": "2a366009-19cb-4724-935e-c47f918b6d5e", "value": "1536:LBkF9VQPAGaHYyEfgcqpq1innPTxHOxaePczYrmREqQ4b/X7XSee:OQ2HYBv1WTHePcKmREqQ4bv7XSee", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679597870, "uuid": "f6be6999-162c-40fb-94d9-42b4723efb3c", "value": 92448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679597870, "uuid": "31ab4e26-776b-476e-9a23-71e0f7ebebb0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597870, "uuid": "27dae2ae-ffc1-47a6-9350-ee813b3fe501", "value": "7d6a777ca968ce80e7e025636633f5de", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4df6d029-c918-11ed-88f6-42010a9c006e", "comment": "Malware payload (TeamBot)", "timestamp": 1679534174, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534174, "uuid": "8f7c1c86-d9c0-43f6-866b-6e2f8e8aed09", "comment": "Malware payload (TeamBot)", "value": "301c0b6c9341de9df8fd19d5060690f6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534174, "uuid": "a80b8599-5152-4e71-ac86-c36c705adeff", "comment": "Malware payload (TeamBot)", "value": "e2890e9fa0e086c87f866ebcf6b83fed7029cc9221ecc19318af45a8608a11e8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534174, "uuid": "2322d415-96dd-4abf-967a-c02b45be715e", "comment": "Malware payload (TeamBot)", "value": "2f4adc9981ed11890bbca161dc770e6c647c05d4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679534174, "uuid": "155e6845-ef87-4511-8ef3-6c20891fbca1", "comment": "Malware payload (TeamBot)", "value": "afae14cb3103e3533c559091f9548fd5a07aa12f9bab4bbdce9ec14ed6c0eb957e523a92f3c6c547c4e753c8f31d9c6f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534174, "uuid": "e78dc30f-b2d2-4231-b935-fb1a04e72918", "value": "T1A9745C0293D36C60EF1246328E1EC6F86A1EFD619D5B7BAA234DFA3F09741B1C152716", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534174, "uuid": "94bef252-9322-4eab-9cb8-773eb612556a", "value": "cd10f4930e443428517f91868d83e9a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534174, "uuid": "23260756-0040-4de8-9458-6417ef752dc5", "value": "3072:ZLBJFcPHFGmuelRnDY7BN33t2VtgBz67/3+4PGEE6kmq6efZYPNA0IJJ:xIT87b8+z7QGEJqlZeNA0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679534174, "uuid": "30ba7e03-ac33-4e26-a2fa-bc4f47c2cae6", "value": 367616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679534174, "uuid": "9f44cd8b-a0ed-47a9-a19b-fbfe2909d779", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679534174, "uuid": "58975920-c8c9-469b-a434-42ccf5f551d8", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0b2c2fd6-c941-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679551671, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551671, "uuid": "d32abd93-1287-4261-98b1-59486e50314f", "comment": "Malware payload (SnakeKeylogger)", "value": "c19b70381457c1bf947f4befc79dc507", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551671, "uuid": "4ef52076-7edc-4ab2-a805-1310eadb31ad", "comment": "Malware payload (SnakeKeylogger)", "value": "e3605326017c58a3ef50367f4821255161997f87c615c126c981526127392d3e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551671, "uuid": "f3795f5b-8d46-44c2-9a5b-395e3b65e4ec", "comment": "Malware payload (SnakeKeylogger)", "value": "c290b39b8078e473c6d7eefa8aac2f7a1b7b5376", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551671, "uuid": "0ce467a0-521b-4d53-858e-56f3bcbe5831", "comment": "Malware payload (SnakeKeylogger)", "value": "c736e70d252fd4913df9ee26f69c8afa31ee916147a4359b0d472cc96710d69dd36e6ce3a036b849b27123abdf001119", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551671, "uuid": "469f04d1-7013-4393-bcfc-ca0362d00723", "value": "T125154B40EFAA6460F111047A216BBD5FCD51A88E98EDFB6E150FEF31F5E221D1D82E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551671, "uuid": "b15fab97-e91f-43fc-90c7-2c909e0bfa3a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551671, "uuid": "5bebec98-4c1c-4dd6-a31c-66976ed429c9", "value": "12288:6LYK0aO+4fzKM/JNDFmHGoxuBslG0VKhxabmj09JgkbzZnKkAtvxiLATAGn3WtNv:6LYha+zKM/JNB6xpYnzaSjSnKk0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679551671, "uuid": "d3165eb9-c5ca-4bb4-95d5-67317daea68f", "value": 908288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679551671, "uuid": "29b2afd1-8e19-4e67-87a4-63d23e18c43c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551671, "uuid": "ccc1f01c-a7ef-494a-a25e-6aa3c36ea7a4", "value": "c19b70381457c1bf947f4befc79dc507.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac64a85b-c9ac-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679597898, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597898, "uuid": "630a9a7e-60f9-4ce7-a235-b82a4ce415fd", "comment": "Malware payload (Gafgyt)", "value": "2aa4efbfdacadbd4eb3b30d18bbeee00", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597898, "uuid": "4b81e23b-b20e-44f2-a640-8b3645ce5209", "comment": "Malware payload (Gafgyt)", "value": "e36ef872d5481ba375f74c1f8260a7d34d5fbde6cfec42eebfe6f0d7d03854e6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597898, "uuid": "19097e90-047c-4a27-a899-5044518b2d7c", "comment": "Malware payload (Gafgyt)", "value": "0337584a572a418ef7748dcedb4fb3f1751e22a0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597898, "uuid": "ed991b77-b180-4c2a-aea0-4e115d35dd66", "comment": "Malware payload (Gafgyt)", "value": "f1acc174cbe2b01435bfbf3d8ccadf9f646a8988d4f214876ac8b08a0c696dd593b5793a874975994f0864f84b5d31be", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597898, "uuid": "2a14f72a-eb34-407c-8d2a-adef5a9b90de", "value": "T1D4734A47AD628FB7C146AAB525A759300723B8215F0F1B89713DAAF8470F8CDB80F764", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597898, "uuid": "ac3cb5ea-efc2-4abf-8e24-59cfe57da0cc", "value": "1536:kAmbedEfIKy1BABWWNxiEVN/CP3yzTN7mj9VqYLe8f26e:v+eefvyoWWF/A3Mhmj9VqYq8f26e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679597898, "uuid": "76e4e935-32a8-4b2f-9a5b-7fe448513a8f", "value": 77753, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679597898, "uuid": "de76f46b-861d-4e48-8f52-166d595f880a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597898, "uuid": "0466e62d-2d8d-4dd7-b6f2-96dcbbf204e7", "value": "2aa4efbfdacadbd4eb3b30d18bbeee00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0864675d-c991-11ed-88f6-42010a9c006e", "comment": "Malware payload (Pony)", "timestamp": 1679586026, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679586026, "uuid": "5761e377-5165-4bc0-bcc3-07457f063983", "comment": "Malware payload (Pony)", "value": "026282222b49c2ac5eb929a8e67f9ff4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679586026, "uuid": "d723c0ab-30a6-42c7-ab13-69daf0e48130", "comment": "Malware payload (Pony)", "value": "e60e1a7bfd29b4a3be5200fb27e0d943a107afdd1f48aa9814b7a59d56e5ad77", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679586026, "uuid": "43cd8936-efbd-443e-a664-40d9da84fb15", "comment": "Malware payload (Pony)", "value": "1427a313f1eb83a451c14639fde1408879264249", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679586026, "uuid": "977aede5-dd2f-4b06-af92-4ef1e40f1101", "comment": "Malware payload (Pony)", "value": "9bfa29c86350ea20bccbfaadbd97314923465656e87555ccc0b6866bb25249901a47597ebff1bff952da3651efebe401", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679586026, "uuid": "fec70b0e-6ec0-4726-ba22-d3a9713928d9", "value": "T1F7E3D02676609C02ED211178C491CB31A5751C659BE902C32B9CFD38F9724D9BE3FBAD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679586026, "uuid": "3c859eee-9076-41a8-9418-40c437946384", "value": "30d3087f7cba3698ee71fccf310f6f39", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679586026, "uuid": "01725913-cfa8-414d-8a34-1a7876252d9a", "value": "3072:zQz/izGq6EXKsvOwGZZIuiSJ4hA/J8nWRO5EdqDln:rx6E6svOFZauia4j26l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679586026, "uuid": "ccbb76f8-f4d4-4302-a041-16f222e939f8", "value": 145408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679586026, "uuid": "03e3725d-5a64-4962-a25b-8e0d5bd6c778", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679586026, "uuid": "e489deab-625a-4b24-97a5-e2d4fe30d999", "value": "026282222b49c2ac5eb929a8e67f9ff4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "218f4ca1-c9ab-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679597235, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597235, "uuid": "d6be33be-a4ed-4f68-956e-38a66fb4c852", "comment": "Malware payload (Gafgyt)", "value": "a29348cc4a526008b130427916505d62", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597235, "uuid": "dd5bafa7-316c-4d81-8bc9-dde3f394078b", "comment": "Malware payload (Gafgyt)", "value": "e6e41c406c577a109268378c3fe6536f6eeb5aa14ef23d2f8d22681873a0e0a5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597235, "uuid": "a530e477-3c2e-4a05-98cb-653d7faee48f", "comment": "Malware payload (Gafgyt)", "value": "0d851944c52bf955beea106a2963bde119272a67", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679597235, "uuid": "07d4693b-c4af-464f-96cd-345da86f4bc8", "comment": "Malware payload (Gafgyt)", "value": "67ef7bbb39596ffb0fc8819c9771765a973c5068eb0b82cff8c5579bc9b1e3fd5606d0d730d6ec249daacb6093afe7fd", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597235, "uuid": "9bef476a-a6c1-4bd7-9cf2-302f03e14363", "value": "T1C3931A41F9408B27C2D227B7E78F439D37366A54A7D7330269257EB42BC279D2E39520", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597235, "uuid": "257ba902-4070-4213-b6c6-ceb173eb5308", "value": "1536:EIkg9VQPAWeMTEb82Mm3xDKMsF0rOLcv7NPzRxQMpy2SjmokCmCVrQAFW9OXkYe:dQaMTDWWFG7NPX5SmCmCVrQAFiOXkYe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679597235, "uuid": "5c25a3df-9044-4a5a-863c-9efb8c610a61", "value": 97538, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679597235, "uuid": "f4445c2f-e0eb-45dd-ab22-84da9267976b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679597235, "uuid": "e3e1e7a7-432b-4732-8563-e99f6d610969", "value": "a29348cc4a526008b130427916505d62", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb4ed7a6-c989-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679582917, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582917, "uuid": "66d32fff-1118-48ac-bc49-869f1126ee71", "comment": "Malware payload (SnakeKeylogger)", "value": "5e63cd1743adf7c329bfc379aae33e76", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582917, "uuid": "a3afd376-1f06-4b91-945d-0455b15e2087", "comment": "Malware payload (SnakeKeylogger)", "value": "e7f3e64f094d2952506148c2b0d6062a73999fb26a2eac49e6698515e3c2156e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582917, "uuid": "f74384ce-e5f3-4760-8a92-225a4b4964db", "comment": "Malware payload (SnakeKeylogger)", "value": "b0ec711fd81172cf88a63fce4c75ffedc21a76da", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582917, "uuid": "bd9daea4-c4cc-404c-8cc5-67281b3b1791", "comment": "Malware payload (SnakeKeylogger)", "value": "9b1bc574c0d0baebcda6a5322ee598561ca475cf3e328b519110df60dda85fe35823f7ce68951828c79fa31c15d4907e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582917, "uuid": "64bfc265-366e-4f17-a3c0-8f0afad845d0", "value": "T1C3356DD1F56088A6F8AB46F16D2A653011A3BF9D54A4810C5ABD7B1A39F335320DFE0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582917, "uuid": "be134c51-8073-46a4-b391-c5685b26f8e0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582917, "uuid": "38368b79-c09f-4a2a-9e6c-d29f887e1b4e", "value": "12288:U8Qw3UZwdEdJs+40OkYPVZqxPRg3tiXk7ymumqG8:U8Qw3UZGEd++RgPVZc5g9i+ymZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582917, "uuid": "3ce5396e-7097-4d63-b4d6-cb5c2ee4a35b", "value": 1092096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582917, "uuid": "6ea4bf36-2c7b-4121-a05c-aa9cf2f160c6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582917, "uuid": "f34ea8af-9f81-4107-983b-41904d6d2382", "value": "Ziraat Bankas\u0131 Swift Mesaji.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "701a09de-c9ba-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679603810, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603810, "uuid": "6dab24d1-6779-40dd-9052-aae961c740c8", "comment": "Malware payload (Mirai)", "value": "421c153b1c86dc030f9d7b395f37187e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603810, "uuid": "649be2b7-9838-419d-a561-b6f5688206ec", "comment": "Malware payload (Mirai)", "value": "e86906e337f600bc7c951dc6380cb517605be0bc283ce9c90f237061b422b7e3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603810, "uuid": "89623e22-a9d9-4648-a526-e91519a03181", "comment": "Malware payload (Mirai)", "value": "5202e094f13f4f5b3b2e0cf37bf0301bcd9b4848", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603810, "uuid": "c03f9194-0bf1-48d7-be3d-82002563fde7", "comment": "Malware payload (Mirai)", "value": "5bf45c98067f8b09c0ad454ab49655956942e619722fd0d9856bf0a4340c6f2cda07983fe6f0e6755aea03a1d806b89f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603810, "uuid": "228cff48-30a5-4287-8248-fa5b63b48bee", "value": "T11CB2E126AF525514D6D8783BED744B873136CDBCA27E35B622001628AADFCD918F818B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603810, "uuid": "aa1e7334-620f-4a90-bfd4-83e8301a38b8", "value": "768:g1iIAMyXvjysGq1GxUkCkWOCF0t+Lys3UozG:WiIAfvcIGXIBzG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679603810, "uuid": "a47afa51-6fec-418e-9811-be6fd35231de", "value": 25272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679603810, "uuid": "151c0e23-b823-4619-9561-dd4a2b072823", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603810, "uuid": "51b08589-c475-4ef3-b9c4-0040b4761658", "value": "421c153b1c86dc030f9d7b395f37187e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "39287425-c955-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679560338, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679560338, "uuid": "7ffa9e90-a66f-449f-8b8b-6a943bf36eb3", "comment": "Malware payload", "value": "ce43d05a16369e03f1ee9e997bce44f6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679560338, "uuid": "2fc5f299-a1c8-4f2e-82fb-d557aac30f18", "comment": "Malware payload", "value": "e8734f6ab6ba0ad51c2a517b8e03b57819a3cce7e6016374917b9fefe3fd3ec1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679560338, "uuid": "3bde21ca-9c32-4b27-9ee9-3c56c92cdb07", "comment": "Malware payload", "value": "07b5b7061949c77b3f4b7627dcb4a657d5472555", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679560338, "uuid": "e4feadbb-b494-40e2-9243-f525235c438d", "comment": "Malware payload", "value": "35c22b92d68e77d72dbf6f8231fda2319b59aa2f3a31c8f5fab1fe17284b764f332e05bec9ffafaf9c70c2a753f970f8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679560338, "uuid": "8422d1fd-2726-482c-a8c9-d3cd6ba5a697", "value": "T1A6E2F945ABEC4261F1FF2F792CB111100B77B8569A36D78E14DC952A1FB7B808A707A3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679560338, "uuid": "83553b67-9266-4a8d-9b33-64eab90b9a10", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679560338, "uuid": "5a654477-b568-4783-a5f4-d43e54eb6650", "value": "384:CWMrc296pyUj4mC9k/Gs98e/YdfsO5wCZimFIIYXh6fa81pDh5LEq2TBPSmrzRl8:CWqX96WcCv9s5hFh6r5L6TB1zRlBE8C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679560338, "uuid": "7093091b-9e4f-4253-a04e-6d214884aab9", "value": 33792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679560338, "uuid": "e75691ed-fcaf-40ad-81c7-2133a92bb928", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679560338, "uuid": "637eef54-91b9-4eed-8e8f-46662b17ff38", "value": "SecuriteInfo.com.IL.Trojan.MSILZilla.13357.22707.5111", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8e4992c-c942-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679552473, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552473, "uuid": "c77d4bbb-ad6f-4f00-b619-a5119de78d2c", "comment": "Malware payload (Heodo)", "value": "e7571ee15262af998daad27086039c4d", "object_relation": "md5", "Tag": [ { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552473, "uuid": "ee672a89-6b64-4179-95b4-383ffe9d45f2", "comment": "Malware payload (Heodo)", "value": "e8cef293449e3c6da88ddb16b102d39871a06f53a3b7276d0cf9ba9e19aa4b74", "object_relation": "sha256", "Tag": [ { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552473, "uuid": "ab3c8d18-bedd-41d9-bed0-31c74fb004c9", "comment": "Malware payload (Heodo)", "value": "fb7b2bf35a870f0ff9764dc893cfc819ec1de27b", "object_relation": "sha1", "Tag": [ { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679552473, "uuid": "52747324-0932-49af-a019-3a9bd75a90cc", "comment": "Malware payload (Heodo)", "value": "46cfb2c944d5695da8f856db3767098b564cf1ca83cee8baa8828f1ed06fd35f831fd9ffe9c9722d456ac0e3d075eb66", "object_relation": "sha3-384", "Tag": [ { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552473, "uuid": "74e7c87c-c950-4b97-8409-ff760c17dc66", "value": "T1D244F9CA6B97548CC060A3FE300476E6433947E3E970ED34E4959C2E8D66F8E61F4A9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552473, "uuid": "dc3b0778-f47d-4c7b-bcc2-c1fb82202062", "value": "3072:kNjcvQx377FjDDRX4UzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaL:kmvQp1DRXKXm5ZGa3vRXm5ZGa3vuVQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679552473, "uuid": "05f06b55-f534-4f6e-af83-46f4a58c1d69", "value": 268308, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679552473, "uuid": "bf958155-d877-41d6-b56c-97ef9cde59c7", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679552473, "uuid": "9595e9e8-e7e8-49cb-a33f-eacef2eb462a", "value": "fattura marzo 2023.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "915df7a6-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679564352, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564352, "uuid": "203cb488-cdca-4a73-8a86-fc1e1aaf1135", "comment": "Malware payload (Heodo)", "value": "87c6a28f62036bb733e0ec0781cf3946", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564352, "uuid": "ed728b6c-7cf0-49ec-b38e-24b6c3eefe64", "comment": "Malware payload (Heodo)", "value": "e928facd6adce8092bfc91426ac13e1b15997adf5015baf0ce62a6e8c92de7f7", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564352, "uuid": "07f2f387-f912-491f-b723-44275d00451a", "comment": "Malware payload (Heodo)", "value": "e087df4a3f329787dfa7401256d6e81f92ddb951", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564352, "uuid": "18a539e6-a4be-4061-acfe-05fc1531a48d", "comment": "Malware payload (Heodo)", "value": "0ee4cca0143f3502785afb924852ceaf51bdf677602ab454078d1eaa43e900ef8719faa484ed48aea7e87d2f46b0d580", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564352, "uuid": "77f55ebc-7f4f-4319-9155-dde9457282a5", "value": "T1DE44F98C7BCA5ECDC224F379794BC8C5456C46B2CAF1196CAD8ACC158DA339D87E908D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564352, "uuid": "d098015d-20f4-4a28-9a38-74dc9bf1b280", "value": "3072:xXzeHrBwsHzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaBtuXG:FeHrBwsYXm5ZGa3vRXm5ZGa3vL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564352, "uuid": "08c781ac-c273-42ee-a946-a4a28a4c3aee", "value": 268004, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564352, "uuid": "c53d2a89-5bd0-447d-8f3f-4d78c478793a", "value": "application/x-tar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564352, "uuid": "baa4c5d4-00da-449f-9701-0c3fa3523722", "value": "Ommega Online Publishers.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d38a2069-c990-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679585937, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585937, "uuid": "b8ee2351-6066-4936-93f4-f1d55005cee1", "comment": "Malware payload (Heodo)", "value": "70391a9801b6338ccf899008edf94d5c", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585937, "uuid": "e6ba1ba9-2ce3-499b-946a-a0ee5edbf190", "comment": "Malware payload (Heodo)", "value": "e96207d6a0a929dcf5fa7e60ba5a7fc53eeaf09debc384e73dd981a75b0dd06e", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585937, "uuid": "a983b3cf-de4b-434f-9fbb-2251c659d2ac", "comment": "Malware payload (Heodo)", "value": "7f97551f0ea815124ec84a2e8866933781370ca2", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679585937, "uuid": "26c90a14-593f-48e6-8aee-90b40911aedb", "comment": "Malware payload (Heodo)", "value": "c22004a5b9fd7943b18e7690b9ca6100f282df0f39909d3d00037f0b854b0e8cc4d9b4c1c80bdccb904f392c030e8e94", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585937, "uuid": "bf6ee8d5-5ea0-4a42-93e0-0192ae5463db", "value": "T14F44F9CA6B97548CC060A3FE300476E6433947E3E970ED34E4959C2E8D66F8E61F4A9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585937, "uuid": "96ee6c7d-f73f-42db-8cfa-b2015ab4415a", "value": "3072:kNjcvQx377FjDDRX4UzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaY:kmvQp1DRXKXm5ZGa3vRXm5ZGa3vuV7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679585937, "uuid": "08137917-8df5-45e1-b312-ca2c7a6b640d", "value": 268308, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679585937, "uuid": "f52a1a18-fa47-4a96-9371-7a1d8b551a7e", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679585937, "uuid": "2dff5962-9c3e-4aa8-b18f-49ee61afb224", "value": "Opast International.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4de2c56c-c91e-11ed-88f6-42010a9c006e", "comment": "Malware payload (RevengeRAT)", "timestamp": 1679536751, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536751, "uuid": "98b6530b-e950-4af8-8010-07b781530f99", "comment": "Malware payload (RevengeRAT)", "value": "b9d014296827c8d325ba1e1b0f4b2793", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536751, "uuid": "d7858959-92d4-4742-9733-798adbc9f634", "comment": "Malware payload (RevengeRAT)", "value": "ea0c4df308a6b31c6ec10f00a3bcda9c0f38ed382a753f848f14d5b6fa24b84f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536751, "uuid": "aef9b141-b450-4c77-adec-71346e383d99", "comment": "Malware payload (RevengeRAT)", "value": "8749106256cdca0d200f76728d0a873dd13c22e9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679536751, "uuid": "7d861541-a427-4999-9f16-f4617bff92a7", "comment": "Malware payload (RevengeRAT)", "value": "552d24e7ee671f02c2ace7514115c051923fa7fa4f0e8dbd543fdc30bd80b227917ebbc3da4d07df3da6ba5b48b51723", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536751, "uuid": "df1f93df-1895-41e3-80de-72f1a64d88cd", "value": "T158D3C5827B4FC220C61C61B9D8E625F453A75F87CA3FDA073888BE997B733910541B89", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536751, "uuid": "6efa6f4c-d365-44dd-afe1-3e495f13e738", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536751, "uuid": "02f17428-9287-4437-97b3-6708030d1b4a", "value": "3072:rssOu1QbkQzxsf9vIyqhSJTibjMJGEA1u4B+:rsslkkQMvqUibg8EEj+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679536751, "uuid": "48107883-9900-406b-b7c3-9270f70ae1a4", "value": 139264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679536751, "uuid": "27b5fff5-c225-4cd6-92bf-13f3d474f100", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679536751, "uuid": "a98b81cf-a439-4b52-8696-a8c404d4ed0d", "value": "Lotus.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93733626-c992-11ed-88f6-42010a9c006e", "comment": "Malware payload (PrivateLoader)", "timestamp": 1679586689, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679586689, "uuid": "360408c2-8c3a-4e68-88f7-8b928e03b306", "comment": "Malware payload (PrivateLoader)", "value": "59f0e0fed6decdce18680c580efbbf4f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679586689, "uuid": "00ab6eb4-f48a-4943-8cca-0610000f8226", "comment": "Malware payload (PrivateLoader)", "value": "ebd556dfd817dc60ad8ed99fd844ea47f591c620be43b3b0f5d287ee7c919599", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679586689, "uuid": "bebf2399-a299-4470-9918-1923f2407945", "comment": "Malware payload (PrivateLoader)", "value": "a383c2d373bf44afbe085c0af035c4ad14397648", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679586689, "uuid": "5184f46a-852b-49a5-aa10-1a8912895a6a", "comment": "Malware payload (PrivateLoader)", "value": "a68242684a7798d8c6777cfbb45bae6867f5ebe61cab163f9b961577c6c32c1df46a6034b8b8fa255111fb5b8de5fe29", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679586689, "uuid": "0a2a77e2-53dd-4e40-8154-43728fabe66f", "value": "T1C356335875D27707F62EA4F5759AC19731C031468EBB2B023D4A91BEEA7A4247BF038C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679586689, "uuid": "fba9fec9-df3b-4b8f-a009-4c3d3f53e21a", "value": "496fff7f26eb25a135e9d530fa8ef62e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679586689, "uuid": "dc0f0903-58c2-40c4-82f1-53f89112c7b2", "value": "98304:e8HsATpbOlCeupQCPkEvUftbbxgZI02UueOucsfeUx0mk4tUb0dpVzWavehIJ31u:eOsO4l/DC/S99peOuZXsJMpVJehORpji", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679586689, "uuid": "9107fefd-780e-464c-b29b-0680891d501e", "value": 6128944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679586689, "uuid": "18dea304-f146-493e-84fa-7197654bf393", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679586689, "uuid": "1789d4cf-800b-400f-98a5-261805e0b738", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "00ea123b-c927-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679540487, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679540487, "uuid": "8aa0713c-e0fa-4fd5-822e-f7989a264b28", "comment": "Malware payload (Amadey)", "value": "cdcb53c1aa602982083aaefc409933a6", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679540487, "uuid": "bbae991a-6549-4f61-bf84-f3a3a15380bf", "comment": "Malware payload (Amadey)", "value": "ec163623a439e0cac52737302225b99303aa7199025f83851c75a3ec607b420c", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679540487, "uuid": "9becc3e1-fb64-4f05-971a-e49cf29dc2bb", "comment": "Malware payload (Amadey)", "value": "48eebb297eb8a19769b7cba4ff2f14bc20ce0453", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679540487, "uuid": "ab2c8d9d-0327-4e43-b4a1-f95e2201217e", "comment": "Malware payload (Amadey)", "value": "a688d6f86292af7df2a6c8fbad466dcdf62a581c58d4f0b4f1d3de41ed431999dea27268ca9d28ef64985ec7c49b8ae0", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679540487, "uuid": "173996a0-6e7c-4bf9-bd44-d41c28725583", "value": "T16B252352E7D9A035E9B56BB094FB12C31A3ABC914D79579F2311FC0E0CB22506E35B2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679540487, "uuid": "a67a36f2-dd31-49a3-94b1-e5f29a5a202c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679540487, "uuid": "e3d2f4b2-12db-4a1b-a387-3ca9fc86a97d", "value": "24576:/y/QrEdjB8pCMRempMU8uTmUoEePPP9ACiG4Uy2:K4wdep7emmU8wmnNP39qtn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679540487, "uuid": "0ad23b8e-27dc-4f5a-8dde-41954be0df2d", "value": 1036800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679540487, "uuid": "dc1581cf-e80b-421d-a746-f9e2973b1664", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679540487, "uuid": "90c048a4-3780-406b-943b-13550e1e8ee5", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87d6fb0c-c976-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679574644, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574644, "uuid": "e8224824-05eb-44bb-b3a2-51a4695f1aa9", "comment": "Malware payload (Gozi)", "value": "c3bfc515927d542e1ab7ae8f4676265b", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574644, "uuid": "e20c6d2f-9cb1-47b1-8bcf-ddf376bafd37", "comment": "Malware payload (Gozi)", "value": "ecb2273c25d87badfaf903563c01a27d32e507f7e7adb1ae141299e7fb5d52ff", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574644, "uuid": "9d863c0b-ffbc-4f4a-a2ec-329e23524d78", "comment": "Malware payload (Gozi)", "value": "69ad237652253341d8ae87b2c067512b5a3db059", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574644, "uuid": "f5112292-e6f4-4ba7-9b16-5c068d86b604", "comment": "Malware payload (Gozi)", "value": "f8c71f7fc72584516390d09545630c44066e5716122f5dc300b907a1fa83d679699cdf99c858ddeb7d2f00bb94de3ffe", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574644, "uuid": "78e0098a-9174-4c88-ac6a-215ff8712989", "value": "T194410AA5C2345B4CC796965132C4AE83B9989307540270FFE0BFFA423EA9A714E02E96", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574644, "uuid": "ebce03dc-ca65-48b9-a24c-f9dee440c486", "value": "48:9AKW6enNVxOEcyBniIdBQnIqwIwRylead2Ij8aodL4rOfnW2:q9nvx7T5NQITarjmYOfp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679574644, "uuid": "c6a35409-8cc4-4f0a-8bc3-5847e0c896a1", "value": 1965, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679574644, "uuid": "ea6b20e9-5d37-4714-8c0f-6fd9556fa8b4", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574644, "uuid": "d872c2cb-c615-4293-9438-6a8de57faad8", "value": "Fattura 2203-23_012(1).zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ffce6af-c996-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679588267, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679588267, "uuid": "1adfa024-c44a-4aea-b24a-64055c505ba9", "comment": "Malware payload (Smoke Loader)", "value": "f95c050cc70230bc4bfc1fceeacffb54", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679588267, "uuid": "0567d43e-5914-4901-958a-0d287247b899", "comment": "Malware payload (Smoke Loader)", "value": "ece19fdd02ebe6d41c735a6bcfef2a2cdaeb059e9ecd669512bc2fbeb782fa40", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679588267, "uuid": "d586cbf5-4e05-40cd-9d95-1b1e3571b4ee", "comment": "Malware payload (Smoke Loader)", "value": "6df01c21a1a8296a5c1319799c9d14a8c5adc8f2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679588267, "uuid": "8bc639ff-c1de-4100-ad0a-a1babe6ebc73", "comment": "Malware payload (Smoke Loader)", "value": "d647ca351887dee6eae034d21fda3b4dbb4a8c34095be0f99daf99d7f5a9da75a09c6a5c9dde4715083d246275032624", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679588267, "uuid": "be4eb58c-f2fe-414d-ad24-c9749c2360e5", "value": "T18E44CF6277D1C4B2E59F05784852CBB86A3BB8B14B5686CB3B84963D0F213D1DE3A346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679588267, "uuid": "a2fd2748-b1b2-4721-b442-c95409da5546", "value": "82f9a3111ed4dfd5fb803f88f46422ca", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679588267, "uuid": "cc7d98ef-2932-4e7f-b2e9-d321d966c65b", "value": "6144:9eVoLzjXuKbiXMGNT20txmR82kOOcZPV:sVoDXoMGVpmjBzP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679588267, "uuid": "6770c165-dd1d-4dac-9f6f-bd49bb5a6ebf", "value": 256000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679588267, "uuid": "3f61a962-9b34-46c5-aa87-00abc8669a29", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679588267, "uuid": "b50448ba-fb05-43f3-a5af-e492c302f286", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c41d216b-c989-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679582905, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582905, "uuid": "426d1d6e-6cc1-4b64-aca6-d23180393cac", "comment": "Malware payload (SnakeKeylogger)", "value": "6335171da476638eee04501aaaabd50f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582905, "uuid": "54e1c065-b6ac-40ad-a947-8f4c3594ec20", "comment": "Malware payload (SnakeKeylogger)", "value": "ecf8001bb2dbf404d6377d13b97acd585932f7972386f8b3e3ded211877c0d62", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582905, "uuid": "f5792536-451c-4e83-8337-fd7247ff2df3", "comment": "Malware payload (SnakeKeylogger)", "value": "de9010c10393eee358ef477738a47cc4c52a60f4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582905, "uuid": "706d3c06-68ca-4f95-bdfe-cbedb4a717f2", "comment": "Malware payload (SnakeKeylogger)", "value": "1f2c26544018a8b54c619fd441d47ab6304762e4c1d3cd485886609a59b8fa0da3ef692c1bb20342147ad1476ff2bb11", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582905, "uuid": "1afd02c5-96c7-4860-b0e5-d30c1199581b", "value": "T10FF4DF04BD7A0D73F8DAE7B41160533A0364BBA25062E6898EFA68993CCFF6305D155F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582905, "uuid": "63a9c661-ba8b-4f2b-9655-85da0278bf38", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582905, "uuid": "dc4a2597-71a9-4242-82e8-0ade468e4ba2", "value": "24576:48Qe2UZGT1JyrXc421iAhzLWKNyrb2eSkN:JQepZcMcpLWwgT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582905, "uuid": "82f9146b-4d2c-4c99-bc38-8855b006e94c", "value": 792576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582905, "uuid": "cd9a2d85-4860-4b5a-9a56-02d41a6ac367", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582905, "uuid": "86aa62c3-35f9-45cb-b7c8-2c6d8632e714", "value": "PU Request Form Hardware.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6aa96ba8-c93a-11ed-88f6-42010a9c006e", "comment": "Malware payload (RemcosRAT)", "timestamp": 1679548825, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548825, "uuid": "2ef40830-676a-41a3-aca2-4c1c095e7b64", "comment": "Malware payload (RemcosRAT)", "value": "5784eba1f14d03fe62efdf8bda0a3dbd", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548825, "uuid": "6f69a6a7-533f-45af-a0e7-3cdaf27e4ea8", "comment": "Malware payload (RemcosRAT)", "value": "ed4750473cade168acd7fb6a70c66fac7b919266d17a6b78d99c693a2a2c758c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548825, "uuid": "816fd07b-edd5-45e3-9904-0348ee026104", "comment": "Malware payload (RemcosRAT)", "value": "fa718fa12c9de367502b6770da28d39e4e732b82", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679548825, "uuid": "176bdaeb-d030-4f58-9205-368c035c4184", "comment": "Malware payload (RemcosRAT)", "value": "7ff831b3f6be4e18b922f58c6f559032f319afc1225000afbdccac28b8ed7674dc13a3ce809c807918cf143915fb3829", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548825, "uuid": "01156d4c-f772-41cc-8e78-c7bb9b62826b", "value": "T142A4231378A2C097D4AD03334D3D56281DEE6D21283A27AB17B11A2D5F93E43FD9DB52", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548825, "uuid": "745e0ff8-0525-45a8-9a62-1dac8b278101", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548825, "uuid": "cda1be02-3e54-432b-94cc-ee79027913f3", "value": "12288:PY/N+6lwMD0IrKl0aehawVhG8hN5HplOMoxm6lMO:PY/NLwNhlTehDgIJlOMo46lMO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679548825, "uuid": "bd25eb4e-b795-46ce-b688-7e6aaaf76180", "value": 482917, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679548825, "uuid": "1d7e0e0b-9510-4cc1-a633-a56fd3293a9a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679548825, "uuid": "01cb0e5f-5797-48ab-b765-df4500b2f2f1", "value": "5784eba1f14d03fe62efdf8bda0a3dbd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f0dd342-c92c-11ed-88f6-42010a9c006e", "comment": "Malware payload (LummaStealer)", "timestamp": 1679542658, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679542658, "uuid": "e4214778-f9fe-4a19-828a-203f59ac628e", "comment": "Malware payload (LummaStealer)", "value": "914c46a92fe166deb30650ec83f189d1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679542658, "uuid": "9f68a702-e278-444d-86c3-9e09bbaba1bf", "comment": "Malware payload (LummaStealer)", "value": "ee0bc4bb3398ba5214bdef3b94bc5bc5eaba5d611e0c71e8cdcaf36e574b90ab", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679542658, "uuid": "95b3607d-c437-4873-b15f-92ef4d6165e5", "comment": "Malware payload (LummaStealer)", "value": "c6b51b4364064ac1296e118b8c3bbb24f5437df6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679542658, "uuid": "c443a9c7-aa0c-413d-9611-9dc396c2c087", "comment": "Malware payload (LummaStealer)", "value": "4b3e94ac0a37e631a56b80cf56fb1c59d31e34fc46fa73f3f82192383d7d38a90d024aa509757d05eec4f23ec7b0c6c2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679542658, "uuid": "4527bab5-b881-44d4-bd18-133d942fd483", "value": "T19F446C1353E36860EF2247328E1AC6F82A2EBC619D5B7B6E174DEA3F0D701B1C562711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679542658, "uuid": "28b1fc04-1bd5-4691-8747-9e08e2099001", "value": "0c7d5e3cc418522bc761bfea9cf074f4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679542658, "uuid": "78180b1c-8468-4bff-950f-d1d0732adc10", "value": "3072:KjFaCOpFJdYgCrNEyO3VVU+2iTlRY8nL4OpvF0fPl+uE9f/bn3UAMa:TXJd0NaZZUu8OpGfP8uE9Xgt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679542658, "uuid": "3eb01474-7d5f-40bd-b32d-0e122a80ab64", "value": 254464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679542658, "uuid": "6954cfc2-e904-4497-a9e7-f06711997ed4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679542658, "uuid": "37eeb1b6-5c27-4324-9991-eae9f148f047", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6edc293f-c94c-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679556563, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556563, "uuid": "10fbba64-e9d3-463c-9dc2-ef372331b842", "comment": "Malware payload (AgentTesla)", "value": "dcf5ee0f9bcc7543e1f081081cd094fa", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556563, "uuid": "ff182e86-1813-450a-8852-880692843b9f", "comment": "Malware payload (AgentTesla)", "value": "ee8d18366188f74ef62d3b49405185e8561bfbfc8e30f2f4a08403a694ea5b37", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556563, "uuid": "da77c1ae-ebad-4132-be3b-2db3f3d3f684", "comment": "Malware payload (AgentTesla)", "value": "ad0f6e30275c1c4f4416aa2980f91c3e0058a8c2", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556563, "uuid": "e8faa000-4194-4e89-a076-097fdcf0f016", "comment": "Malware payload (AgentTesla)", "value": "b806fd095ad10d10591de7c2ebacb5be2fb3e389a77b8fe07372c33add5e5ddc6b771031921aee854986ba5169667c4e", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556563, "uuid": "0d62a3af-fec0-44c6-b6a8-40b304220329", "value": "T1F0D19EF576B5100D49A88CE6CB3F38E4FAFD1F6F689F610917511C04129CF2CA92A12A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556563, "uuid": "1b734fca-0cee-4f89-82da-56a99574ecb6", "value": "96:a1QSEoRPFpgS5+3OQCZTwH7X6eb1XVo7FbCHCgi8LuSqjnapcsbAPL0/P6SRq+j:aPEUN11QCNwHz3nCbCHoQu/LqFbxq+j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679556563, "uuid": "c238fe90-a8d6-4edd-83af-8f2e28caca70", "value": 6745, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679556563, "uuid": "3f44a3aa-5bf2-402e-9390-395eaa03f488", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556563, "uuid": "ae8cedc7-b912-47bd-be7b-375173ef77d0", "value": "OrderSQ010928.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2532457b-c98b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679583498, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583498, "uuid": "8fb48bfd-404b-41a4-97d6-2b247e4644b7", "comment": "Malware payload (Mirai)", "value": "88bd2d02d540f047eeac1ac190c655af", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583498, "uuid": "aa92ce6e-1f18-4b15-be73-804d8242237f", "comment": "Malware payload (Mirai)", "value": "f01db006ba638c2d067fa99f3c87c8c534d8ac27d6cad5813697e40aa9242a73", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583498, "uuid": "1d06b0fa-e316-428f-b080-75b1b8e1d00e", "comment": "Malware payload (Mirai)", "value": "6ca0cb274dedc90de620c4f397105df7eacfcafe", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583498, "uuid": "5232211d-5105-4db7-b938-973c35d97628", "comment": "Malware payload (Mirai)", "value": "538f55f559be9467fa60f59fe28ef0c798e47e5e21d7ff44802890e07b2a87f7e3a303f30d85a6bc9bbe616bf607adec", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583498, "uuid": "ba1bef98-48a2-46d9-a364-d3a03c8cc86d", "value": "T1AF730756B8814B12C5D512BAFA2E118E332317FCE3DFB2129E206B2477C696B0E37D55", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583498, "uuid": "1b40cd21-3c01-4c11-b3f3-692f661639d6", "value": "1536:2lnHaxP6XkC/zTkS7IDHtzMwo3u2ta0J0GIgi/z3KvcIc+5UYIWZz:nxiX1Lgbtzb4tabz3KvcIc+uRE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583498, "uuid": "a19f1ec6-f381-4182-b558-d84a7609aece", "value": 79160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583498, "uuid": "86649c1f-4d31-48cc-b6b2-00ffb434ee54", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583498, "uuid": "0b24519a-a578-49e7-acf9-bbedd20eb0e2", "value": "88bd2d02d540f047eeac1ac190c655af", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "63cf4a35-c985-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679581026, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581026, "uuid": "5efc50a4-465c-4bc0-a807-8b2000efeafe", "comment": "Malware payload (Gozi)", "value": "736d4c70a603a275a2da8e9e65a7694d", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581026, "uuid": "cd42babe-cf45-4dcd-a802-94b4aaaa5f89", "comment": "Malware payload (Gozi)", "value": "f068d159d227ce9335103c067f8fcbe1aef10b3a94dbe64f3293c7bdb87e9623", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581026, "uuid": "e72b0ec2-3d18-4e63-8896-73c138b1cc72", "comment": "Malware payload (Gozi)", "value": "c6cb54f091a17d1f39638b77151ec397ef546d40", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581026, "uuid": "4c94dbd6-e69b-48e2-9f1b-1a51ca150b14", "comment": "Malware payload (Gozi)", "value": "0ea4fa7f4167707a5778aac95b8381c3a7a8fa04d916eed8f87a9d9d98bd12cd1d754e732e60fa11353d1182ad87deda", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581026, "uuid": "6c707186-501d-4d49-81c0-c28cbc1a8891", "value": "T1FCD1593682582FBF283631AD1D1852B321B2957B7B7F2DE7B57005A9251CB1080B5EDB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581026, "uuid": "76f31d11-b60a-4eb6-86c4-32c2ffb92df1", "value": "192:M/fnUwLR8EzDM9a9gJ3txMhuWf6aP1fPLrFaLc:dY4Mug1n/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679581026, "uuid": "13d4f846-6f6b-4ab0-a4b2-13e6f0207bfc", "value": 6505, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679581026, "uuid": "50987f5e-3654-436b-a57e-b38a483794db", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581026, "uuid": "1fe06a1a-3dcf-4f4a-ace9-8474c3e07a74", "value": "Fattura 3573 2023-400940.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a1a5318c-c954-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mekotio)", "timestamp": 1679560084, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679560084, "uuid": "021978a3-f4c9-4e24-a369-ca36caa9981b", "comment": "Malware payload (Mekotio)", "value": "0b5ea70e36fa467724a805af43674a79", "object_relation": "md5", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679560084, "uuid": "5cc03c21-06d2-4b04-a80c-40bf1b13726f", "comment": "Malware payload (Mekotio)", "value": "f0b359449543e56bb56c8d961123ef5ccd65b19fdb3e743a6bd5af7ba50590bc", "object_relation": "sha256", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679560084, "uuid": "28fd644d-1379-4578-80c9-25d74160de3c", "comment": "Malware payload (Mekotio)", "value": "dc13d66deacfff96e18eac74c02779cd98fb5955", "object_relation": "sha1", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679560084, "uuid": "7c847616-0d1e-4380-9822-4524f4113f55", "comment": "Malware payload (Mekotio)", "value": "0242d96e8cebd3fe7fec209934961d338fdfa03bbd5c361de45fb79882a25840d1799097a4db530035f4bb0661663b50", "object_relation": "sha3-384", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679560084, "uuid": "027841b8-5fbb-42dc-8bd3-e85964fb81de", "value": "T1A236336EFD64886EED432CB72A508C71163BC786FBB7CABCC74E2160E9584161C5638D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679560084, "uuid": "51db40dd-78dd-4700-b921-bcc57264f22c", "value": "98304:r/yQpJB1LlX8zv8n3S1sOlLWqwWGV+3C9knHnyErDvX:5pJ7LFIEnlOlLMWqkH7f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679560084, "uuid": "5919d6d8-f802-4d47-8223-3bd138e4a766", "value": 5196589, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679560084, "uuid": "1dc953ea-1867-4956-9cb1-9353da3f00cd", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679560084, "uuid": "11db6dd3-d051-459e-afc6-a795dccc8ba1", "value": "ID-FACT.1679559173.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3fbe9681-c97c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577100, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577100, "uuid": "cdd79c02-ac50-412e-9820-23038252ae62", "comment": "Malware payload (Gozi)", "value": "4741963b99b5bac9b615d7b2bf8bcc2d", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577100, "uuid": "c2f55217-07f8-431b-9601-095836d82f59", "comment": "Malware payload (Gozi)", "value": "f10e4accf6a91383c279e68dfc576e859d6b6efe216342f779c4dc90c74aea05", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577100, "uuid": "5bdcf817-d30c-4e4a-8446-5014e047bd76", "comment": "Malware payload (Gozi)", "value": "ac958204a31aa30893902bd55794b1befb02448e", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577100, "uuid": "416e0251-caa1-4d3c-b3a4-7c4a0d102b55", "comment": "Malware payload (Gozi)", "value": "18889307c09345c54839e9b25ceadeb6f9ac3e34b1525260f1e57c269c8bd9a2287fce3b0c9182c0a211cb2eb00fff2f", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577100, "uuid": "d33c4b2a-2618-4e66-b0ad-bf6243034345", "value": "T1C5E2AF06B93B77F17218696D34D1719C1C32DD133EAE6CAB926CE81E8470636D224B7E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577100, "uuid": "3b367998-b838-46a2-a4b2-736fe277fee9", "value": "768:5OeseseheneFeFeFeZQIM+EC4vNSMW73vNq9uHTBWbFPHEjt:NxqMW7fNqKBW5Eh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577100, "uuid": "8123fce9-c819-48bd-bd98-dbf91ed8901d", "value": 33374, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577100, "uuid": "4ce30ac5-39e2-4cc1-bf57-e089f61ad5dc", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577100, "uuid": "886bf1da-29af-45d3-9ad3-44310d8d903c", "value": "documento3.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6bebf473-c985-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679581039, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581039, "uuid": "da7731cd-2082-4146-8f0f-8cfd597e67b2", "comment": "Malware payload (Gozi)", "value": "179cff9442ebefcaa9b372932cf777e9", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581039, "uuid": "27e65be7-f7ab-4e72-bd84-66597ccd1db6", "comment": "Malware payload (Gozi)", "value": "f16bae29090505a1ec66a0d6c9b5056eed66925250fa9522731c7166dd08b552", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581039, "uuid": "f5d7d484-12b6-4aa2-be6f-b05f7c64a0ba", "comment": "Malware payload (Gozi)", "value": "e2ecd5cf0ee5b0fef672c5b90c27c9532403ce42", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581039, "uuid": "64bb4e0d-dade-489a-a874-bd16e6881d8d", "comment": "Malware payload (Gozi)", "value": "2904a302df298a1fd4e0bb0c874c9a484550cd6c379edee300446fe23a7d7a9ff0f60022e93b1cfbf267a67e75b5a4dd", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581039, "uuid": "9ab088ec-97e1-4b8a-852a-a18138285a07", "value": "T168D14A3682581FBF687631AC5C1452B225E2957B7FBF2CE7F47504A8250CB2081B6EDB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581039, "uuid": "d208e2dc-20d5-4a52-8a20-1bfc514fd5e6", "value": "192:M/fnUwLR8EzDM9a9gJ3txMd8WNwGfPLrFaLc:dY4u8Wnn/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679581039, "uuid": "c9c0929c-aa7a-45c8-9245-651c2ac00102", "value": 6609, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679581039, "uuid": "53f2c10c-880d-4d41-bdf7-ba502b6a17a6", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581039, "uuid": "9c1c9958-e561-473c-b0db-7748988a6b07", "value": "Fattura 3580 2023-300947.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bef2afeb-c989-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679582896, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582896, "uuid": "56f1b2c4-2748-4440-879d-7ccc52c72f44", "comment": "Malware payload (SnakeKeylogger)", "value": "b3bb8df731c0cec62e739c4fd8edd79c", "object_relation": "md5", "Tag": [ { "name": "ESP", "colour": "#8CB8DD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582896, "uuid": "b1a84445-8534-457f-970d-a3c7aefa8ef7", "comment": "Malware payload (SnakeKeylogger)", "value": "f40e6cacd4f125dbe0abe0cf82329cbac03c86cd848e0a8747b8f79381f2569a", "object_relation": "sha256", "Tag": [ { "name": "ESP", "colour": "#8CB8DD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582896, "uuid": "2befb118-0cbf-45d8-9b1e-c44d3b61607b", "comment": "Malware payload (SnakeKeylogger)", "value": "205d30dcacaa049fae21d1c11f193c8d38637971", "object_relation": "sha1", "Tag": [ { "name": "ESP", "colour": "#8CB8DD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679582896, "uuid": "e42fee52-44e5-480c-b6ff-5e67c27865cd", "comment": "Malware payload (SnakeKeylogger)", "value": "68e57903f61a4ab6577ffcb38b204a2693c22106237afb9e187146e77369f4d94f451eaaff9f23aade69e8d677948943", "object_relation": "sha3-384", "Tag": [ { "name": "ESP", "colour": "#8CB8DD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582896, "uuid": "7476bb9f-9413-4a9c-bd28-36302cb3efbf", "value": "T15AF4DF00BD3A4933F8D6D7B45160273A03A9BB625061E68A8EFD688E3CDBF6705D454F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582896, "uuid": "86a7d9c8-e4f3-43e3-a2fe-245078b62038", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582896, "uuid": "9a65bb31-818f-43c9-9982-fe4ea4189854", "value": "12288:L8Q76UZwdEVpNzMR02iuR5uaxkqlSyxn/jDBlxuXiTgUicFw8iRFqtd:L8Q76UZGKy+0LJxrH/jJ6sdicFfiRUt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679582896, "uuid": "ce75fd0c-e3be-43c6-977e-796ee2726068", "value": 791552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679582896, "uuid": "e76ab285-42d7-40ba-92c0-cda94f95f02d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679582896, "uuid": "1da40a38-92e2-4ce2-8db6-5b40c78f996f", "value": "Confirmaci\u00f3n de recibo de transferencia.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca4c0cd2-c97f-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679578621, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679578621, "uuid": "f59e2330-b82d-4e1d-9e57-4e23aaa46f46", "comment": "Malware payload (AgentTesla)", "value": "be0fe09341b85122377ec2b46791d5e1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679578621, "uuid": "b9513d30-f178-4757-b289-edcf9baf36c8", "comment": "Malware payload (AgentTesla)", "value": "f472a9f82e1779fa913f345d0fc4a59012a97cb952d7c0b5445b06e6cc20dd04", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679578621, "uuid": "32e734c6-14c3-4895-bfa6-a8ec5eb8bff1", "comment": "Malware payload (AgentTesla)", "value": "6f3a6597dbe6a8827eb0630caa42ded0772e8cd5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679578621, "uuid": "76ed8ff0-0f61-4669-bf64-107e0fca6311", "comment": "Malware payload (AgentTesla)", "value": "3e6344208cf0e9d65307e5ed84b03c2fa7d7703b4584dc376b42f876c451f3f86d062922f9dc955cc61c0e1dfd6c831c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679578621, "uuid": "5783a7c2-22bc-4f61-8e68-c8435e05ae6a", "value": "T14D45492439FA501AB173EFAA4BE479EADA6FB7733B07645D1091038A0723981DDC153E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679578621, "uuid": "a025455d-1aad-4dcf-9dff-64873ae0f634", "value": "12288:ypAvEvkMD24wAWnRqCJXl12ZsVB89+O3kH2rJeALOhuC3XO4wLiTyic+zAc6uLHZ:jso1TLPHNAr7PbC7T47+M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679578621, "uuid": "dc6d84c5-fe41-46fd-a117-7828a35458b2", "value": 1189888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679578621, "uuid": "5ad7ccb4-a7c8-4125-a138-ecacd32aa8e2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679578621, "uuid": "6ab7b62a-4bda-4a04-b9fa-4bc9dbcfd0fe", "value": "Cotizaci\u00f3n-001.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cef1d472-c95f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679564884, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564884, "uuid": "c7cea6d8-b132-4370-97d2-58bce6d7295a", "comment": "Malware payload (Loki)", "value": "36e80cf24f287d4edc2a912cdc9a3a32", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564884, "uuid": "e49fe188-d381-42c6-955c-7a7ebba3b52a", "comment": "Malware payload (Loki)", "value": "f4784f17ad8656d1ac9b926def0a4572415f35d83f979f808ea4d4c8024e25cc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564884, "uuid": "eff72948-72d6-4e7e-8c71-40c2e68d33c1", "comment": "Malware payload (Loki)", "value": "bb689621c04052c4127bc58708ac12980fe12678", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564884, "uuid": "dfeec5eb-955b-4b17-9e89-9c9365436c81", "comment": "Malware payload (Loki)", "value": "4d229fabcf0f2de1ae9cbae6f1fcd9912255acb0342b88b09f8a9361582f2d12daad63ee68205587413b384f8e14f611", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564884, "uuid": "780d8090-665f-4ac6-866b-5449af1ca89d", "value": "T1DA446C0253E36861EF2347328E2EC7F82A2EBC619D5B7B9E164DEA2F0D701A1D553315", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564884, "uuid": "0165f701-5509-4b9b-900b-556ac37d2031", "value": "0c7d5e3cc418522bc761bfea9cf074f4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564884, "uuid": "be5b974b-aa5c-4fd1-b8f1-8bbc88ed0a56", "value": "3072:/P1/QyO3aOUxYgcbNEcc7oVUqa1P4yXKQcPxYf5VIrkj9JDA1ZZpMa:sKOU5mN2sNy63YUr2A1ZZy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564884, "uuid": "908d2343-92d6-4061-8bad-36f79cd1f819", "value": 253952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564884, "uuid": "f04f5c7f-d549-4847-a4e5-e86690052572", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564884, "uuid": "3b13dd34-af81-460c-8fd1-cc6fac49381f", "value": "36e80cf24f287d4edc2a912cdc9a3a32.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d405ace5-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679583361, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583361, "uuid": "ed34aba2-0ae8-4fe5-b425-d4ce44dfb2f7", "comment": "Malware payload (Quakbot)", "value": "b7f4ff942bf01d9e476d6f6b30e148f6", "object_relation": "md5", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583361, "uuid": "b664dc20-bd9b-46cb-864f-acb8ccd86b51", "comment": "Malware payload (Quakbot)", "value": "f70aa4f1a9f4499abdd2d0bd7ab78186ec93b39a0d746cd18d6dcd3524e29fb1", "object_relation": "sha256", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583361, "uuid": "39c3ea68-98ac-4873-a911-3db8a4fce491", "comment": "Malware payload (Quakbot)", "value": "a34d54112c147f8f37340ce8e6ad2b8c4189a9f6", "object_relation": "sha1", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583361, "uuid": "df164b1a-9349-4f10-8b86-936f4cdbb622", "comment": "Malware payload (Quakbot)", "value": "506bf24d4b27f0c55ab586483fd083dd0062d85dc1383ece96e78428205134e2a47e5563584a3b5f5d5c068563eb549e", "object_relation": "sha3-384", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583361, "uuid": "42e55321-a560-4778-a52f-d4029afff305", "value": "T119711CAE3D4562DDC38943533AF6B94CA81CC4F926051285ADF6A3A4F826F54FD33A14", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583361, "uuid": "f5b4d6c9-770c-463f-b6ba-e91222439a69", "value": "48:bxHWWa9s+g8ar9WTpyVbQhmY1cpngdQmRf+fKCiftrQBpUurqNfsJHsVR1twR1Z6:bx2Wa+nApWQh8pnGjAhhA1WPdRLtXAF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583361, "uuid": "acdf3bad-a24f-4c3d-8e8b-9fa72333f6ec", "value": 3727, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583361, "uuid": "65fe2c54-d3b0-45cf-b4d0-1941e2f1f699", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583361, "uuid": "0bd76f79-0661-47f7-b763-db49961979c2", "value": "Voluptatem.html", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84922066-c95e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679564330, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564330, "uuid": "6709862f-b005-46c4-a235-07e80e6b0103", "comment": "Malware payload (Smoke Loader)", "value": "b97d024080a0374a0aaa295eb089dfb7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564330, "uuid": "4af008bd-7890-4ce4-9b8c-a1b1767f5f5f", "comment": "Malware payload (Smoke Loader)", "value": "f8027f4570a8f2c361fd65abe28c4f04144347148989e87f3bc587f1e199c171", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564330, "uuid": "fb77288e-1043-4ccd-8f4d-dac4fc8d6ca6", "comment": "Malware payload (Smoke Loader)", "value": "faff03f15f6d4f610e682e9782a88b9819ffb8d9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679564330, "uuid": "8787b4fa-f628-477a-a25c-960c16aaba69", "comment": "Malware payload (Smoke Loader)", "value": "2e7a726e437d746a283550fe48039cc6b425933d0f9a3e4c0ed9eb7ff32f795038bf9f4a355c035c6b53568f4d55cf41", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564330, "uuid": "613dc86a-6cd5-4834-a4ac-880e73d37fa0", "value": "T1D2447C0253E36860EF2347728F2EC6F82A1EBC619E5BBF5E164DEA2F0D341A1C552715", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564330, "uuid": "ac82b4fc-1aec-4e5e-9b2d-a1b4c51a8ae7", "value": "0c7d5e3cc418522bc761bfea9cf074f4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564330, "uuid": "15f70242-c577-4af4-8058-2b1f59b824a6", "value": "3072:hQvjyOIMA1AYgIbNE8BX4VUePpUb2U/YGg9O4EkwEPumN9iZsVVLXbMa:Y5A1m6NvYpa1/YGjL5EPDiZsVVDw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679564330, "uuid": "54b88a21-df5d-4a1a-a413-ebebe1493f6e", "value": 254976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679564330, "uuid": "fbafa0be-5c62-41f7-9e10-a901656c5da0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679564330, "uuid": "6c0c6788-40eb-4b7e-97af-9ea883d6b035", "value": "b97d024080a0374a0aaa295eb089dfb7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f450989d-c91b-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679535741, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535741, "uuid": "866fcc39-1023-4d5b-aebf-40b00a320713", "comment": "Malware payload (RedLineStealer)", "value": "fe9903b960ea0d5a58a1d83739530f72", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535741, "uuid": "b533dc7e-bcef-41ce-b268-e733e2c4a5a2", "comment": "Malware payload (RedLineStealer)", "value": "f96af0ea8f647da7b8b006d01764ae713c88ed3cf06adf833a873c95a32bd43d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535741, "uuid": "217f3d16-a18c-4fee-a01d-c94895193070", "comment": "Malware payload (RedLineStealer)", "value": "544c418218e31edaf13e38a1a5a9ba8ee9512b1f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679535741, "uuid": "384c65c6-65ab-4ae3-ac54-1c1174db6609", "comment": "Malware payload (RedLineStealer)", "value": "20d5516da448eb50a663de893db4d67b20650eb193fd52aa52ec6d27aacef2f2eaaa88eecec75e94fa8c266802185452", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535741, "uuid": "4e649e6d-a0be-4a49-a998-d770ad7f5fd6", "value": "T1EA74AE0252E36C20EF2307728E2EC7F82A1EBD619E1B7B5E165DAA3F0D741B1D552316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535741, "uuid": "198e32ab-8fb0-455f-b04b-3cfbec2c98a5", "value": "0c7d5e3cc418522bc761bfea9cf074f4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535741, "uuid": "5f954f59-5efa-4c8a-906a-ae7502fb893d", "value": "6144:zyvZmN46WvFKkiT2vORx1ZifzW3cLN6HoVl7Sh6ZR:mvZmN1Wdqym3SzhLNj7S6R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679535741, "uuid": "c648198e-fe91-4c53-9c25-4edfef9013cd", "value": 363008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679535741, "uuid": "65dfc0ab-0052-41ac-aa90-9d7c6f5f208e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679535741, "uuid": "ae722bf9-fe08-41d5-be06-48527e96f20b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4fd17ac6-c97c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577127, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577127, "uuid": "23ace2c8-3da1-40dd-812f-04c150b6e7b7", "comment": "Malware payload (Gozi)", "value": "a158c0c3239342b25f3f88207ed83399", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577127, "uuid": "7661dc5a-310f-4042-8b63-d1364a62a417", "comment": "Malware payload (Gozi)", "value": "f987efa23c3f243e78962cab3da0de22e54732046be9efcb6672d9f61420e01e", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577127, "uuid": "b9e12d15-ae36-4f34-8528-2f01d193f287", "comment": "Malware payload (Gozi)", "value": "e05796536d62a2cef8221ffcdc7d4a606e8b36fa", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577127, "uuid": "d7b48459-7ff4-445f-afb7-b06aa014d729", "comment": "Malware payload (Gozi)", "value": "478ec4f880075ddd30f8903d7a37c9b5cf02ef3bdfdfa385ae349a802d4f8974aacf5a7e2df6209eef9cce73d0306c67", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js2", "colour": "#638B55", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577127, "uuid": "008e667f-5c07-44a7-a821-6e5ea833b2f8", "value": "T14DF2AFA829292F9DC7EFF68B62F52D66064D213F2D00DC5502479713C92B6C7F0B692E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577127, "uuid": "4bfd3448-43f0-4c94-bcbe-52f0d5c0bd58", "value": "384:XB9K7KPK8KbKfKfKfKgSIDtbcwJYhAAKPMPA8jgos9TRlwyceKWsVA/B6n:XBkeih+SSSghDdvY0ro8VlwQKWsVA/s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577127, "uuid": "e3dc4a89-86c6-40fa-93a0-6e368568ae9f", "value": 35095, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577127, "uuid": "e9fd4fe5-9e3f-4757-96d0-73d864ccdb56", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577127, "uuid": "107601fa-51d5-45ec-9519-06f82c044670", "value": "documento7.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78c62f50-c998-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679589221, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589221, "uuid": "23e8c26e-8376-43e1-b2c2-076c73fd4912", "comment": "Malware payload (Mirai)", "value": "c8e4e9edd8907526d25ab1d5a8c63f5e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589221, "uuid": "e83b8f61-63c3-42f3-9732-c476c8c84e7e", "comment": "Malware payload (Mirai)", "value": "fa65450017aab458fa656d7ca79fdee6596f1609dfb85456008d3c592641707a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589221, "uuid": "2a11e71c-429a-4e7b-8b24-03a69407adf7", "comment": "Malware payload (Mirai)", "value": "4cb2f933caba65944440603e879de1cbb43c34df", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679589221, "uuid": "c8f5e727-e109-4492-921b-a518b952ec05", "comment": "Malware payload (Mirai)", "value": "f6c640e377c233675b5c76dc952539456f5bb3096a3e82481cf92e6cf39f57d9c02af2e67c040f84ae504c7cff7dd5a8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589221, "uuid": "78c489b0-2667-48f4-b9e2-5b4d3318d1ca", "value": "T1304375C1AD537E7DD3C2EBF6EB9BD24536D38644D39B234291D90BA0896FC88191838D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589221, "uuid": "e7260c08-0506-4568-abbf-b231c1b84ee0", "value": "768:FkK18DF3J0Tnb5iQttb/nwCVy/zO5HshG1bWw/prIibf6kCtjBObEZQqdH2p61F1:FkK18S9hb21PE3leu3O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679589221, "uuid": "4cd338d4-f868-4a64-b15f-b704e9656ac1", "value": 57734, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679589221, "uuid": "8d8be2ec-7064-4052-bf0a-5b65f0e2f874", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679589221, "uuid": "bacfa885-2092-40ce-9f40-086f7479429a", "value": "c8e4e9edd8907526d25ab1d5a8c63f5e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c66ce77-c94c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679556398, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556398, "uuid": "da2c32b4-fa2e-4789-a270-615b27841035", "comment": "Malware payload (Loki)", "value": "a559b7475222c1acdf39441052fd516d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556398, "uuid": "4c787d5e-4bc5-45e7-b3d9-0c393ca17f7e", "comment": "Malware payload (Loki)", "value": "fad59f6912b0d47fefcb82dcdd97e9518c194c476009e552de5e9061e184fada", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556398, "uuid": "774121f3-6d8c-47db-9243-71df14050b73", "comment": "Malware payload (Loki)", "value": "bf3bce18942edc515a9d64c370da5985a9df9cd9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679556398, "uuid": "5ceee6e6-3870-4b2c-9fae-f5539ef60c5c", "comment": "Malware payload (Loki)", "value": "5182fe66b6d6bc5ececfa879b4d5c4971b58be028088a0ac373b9342efd02743acbe424fe0a714a5733738fa26f208d2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556398, "uuid": "4a189711-9d74-4fc6-a380-4c9a8d3c3b2a", "value": "T16C154A40EFAA6460F01144BA216B7D1FCD51A88E98EDFB6E150FEF31F5E221D1D82E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556398, "uuid": "d699119f-143a-4ff8-bb91-4f3e8134171f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556398, "uuid": "98b91214-3d88-426b-aa04-95ff43691754", "value": "12288:mKn0gud1C1uerk2WSWLXFrj7ZXDLBjFisez0TR899F+vxiLATAGn3WtNmBNa4OCh:mKn/uHerk2WSWjXXBj3ez09yaj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679556398, "uuid": "c3fabada-6452-4a0d-9e0a-61c4c9f48777", "value": 878080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679556398, "uuid": "b5ff21c1-83f1-45f3-a371-eb3b0d2317b3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679556398, "uuid": "dbd746db-7ff4-4956-b9b1-5ec317137d7c", "value": "FedEx-XXXXX4210-26010508502822.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0b7adc61-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679583025, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583025, "uuid": "8ca03178-7094-4bdb-8332-828568adbece", "comment": "Malware payload", "value": "b5060fc1fc0cba06b8ac8b7410f357c1", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583025, "uuid": "6e8c21e3-8541-418f-b945-1c017ecff65f", "comment": "Malware payload", "value": "fad93827600646e38ae35beb340b5e17bb847760aa703684406433e62da85fd2", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583025, "uuid": "c81382e9-fc9f-4640-8384-cef5a5d49db8", "comment": "Malware payload", "value": "4d50f003d2398b6950b200928d33b96c68d10043", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583025, "uuid": "110c46c4-78cc-45db-9f18-f7b295905794", "comment": "Malware payload", "value": "ead8f941157dbb31313b3ce352b4d43a32cac1dadcc31cfddc52ed0142ab6f5ff7df65163d2924d1077f2041f0440169", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583025, "uuid": "c3efda8c-fc4c-44d7-928a-053562087a12", "value": "T10E05C01AAAC38DD6C6A9473504E28B3A1BA0CC5399639B1733DD7F1C77F2E809B53191", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583025, "uuid": "dc4e02c8-ce10-4fbe-90ef-56ea538472e3", "value": "12288:+kpRORMHc1NyMjf+1TIQ+kmw2LRpICLlfhd:+TGqFL+GQ+zZlLlf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583025, "uuid": "496b0e0a-c22f-4bf7-ac28-dda73d277ba6", "value": 814080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583025, "uuid": "fb5b3f58-6f84-40a6-a329-416d68f9bbaa", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583025, "uuid": "cc28ff6b-0d99-408b-b67b-efe5d431298d", "value": "FORMUL\u00c1RIO DE NEGOCIA\u00c7\u00c3O IMPLANTA\u00c7\u00c3O_COMPART_REVISADO.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0dd7cc23-c98a-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679583029, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583029, "uuid": "61e656c6-833b-404e-b999-588f4700b56c", "comment": "Malware payload", "value": "46c6f6340de6f98ed967ba34ab41783a", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583029, "uuid": "3083f078-f7e3-49aa-9465-ecb8e923559f", "comment": "Malware payload", "value": "fb26c7ef83b4183cdf18d27f0e465fe2bc957fd0bf6f6cd099a8e64da06332d2", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583029, "uuid": "17d53cd0-457e-4f84-ab0c-484205a89232", "comment": "Malware payload", "value": "bf411b77ae19dc00cd20598eda9853eb129a5c63", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583029, "uuid": "acf3abb7-b6cd-4022-8d72-a9f04fe543c6", "comment": "Malware payload", "value": "59d9b52924862fc2ee75ec7b16d11cdfba17d19d0cacd371f7f6db33975f21f56d4f693ccb36926d6a93f1ba89aa548f", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583029, "uuid": "3416af01-403a-46e4-82c3-d357997e0705", "value": "T11AA3012D329CC644D0A5F2769DC6C6DB7A31FD81BE86978732C4334E287ADC18467A27", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583029, "uuid": "54ec86e3-8b28-498c-8170-deded31d584c", "value": "1536:E2h635PVYkuE+hbLNCsrr2eDSyYCvinlTAHpPUDPKOfK+HnhAJ9+cAVp24zoXJq0:E2hqPVYk0xMBUhYmilTLs+BA1wE4zo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583029, "uuid": "4cee8b84-d7c9-4cb0-bb1f-5793122d011b", "value": 104448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583029, "uuid": "a1986923-9dde-4985-b003-312b9fe46c12", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583029, "uuid": "e056a009-8c19-46b2-91be-adafe05f285f", "value": "060114-2023_001_03.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3facd319-c987-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679581824, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581824, "uuid": "06cce2a1-e6bd-4c1a-8342-4b770d4a7789", "comment": "Malware payload", "value": "9a8a0fdc6d95befe7cd88bd9bf373955", "object_relation": "md5", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581824, "uuid": "5367ead6-cf1d-4884-a74c-b6a02ee2656c", "comment": "Malware payload", "value": "fc1f2cee53636f3eb5081a37193becb2df79e421922a33588690682b760149c0", "object_relation": "sha256", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581824, "uuid": "09fc839b-b147-426a-8838-ca7e4ad6f054", "comment": "Malware payload", "value": "1e1fdcea92e357437e0657eeda4aec09fe229d9e", "object_relation": "sha1", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679581824, "uuid": "9dbf4c65-c573-4e3d-b9d9-9a332432547a", "comment": "Malware payload", "value": "5cca1c1743228aaacad58bf1bb22fa65a04b495670cf48c2c11b91e18a5baaf32e58f7bc6d622bcd63be0c8a37114567", "object_relation": "sha3-384", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581824, "uuid": "e114a2fc-6236-4ecd-a5c9-9606b79e6d6a", "value": "T19D31AE2C8F70F9D1076E7250893E1D8F20551A67C7B32A7CDF12046D1D29766EB2A69C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581824, "uuid": "ccb30eaa-23f4-49a4-9222-a76b3e5e3466", "value": "48:oVXPcURG9JURgzZu0cwPswo0NIthSEq3DiOEdOEt9y9HaD/Kz7:o9P8DzZDcwkN0CthzOEdOE/y96DK7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679581824, "uuid": "21c6bae6-36f2-4b6a-82ab-38f28734a7a4", "value": 1630, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679581824, "uuid": "d1cebae8-4cd8-4d5c-b359-b35f3b4c819c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679581824, "uuid": "beaf326b-5293-4008-9069-cd98493d95ff", "value": "1.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "411f2bbe-c971-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679572377, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679572377, "uuid": "2a7a7d4b-d7b2-4833-b25f-0b61b2f749b6", "comment": "Malware payload (Quakbot)", "value": "abd6b0be804925cc30d1710f7f578e5b", "object_relation": "md5", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679572377, "uuid": "66ce8cc2-b2a7-4cd4-a997-4ceca9ecdaf8", "comment": "Malware payload (Quakbot)", "value": "fc288dca9a815813f28c8f9c5d3b02cf85719bf127a0972491849d546bfa3ab2", "object_relation": "sha256", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679572377, "uuid": "94020ff5-98f3-4694-9e27-6d33ec91498e", "comment": "Malware payload (Quakbot)", "value": "f25c9262040206c863040c777ff5ff90abc57b4a", "object_relation": "sha1", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679572377, "uuid": "5ea500e0-94e1-4e7b-b0bd-a6673c74b64a", "comment": "Malware payload (Quakbot)", "value": "2173d480601e64ed80683267b53f4739497935895fa2b22c48367da574c49718fe1962b4f74ca224b700cfd9549e90ed", "object_relation": "sha3-384", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679572377, "uuid": "07a58662-d116-4449-a37b-67b113947a04", "value": "T142B42916E10390FAC95A2BB64947A9EF3124BB09C5341E5DDA9C0C19F73BD02762D2BF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679572377, "uuid": "bb8d4a36-c2d7-47f7-9abb-c05af490594e", "value": "12288:hNg5j3vw+WqFlWJfkuVwe1ULXv6tHKK7:o55FgI6tHK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679572377, "uuid": "f5a4c869-d594-4fe3-8547-fce2cbe9b8ce", "value": 521195, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679572377, "uuid": "860897e8-cf62-4edd-823a-a74243c66416", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679572377, "uuid": "5e03625d-0975-4b78-96a2-5f6270026526", "value": "diaphane.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60861815-c9ba-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679603783, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603783, "uuid": "eb4c09c7-ae09-4120-80a6-6573f7a2fc5d", "comment": "Malware payload (Mirai)", "value": "6a5689b1be862b89400d46b570ad3feb", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603783, "uuid": "159cba23-c029-4a0a-9446-a2e14791b99b", "comment": "Malware payload (Mirai)", "value": "fd7509992d90badb4cb42623cbbfe8f9c63607faa4025d91ce5b528014f9d73e", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603783, "uuid": "b49b1924-a97e-40bb-9636-346d3b72b8d9", "comment": "Malware payload (Mirai)", "value": "2945ca4fc1ae7fc92fd8249e8c206eea0a4cd1ea", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679603783, "uuid": "448ea1fd-9056-4552-abb9-2aebcbf2c2ac", "comment": "Malware payload (Mirai)", "value": "52c96a7850a93264191fb1305aeaf17ac9b5581a71b7fdba2f09e5b63b1e73c3616283b45e1d541e81aff8492dac0bd1", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603783, "uuid": "01678a31-d008-4357-9e84-88d1a10c096a", "value": "T115E32A56EB408B13C0D61775BADF42463323ABA493DB73065928AFF43F8679E4E23905", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603783, "uuid": "c63d092d-f38d-4f9a-abb3-9300e9d59bca", "value": "3072:JLUTTSmaa9Fh8wBIBpne4OiKd3h3GSxQcM/9JUcuc/:JLGaa9Fh8wBILneNth3GSrM/9JUy/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679603783, "uuid": "7e389808-6bab-4a20-8faf-9f9a1984580f", "value": 148698, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679603783, "uuid": "8cc53618-6c34-45fe-874a-6d6f671fa82e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679603783, "uuid": "17633458-1a07-4db5-be86-262a25d67db8", "value": "nigga.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ef6696f-c98b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679583460, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583460, "uuid": "0b13a1b5-c179-4141-bd20-608b85f4f5bf", "comment": "Malware payload (Mirai)", "value": "0263b290ebe093d93610fe46eda2252f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583460, "uuid": "131c04d7-4686-42e6-b1b3-7b613ee3d030", "comment": "Malware payload (Mirai)", "value": "fda8598a13eb66198cf16beedc09c8fa3f03e19f4d714856dc5f142e0c1cb732", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583460, "uuid": "987da9f3-3631-4604-8cae-5a58c5f75ff6", "comment": "Malware payload (Mirai)", "value": "a02af50f408188785c25aba9d22e7a6fcee2174b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679583460, "uuid": "9f47d5d4-1fa4-464c-90de-2f7db1846c6c", "comment": "Malware payload (Mirai)", "value": "169358671bae9b05192cefba938dc0233c67731bec657898888a42760f78301f9560f612a391dfe9a91f4e7786b65312", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583460, "uuid": "5af0395c-9feb-4ab3-9b30-4d75a0626a44", "value": "T1ADE33B56EA408B13C0D61779B6DF42453323ABA493DB73069928BFB43F8279F4E23905", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583460, "uuid": "99dee1d5-efac-4828-a72b-2619f5d26d0d", "value": "3072:iJLceVpEpBRc0aAHbz4Nb4JJXpIe1F3UXMknM/9cwAY:iJLcBG0aAHbz4NsJJfH3UXMEM/9XAY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679583460, "uuid": "9f6ac721-99bc-4efd-8fbd-cc047bc52e22", "value": 150610, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679583460, "uuid": "fa287a75-7752-4a5e-acbf-1708d84bf91a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679583460, "uuid": "249d7ad1-fb58-4687-bb97-ceaa1485d280", "value": "0263b290ebe093d93610fe46eda2252f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "395e2b97-c941-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679551749, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551749, "uuid": "00443610-4226-456f-aa3e-69b1c7fcb89d", "comment": "Malware payload (SnakeKeylogger)", "value": "d5d7ea5bd2503fa0a3efd0c83196b69a", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551749, "uuid": "09d674f6-2ea2-46c1-b140-a1471977f297", "comment": "Malware payload (SnakeKeylogger)", "value": "febe551bb0804e8707e938b42d4d31143525cd024782251bb043cb0691e7d105", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551749, "uuid": "b5cdda47-725a-4efe-a969-b2d5c25111b9", "comment": "Malware payload (SnakeKeylogger)", "value": "5e1f2f6ada8234994fcd652a1e9d6db13ee2e94b", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679551749, "uuid": "713dc936-1300-4337-b91c-17c0b1744f5b", "comment": "Malware payload (SnakeKeylogger)", "value": "acef29f9f6f169b921f8b64a2d438f03fbf769dc3d7c5304540a006ad44d468b0d45bee0fbe0aa5871882b36aa00a69f", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551749, "uuid": "07d5ee35-9761-418c-9e61-2d8af36ed3a6", "value": "T1F6350213F6858D06C44287B66BA379D8531EBC623BC6A2C72348770F5F79AF4890761E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551749, "uuid": "3fba6695-de73-48dc-936d-163557e01936", "value": "24576:mLKIWQmmav30x1+MXU6aTf+MXUw3bV4+MXUJ3bVMMm29V0a3zlD:mLKdQmmQ303+MX6b+MXL3bV4+MXm3bVX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679551749, "uuid": "43b24d0d-f21c-46a2-9dc8-04810f3ced9f", "value": 1157120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679551749, "uuid": "c276a933-9383-47c5-ac75-292963ddb2e9", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679551749, "uuid": "de6a530b-173b-4ec2-a36f-b5c8c7bf3af3", "value": "Document for clearance.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7fb43564-c976-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679574630, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574630, "uuid": "b247b540-dd0a-475d-8449-d5bbeef12f36", "comment": "Malware payload (Gozi)", "value": "39ed3dc2c0379081c17b7c7f8f4d0361", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574630, "uuid": "8bd2665f-9b82-4cbd-b159-958e1e4f761e", "comment": "Malware payload (Gozi)", "value": "ff4c81e44d9ce70450dc06f8385b3ff6fad3a340732e36600821e8f10a96cc42", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574630, "uuid": "dff7169a-062b-4a61-8193-f12c40ca9726", "comment": "Malware payload (Gozi)", "value": "d1110d555dc9e39000ada536ca03406866c53369", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679574630, "uuid": "8eb89fb1-dc58-43f4-970a-c9cdd6016493", "comment": "Malware payload (Gozi)", "value": "0d6a42ffedd660364318884bc857a1c16cbaeeee5e92984e79cc25759896c0a03330bd6eb614f65072f77a5d494f2220", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574630, "uuid": "3a47978e-7016-4860-a112-4d685c7969d3", "value": "T14BD1783682582FFF687631AD1C1882B321B2957B7A7F1DE7B47005A8250CF1081B6EDB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574630, "uuid": "20885f44-260f-4a38-bffd-a4541edd2a7c", "value": "192:M/fnUwLR8EzDM9a9gJ3txMrwJxwYCYhfPLrFaLc:dY43Jxw3Yhn/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679574630, "uuid": "b3e44c7f-4fa8-41f3-bd48-789df02600db", "value": 6569, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679574630, "uuid": "85e9dd65-2a2e-4f54-96c5-ac1fa1088f4d", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679574630, "uuid": "1663daad-97da-46fd-adab-1acd62fc9d5c", "value": "Fattura 3561 2023-300928.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f659dc9-c97c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679577260, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577260, "uuid": "c8881b93-c4ab-4029-b085-9413ccb8c564", "comment": "Malware payload (Gozi)", "value": "06e502631a77aaf9adac333d54faf3e7", "object_relation": "md5", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577260, "uuid": "1218da89-b0b0-4b6e-acdb-058761591b5c", "comment": "Malware payload (Gozi)", "value": "ffc0ce144f572f1401fce025d818ea6a7d5767d6405ab992614fde70a98cfae4", "object_relation": "sha256", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577260, "uuid": "c8ba64a5-4ca6-4c0c-b099-297e50cf31eb", "comment": "Malware payload (Gozi)", "value": "b6129c9e260445dc9ac7744009cd5045c7bcd073", "object_relation": "sha1", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679577260, "uuid": "20af33b3-526e-4e8f-bb28-36e692f6bb62", "comment": "Malware payload (Gozi)", "value": "6c3d91a6ccfb68465ecf2b01255d2146f1651ad9310cfa7d303f74091037feaa66ff29753a2a065773aa51418f235872", "object_relation": "sha3-384", "Tag": [ { "name": "EUROSPURGHI", "colour": "#534A2D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577260, "uuid": "f3f5778a-bf3c-43e2-9c8e-f45d45ce2943", "value": "T151D1473682581FFF287631AD4C1842B265F2957B7A7F2DE7B47005A8251CB1081B6EEB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577260, "uuid": "f66f0e93-d2fb-4e57-b899-ccb255ad3d9d", "value": "192:M/fnUwLR8EzDM9a9gJ3txMqNWNwfPLrFaLc:dY4nEGn/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679577260, "uuid": "4407be92-98d2-44d9-92bb-e0ac96ba48fa", "value": 6545, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679577260, "uuid": "e7d7cb5b-d06d-494a-ac28-f8c853b52c75", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679577260, "uuid": "d34b50ef-5264-46f0-a511-725afba1542c", "value": "Fattura 3566 2023-300933.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }