{ "Event": { "published": true, "date": "2023-07-17", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-07-17", "timestamp": 1689638581, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "8df6da02-41c9-4132-9d20-bdbba16d768d", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "466ab49b-2475-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689579660, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579660, "uuid": "fd1570db-3134-4442-bdfb-e5a434dc5ce0", "comment": "Malware payload (DarkCloud)", "value": "394544623b6f2cbe2c13cf9cf164e423", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579660, "uuid": "b487407b-2aff-4bd5-a79a-ce159046e8c3", "comment": "Malware payload (DarkCloud)", "value": "0093f1637be7794e00ec4fef75295dead87dabc6783c99d5fabbf7c24a275ff6", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579660, "uuid": "2c50be08-9bdd-4116-b0c0-42d8dc74a1f2", "comment": "Malware payload (DarkCloud)", "value": "adec3dffb3b19ea335700ed6573f78651ec85c83", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579660, "uuid": "8a57c885-ccf8-4c8e-9447-321519b1d34b", "comment": "Malware payload (DarkCloud)", "value": "2789fb3db6e6d0e48c9999d3a1d10ae27fc115ee1bdc0818d7f91020a4daf9f625c17e8ebf821dda9e4c3ee9b2ec1853", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579660, "uuid": "c29cb2e4-a6a5-471a-ba8d-255c79c5d487", "value": "T153641218AAE1D467DE2726301EAD123EABDBE5031CA8CB0B3B00275D36765A18D5F752", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579660, "uuid": "8c93e8b0-dd3d-4c75-9259-77c7ce84d10d", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579660, "uuid": "b7b9b8b1-cd68-41ff-9b88-d62dc8e31614", "value": "6144:/Ya6dofLIcIdNbD0r5X2W4FdMavffa+QWSz0nG2x1Pb:/YvALwb08WGMUiUNGWJb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689579660, "uuid": "4f949231-37b9-4bcc-9bf3-dd830663625a", "value": 328420, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689579660, "uuid": "ab367f43-6042-4b64-af6d-d5b18e01dd34", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579660, "uuid": "b2426642-a188-4eb8-9df6-ddd187cf27e8", "value": "Invoice 222240.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25103a07-246a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689574880, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574880, "uuid": "62b573db-5b4c-42d2-9d3b-82dc323a5a59", "comment": "Malware payload (Formbook)", "value": "0b53570dda412c985f1913d0ad097b6f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574880, "uuid": "76d37cb1-c323-4daa-b4e9-45bcd2961146", "comment": "Malware payload (Formbook)", "value": "00d4da9d4fbc98752b5b2d9ada463a4c5cd3ebfde5b81821525727b3c258a4de", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574880, "uuid": "77f419d7-fc34-4f8c-a28d-8e52d0a12b56", "comment": "Malware payload (Formbook)", "value": "69e8648f91033de6b221c969fa1804b370f9fea1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574880, "uuid": "ab502d17-de47-4615-ac25-ba59cac9b312", "comment": "Malware payload (Formbook)", "value": "78e4a14940714d1edb55155ab877e662f9d4335d360b5f3609043de9aee8c7f324a0c2b635cb827b8565408f9e80b12b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574880, "uuid": "84990e1e-6bce-42d8-8021-58ad120b1688", "value": "T18B54124930A9C837C0724DB02E3D66FA5FE5A827216B871F1B406F56BDD2392D51EB23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574880, "uuid": "ee617d09-b20a-4866-aa34-5833957655dd", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574880, "uuid": "d703b597-5299-44dc-8d23-26fb6ad145f6", "value": "6144:/Ya6R+XvLSi08M0pKNQkK/1D7oTr+xGZ/e3AaNAJpm3hAjttdNYFb2upPI:/YDqL68MNXuDaPWw9jttdFupA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689574880, "uuid": "910137cf-ef26-4fd0-a4d2-dd5a6a448f44", "value": 286742, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689574880, "uuid": "4697af92-6a6d-420b-be9e-a1f673be90cd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574880, "uuid": "2d7fd078-1793-42f1-b96f-b6309ac8c857", "value": "TT payment.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2f4908b-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1689594928, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594928, "uuid": "2863cf0c-3485-4d6a-a557-7ba2416dd64a", "comment": "Malware payload (AZORult)", "value": "e3230173517b0936f5b2eaba26fc3e35", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594928, "uuid": "803d265c-d0a1-48b2-b902-26b5802a696e", "comment": "Malware payload (AZORult)", "value": "043bac5e56f3862281fcd2bc06a6450235f4fc33fc4cd7f939c50d65aa856c85", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594928, "uuid": "15fe2cb5-93ea-450c-807d-e59146f86354", "comment": "Malware payload (AZORult)", "value": "d9746f459fe1fbcbe1c945b04af036ad1b9c3cac", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594928, "uuid": "72788be2-75b5-4e15-a059-5eb03f432d8c", "comment": "Malware payload (AZORult)", "value": "5bc6e6b7a6ae1e14353b229ad138d8bdd4a054af2c2ec30792944ae1128d1497db646a9b3cb55ae626b1da1cc0271285", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594928, "uuid": "c800186a-b8e5-4c51-b4f8-797011b67d23", "value": "T14EF322AEF1A443B2D15A438BB6CE063C34AB503EF096E598014C624CBF7AF535F0686D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594928, "uuid": "c7fe0355-2a21-4b4a-97a6-9131cd61dafc", "value": "3072:k4eeMUGrk37ySBVU7tsDLkg6xpjRv3xpgSARcbfM422iSVvpf:k4aDrWeSBioLJ6vjRvTgDcDXrvf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594928, "uuid": "9bcfc1ed-9ec4-49ed-8785-f199385ca71e", "value": 167399, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594928, "uuid": "90a81f71-dfd1-4efa-b642-99c0bc4e71ca", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594928, "uuid": "684dc386-61e2-4fc8-8959-749423215adc", "value": "CI150723#856_1.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6bedb5a7-24d6-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689621384, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621384, "uuid": "185ac593-176a-4518-99a4-53e7773ea2ef", "comment": "Malware payload", "value": "849b14697f13d701ccaa9d49e51d6326", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621384, "uuid": "9c0baafc-e665-4690-a53a-3e6af3b658bf", "comment": "Malware payload", "value": "0532a82db5727b773fd280a5bc3ffa8b3be3be05bf5a9c125dbdf5f1e9fa63ce", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621384, "uuid": "23f4fcdd-5e07-4095-b608-da20a07f366f", "comment": "Malware payload", "value": "521c657eaecbd20793837ae8e2dd0df21218a3a3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621384, "uuid": "fb31ec9d-cb23-4b15-a2ae-bab36fbdc06d", "comment": "Malware payload", "value": "33546470e2ec54582548042a4b2d06c769502a7a19084b59005457b6a5701624011f680c570673586047a244cb09b6f1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621384, "uuid": "e2678e07-7102-4cf5-957f-e422177041f5", "value": "T147B4F125B584C032E5D212310AE6EBB22D3B7D715B26A4C77B90776E6EB03E1E674307", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621384, "uuid": "05f43065-080c-47b1-ab25-d81cc1657e20", "value": "de58f4fc29c988fcef0248564284d0f7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621384, "uuid": "717178ee-e812-4dd1-9171-b678cb59fc14", "value": "12288:HU5rCOTeiJs9MsdOfOTxqvrU9LG7DWE1NZ:HUQOJJSMsdOCqvrkG7yE1N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689621384, "uuid": "3cc6d37f-0b57-4330-9966-cc5fdf098351", "value": 499200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689621384, "uuid": "2e272ba4-3dd1-4f43-96d6-b5513aa8708e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621384, "uuid": "9dbaca0e-d6a4-4e84-8a2d-68e2bfa1af19", "value": "BEAE6C02.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "806700e1-247c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689582764, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689582764, "uuid": "0e3d6cb4-5634-421d-b721-288e26ef2092", "comment": "Malware payload (Formbook)", "value": "db87d37e4d62652c15461f7ce9d4e421", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689582764, "uuid": "f64715a0-a604-4e34-836f-469c8a8e4605", "comment": "Malware payload (Formbook)", "value": "069c950a32202ddbc87a79ec8b364e0c8da4f2a0a217b2a4500cc05058b0c483", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689582764, "uuid": "b7e1ad5b-3574-43b5-bf78-f7aacfdb7693", "comment": "Malware payload (Formbook)", "value": "8a3e72212b222e344fcb7c5f45e0e0146c455450", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689582764, "uuid": "d75a2467-5459-4b60-b6ec-b5a1ab6bc17b", "comment": "Malware payload (Formbook)", "value": "cf49329a2280387f2a587fc45f47a3f364d7a04660fea9af9c8b0739e9482ac840b63d099f16fb317d07c62b6ee4596b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689582764, "uuid": "761ccc5f-98b1-4836-a976-7878e1bd7787", "value": "T15264F08F4BD601F4C5E48836B7F982E801F066AF6411A7BE94802AF9DF1975AB5434F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689582764, "uuid": "38b56616-610b-4d83-acc1-502122a03244", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689582764, "uuid": "880c212c-77d1-4f42-a285-53b617f29236", "value": "6144:MiU//2mWwYQ9svBIUDbXSpt2g9izux6qcuNJwEM:MV/mwYsgdz9i6Ubp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689582764, "uuid": "e014f862-eba4-46e9-a986-39c0991ae39d", "value": 331776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689582764, "uuid": "42572e88-5fac-4757-b4ec-9a0a87cbcdf7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689582764, "uuid": "0e11ee5c-1c09-436b-bde7-d4d5ad090fa5", "value": "SecuriteInfo.com.Trojan.GenericKDZ.101769.5867.15380", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7c11092-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689594963, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594963, "uuid": "e090a7fe-ed21-489f-ac67-9bc4543fcff6", "comment": "Malware payload (AgentTesla)", "value": "91fbaa9b86d2bc465c7baebdf55d1515", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594963, "uuid": "25fbc4a7-ece9-4bbe-8608-3715c612b533", "comment": "Malware payload (AgentTesla)", "value": "07d57be45fea3d3dd53826289b78a4705d89a3bd2f23ae99bc83ebda066cedf6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594963, "uuid": "f068ec8a-b212-4430-9fe7-21fd0fa1369e", "comment": "Malware payload (AgentTesla)", "value": "950f361e341126266184336744d18c3d551427ec", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594963, "uuid": "c0b33ce2-3953-49a4-97c9-caa45c8831a8", "comment": "Malware payload (AgentTesla)", "value": "691d1812765ebdfcf081687c6cf6d02603d52db6d5f5a1a12943ed8f30d6ef40fcee362c736d62ef07255701a9fb3e81", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594963, "uuid": "733c15de-fdab-4c04-b6b9-047f122f09a7", "value": "T1F7B423171004EDE02554C81A6BD84AF62216A494A9EFCEB7D890BF3C6C5F9E12DB3F35", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594963, "uuid": "2e490879-93da-4316-a1c2-d500952af0eb", "value": "12288:oWZFOsrFhaqU3T1f35eNB3TgtAvQEeaxmyWJ5o8lGN9xg0JS2PErJ:RZFOsnQ3TFeFUZImN5FGe05PQJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594963, "uuid": "ddb69363-9cc2-4097-b756-40fae0dc38fb", "value": 497844, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594963, "uuid": "2ac813ee-2f51-49d8-8e0e-c39c2ac769ff", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594963, "uuid": "8016965b-f4a4-453f-aa9e-c6115b8e5211", "value": "SOA -- 17 JULY 2023.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2a6258e-2466-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689573399, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573399, "uuid": "5a14330d-34cc-4ba9-a8c6-6a9ed3a78559", "comment": "Malware payload (Formbook)", "value": "f9eb770884f2368ac1b4ea7e796e3932", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573399, "uuid": "3ccc741e-26ae-4e4c-90e0-9e93527e3e63", "comment": "Malware payload (Formbook)", "value": "08ac03b06090f79486243eb5b244715ceb3389f52be4eee2b695d2ae80ab20c6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573399, "uuid": "3576a4bd-c95f-47db-8adf-bb14266f78df", "comment": "Malware payload (Formbook)", "value": "d24ee670f08f19d11e112cd676d6c734961022a7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573399, "uuid": "506ebb11-78e1-4f3d-b704-9789df34c3e3", "comment": "Malware payload (Formbook)", "value": "14ff5d5227bc7a3be4adc04c341f3b28af9d4e37740a82b0f280d38a899fb4178cd6e53c9e4e80cdf28339e2adfeb900", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573399, "uuid": "c024cd66-0048-4dee-963f-9533c693b840", "value": "T111542368672080B7E5A219728CBB0715BFE1E932095CB20727B0CB96BDB27135B1E771", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573399, "uuid": "e206c5d3-8189-4d28-87da-f9f6f8be2f44", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573399, "uuid": "94f41a2a-1d54-4d10-85d3-ee0bae817f57", "value": "6144:/Ya6iAsqSnft5R3KLxJtEHNUrfSBFIzVZMSRoq7aoMxgy:/YsLqSbJmEtv7dS2Xgy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573399, "uuid": "4d332961-a8d9-4c9c-a3b2-ba04bd742169", "value": 286834, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573399, "uuid": "2fa91cae-9c50-4600-a40b-a78b51cf1b3e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573399, "uuid": "108205a8-20ff-4225-ab52-040bfd75614a", "value": "Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a9bd7e2-24bb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1689609625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609625, "uuid": "df9258d8-5024-4068-a357-8f757178033b", "comment": "Malware payload (njrat)", "value": "09f87e9acea317ca581d3d31655381b2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609625, "uuid": "b6f0b9b3-f0c0-4dd2-9bf4-4ed182328b88", "comment": "Malware payload (njrat)", "value": "09aec8bcc0b5098a8dfa767242c2b272807d72cfd68d501ac38278212432fb05", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609625, "uuid": "9e6069b6-e48d-4448-8cfc-9d7e962b45e5", "comment": "Malware payload (njrat)", "value": "ea32a129164c514976df324a2959dca2a0fda744", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609625, "uuid": "7e136a85-483b-4e30-a607-b5ec97c63d7c", "comment": "Malware payload (njrat)", "value": "8d0dac96a090c21dc43f9864100bf877267eead41074e829631d6f812b7bb6f9525b91092d5b55c96168557142a04aa3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609625, "uuid": "71895376-6a6e-45f3-bf76-5134aad5a7f5", "value": "T1F1C3A6BFAF576761C6FD26BA841635520572411F0B01BBBE48E288FCEF256D12A4BCC1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609625, "uuid": "57cff291-8126-45b8-8b4f-7df9b08ea03e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609625, "uuid": "948a1339-891a-46e8-8c21-a289f6bc8c35", "value": "3072:1rtKSd5Wl7zO5tFGQ0uxWHee3f55kkBtynziY:1ilvO5tFGQ05FfH5GnmY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689609625, "uuid": "1542c65c-fda1-4197-beba-6ab6a8713417", "value": 125376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689609625, "uuid": "16e0cf06-a02d-4afe-8f20-940f78f7c505", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609625, "uuid": "1e9a43ed-b7d7-4cd1-a2b1-a89dc91e3335", "value": "09f87e9acea317ca581d3d31655381b2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38fee879-247e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689583503, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583503, "uuid": "6d979d44-4d9f-45e6-bebb-a084a9c50c1b", "comment": "Malware payload (RedLineStealer)", "value": "daf302aeac785559d4a61a9912f288c6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583503, "uuid": "d831addf-b7b1-46d8-a530-4cb0d4501383", "comment": "Malware payload (RedLineStealer)", "value": "09f89ac0263d1c33049e491cdd1b999cf27f464a41584ae249e9daa0c83a9456", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583503, "uuid": "04eec80f-2d20-4408-9c24-ceada7d76aa7", "comment": "Malware payload (RedLineStealer)", "value": "ae6e5891adb6149b3c7219eb1d3983bc6f10cbdb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583503, "uuid": "a75a624a-bf0a-4fbe-9936-882d40156712", "comment": "Malware payload (RedLineStealer)", "value": "3bb2adbe1e4ac27dffd79c491caa368ac89be46dd7c184640236efa6fc9403a4cd89e81ab2adefccfbe8e869cd8d0993", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583503, "uuid": "7569a819-4cf8-47cc-83b5-c1350858b8a7", "value": "T1F8F4BF0BB5CF15A3F987D5312D2FE97400EAE9357A0D1B9350E5260F062ABA4BDB2353", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583503, "uuid": "b5b3fcb3-7531-4403-b374-2444aa002978", "value": "5826e2bea2981d413e896f41d08c994e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583503, "uuid": "08f71ab4-8c99-4ec6-9402-959a0368f427", "value": "12288:OiF8yKSEk0ucH3THg2jbiREK4on7T4RER9pT9WZXLWc7w8WdpA+6OpK:OEf2ucJHiREK4o7T77knWdwOpK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689583503, "uuid": "915ce0a9-46ab-4508-b943-6c6d11af3794", "value": 760832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689583503, "uuid": "4a55adbe-d19f-4a06-9caa-edc908498315", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583503, "uuid": "616e685c-f05b-45cf-8886-1bf5d1772d4a", "value": "7A05A82B.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "419bf3ef-2468-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1689574069, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574069, "uuid": "41122dc2-8f58-4a97-adea-c51bdd54ce97", "comment": "Malware payload (AZORult)", "value": "0793bb7d9f45c0861870ee73df976612", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574069, "uuid": "b589f393-1a36-4cfb-8f41-a52ae357462a", "comment": "Malware payload (AZORult)", "value": "0a0aee862a220ef9b3c5930319ab048750c71d6a8c24397006220c04627006a4", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574069, "uuid": "d866de08-5e8c-4f06-b0a5-79f884cefdab", "comment": "Malware payload (AZORult)", "value": "7c3fca697a0bac130210268d43373f1ccbb5f1a3", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574069, "uuid": "c2ddd57c-44fb-4bd0-8a50-5fb439b37f3c", "comment": "Malware payload (AZORult)", "value": "23a83b91a8eeabb061d21b6fb7836ce31d28bd723328b370d8d8d196e385c22ea87d4d7138e5ecbb59dd54eed184be5e", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574069, "uuid": "4fad8c5b-c46c-4ccc-8a30-3a319ac69621", "value": "T15FF301343691D0FBC76253B01DB3AB27F7F6916500D26B03AB842FCE7A26587A12F641", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574069, "uuid": "5d41ba10-7438-4a99-88a2-d5cd116be5bf", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574069, "uuid": "5da959f6-dfd6-47ee-a4d1-16fbf6f47f2a", "value": "3072:+NzPHk9MpcQbieY9HthGDwoIUqO/kj6w6BH6cEmce1t2xPQJd7obteBgA:+hRFizRKMlI8j6jpnj0Pcd26B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689574069, "uuid": "39006ae7-b486-48c3-9d2e-a0582337a674", "value": 162155, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689574069, "uuid": "290d2593-e41d-4d93-a04c-955fff2ec664", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574069, "uuid": "2fc9a422-9bb5-4afc-a13e-964fe22ab63f", "value": "Ziraat Bankasi Swift Mesaji.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cdc53ba6-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689594920, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594920, "uuid": "2db08a94-267b-449f-9193-13d1f7da2547", "comment": "Malware payload (AgentTesla)", "value": "bd46acdc15a081dfba3de5defad052b3", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594920, "uuid": "c4cede54-9f39-4645-b19f-14d57281216e", "comment": "Malware payload (AgentTesla)", "value": "0a968740cea9b50c4b2f4de1bde515325e2defc9ac034a0f4a1c904b7e7ba4d1", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594920, "uuid": "5b53636e-9ba2-4d37-b578-b8b2d9340efe", "comment": "Malware payload (AgentTesla)", "value": "7b0583ec8a8386e917f3261c75a44f250bc37e92", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594920, "uuid": "82e1b113-fcf7-49d9-912b-1fb1a2353052", "comment": "Malware payload (AgentTesla)", "value": "a0b061348b2e3466060dd4caf150b796dfa54f1b30d9f9a345ff1f11f1edba5f2bdf166c33c050c18fa6e8c75beb138a", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594920, "uuid": "6c0464c0-c120-4139-848c-925fd4d7a28e", "value": "T14DB4235ECCF63951B2B083BE4F4156A78FCA073CE43E6816FADF6798D01B91249C4296", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594920, "uuid": "6e05e8b9-95c7-4fd7-b014-499052df383d", "value": "12288:rgz4ZgBLwEFJQ0r4rj2iWauKgF6swsJrrWh2eW:rgz4mGEFJVKjAL/Nre2v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594920, "uuid": "c2bac050-2bbb-4349-a699-49fa4b17054d", "value": 500939, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594920, "uuid": "cd8ce71d-cb14-4bad-a5a9-6035c7fb8c7c", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594920, "uuid": "d10fe372-2d80-4440-9bdf-234a1f402f47", "value": "Application_1.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6fa8de15-2449-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689560831, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689560831, "uuid": "01f67d4c-2bbb-4aff-9ef8-9235c7ec3fb7", "comment": "Malware payload", "value": "70cbf33942c24772cc22f310fbd25ca2", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689560831, "uuid": "79216eec-cbdb-4aea-8ade-5e3895358674", "comment": "Malware payload", "value": "0abe9206b37fddb9be3dae5efca3dff37a8fe3828d04b17568eb1c20dca46079", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689560831, "uuid": "597f7fb5-b16a-4c81-b915-ad82ee46c5e9", "comment": "Malware payload", "value": "4b66fb96bb46f20839d198e3a2311ba8db2bacce", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689560831, "uuid": "1b9a0f55-85b4-47f3-bec3-7e627e8bbf36", "comment": "Malware payload", "value": "187e5c1a59fdc21078f4fa3de708d20ab3205dc42726fff1a5a996076c12a9f86144e5720dddfa31b5ab62f80ee332ce", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689560831, "uuid": "89fdfd87-7909-40f7-bad6-70cd7a8c58d6", "value": "T114425D7EE24B82E2EF7946BF669F744C1975613003541AE34793040E4E81AF7F633A96", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689560831, "uuid": "32747812-b563-4f96-808f-0ca3aba83cf7", "value": "7fd46a7f56c0e23d5f7b090d08198d6d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689560831, "uuid": "d837ebdd-c7d8-4ee4-b5a7-be64ea24a022", "value": "192:TIZ7O78X3UmVd8X3pETtXiA37MhEaaSoPPqKprQS:TK7G678ETtBOEfPDQS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689560831, "uuid": "16fb51f7-6fc5-421e-8513-df6c32d54ca0", "value": 12288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689560831, "uuid": "20c83860-65db-4ceb-bcb6-76d98ac75089", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689560831, "uuid": "b4216374-ee69-4415-94e0-c9607e1881a2", "value": "SecuriteInfo.com.Win32.InjectorX-gen.16076.1655", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a200ac4f-24b7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689608161, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608161, "uuid": "f12972e0-e7a3-4664-b0f7-e78f597e8a50", "comment": "Malware payload (Formbook)", "value": "9ee4c51360fd761d15964ab9c1ae7a20", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608161, "uuid": "4fde2bf4-27c4-4808-9f6f-77338bd1ddde", "comment": "Malware payload (Formbook)", "value": "0b40ce8be039794618aee14d89e29cf1d69774619ca181c449bafceb1567b973", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608161, "uuid": "b2d67aa0-1f7b-40f9-9fd5-7fb3468562db", "comment": "Malware payload (Formbook)", "value": "49f852c6306c0f3f872345aaa8b4e791c444c45b", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608161, "uuid": "a8e7a00b-feb9-4892-9d03-01d142dc954b", "comment": "Malware payload (Formbook)", "value": "2eb14fd3caae65c1cc6361ab83ab076c1b07c477e346ba3202595e4012cc011747d36da85aa9520f5f88c44ee2f2ebde", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608161, "uuid": "2c617971-bb6c-4a3c-903c-fdd2b239808f", "value": "T11734236B488B02E5560C3FDE2904D85162980D298E65AFC95BE177F34FE367880BDBB4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608161, "uuid": "4522f6a5-9d87-4bed-bd93-5ff55f14e964", "value": "6144:iXGh3hgoOMcSHR3cXCVLIZeWdSb02gNXZXvAFo7P:iWnSyx3VLIAkB3NXZfAFQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689608161, "uuid": "0b1f79dc-3658-4c01-832b-205605d770c8", "value": 244835, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689608161, "uuid": "507e1f5f-8e51-469f-bce9-d50a70497901", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608161, "uuid": "389e0f5f-30af-4a94-933b-ea41090e717e", "value": "Proforma Invoice.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dfbb7313-2451-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689564455, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689564455, "uuid": "641bf138-ea32-47fc-834e-656cfed868df", "comment": "Malware payload (Loki)", "value": "416ba34c0f7b4b857108565cb23f86a1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689564455, "uuid": "ee463a9a-5acd-4cc0-9b30-3f0732ee71d7", "comment": "Malware payload (Loki)", "value": "0b50c21eaf003d03d2106fa01e52ba10d3f7eea769a2112025e2ee309b92850b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689564455, "uuid": "1731aae4-4d3c-43b3-9802-d666145a1b9e", "comment": "Malware payload (Loki)", "value": "29ce7f98ee101530470430f7293e2ff771d9f313", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689564455, "uuid": "40288792-64d5-48a3-acb7-ca9af2acc19a", "comment": "Malware payload (Loki)", "value": "c27c672c7744e43fa223622b58161a69685d6c9d16c337304a6df64864f0d665633ca6ed3f5e541b4adc1878ba0b4b3f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689564455, "uuid": "10034189-df16-4e00-b312-9b1570ec50b6", "value": "T1A1B4CE39503C87AFE743CBB7E435258222E003A66AF297DC8C7A255F7E75234E144AB1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689564455, "uuid": "4a36d70c-b363-4fd2-ab4b-129f9d376bdd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689564455, "uuid": "69a0ba3c-dae0-4fb3-a62f-f99e30286843", "value": "12288:AqTrQaSejL8ZRoduBmcBbOslNoErwvbNw7EejevE+:AqTrQaSejL8ZRoduxlNoEKxGEz8+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689564455, "uuid": "0b7ee398-08f0-4df6-9b16-85776f8a6ea8", "value": 508416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689564455, "uuid": "2eec5278-a102-4278-a614-26387afcd254", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689564455, "uuid": "47fa13ed-5c2c-44ef-9a2e-7606c8ee3388", "value": "SecuriteInfo.com.Win32.PWSX-gen.7835.16787", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd5db63b-24c7-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689615078, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689615078, "uuid": "1635f645-18a9-4033-afe7-fdbacbaa98e4", "comment": "Malware payload", "value": "e9cd592d655f9bfb210ecbb86e7769e3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689615078, "uuid": "8d7850ba-a509-448c-b8bc-48493ca5116d", "comment": "Malware payload", "value": "0c6846ca09d1a6476b4126ef69ddc5f212ec566c8e9cb76cbb320cb904542c28", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689615078, "uuid": "f2985a39-ea4f-43dc-9535-60b44ad7a3fc", "comment": "Malware payload", "value": "ed771db27498f138399004cbbd558a304e5894af", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689615078, "uuid": "9d1cb671-3578-4434-ab47-b83d1e63c033", "comment": "Malware payload", "value": "edcf28c26e66383d1576ed50ea85ece874ae449c595bbe0237cb70a0963ac440e47dac8614d8d28205cc51268f6a6797", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689615078, "uuid": "075bcf14-2867-4bdb-8fce-314490075b79", "value": "T14FE45E0739D11907D62E427E907C6A6CEAEEA61D117FD625302CC3E3B1F660CAA4D71B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689615078, "uuid": "7f433119-5d38-40f8-a759-a887d086dd2d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689615078, "uuid": "4cee1701-65de-48c0-941e-8fc1a4ac5373", "value": "12288:Pdw7GQIut7DjWmdc561oTOIYXFQzDbMIbTVW:Pdw7z7XrdGWjs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689615078, "uuid": "f1be2ab6-ec95-4f42-87aa-f58b137a2bce", "value": 705536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689615078, "uuid": "c34cfcba-a35a-4978-b0c4-6a1b1d45bba2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689615078, "uuid": "3f1cdd15-df30-45a6-8d14-051ef807f0ed", "value": "SecuriteInfo.com.Variant.MSILHeracles.47432.14347.5053", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eac77c7f-24ef-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689632334, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632334, "uuid": "985559a5-1d83-4a28-9540-5f9d9916efa9", "comment": "Malware payload", "value": "a1a46d17e8d30209b30d9e4f40d0c739", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632334, "uuid": "aeb9d908-188d-4d82-8173-8ada769de8c5", "comment": "Malware payload", "value": "0dbdb95eb4010320356f9a977a3fdfbd78973f7db611413e22f9fc224e3ed4e8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632334, "uuid": "8e78fe1b-7ce2-4554-822c-d5dfb37da5bc", "comment": "Malware payload", "value": "8d80a3ae073ccd3176e6bc6bc7e5a59951c54766", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632334, "uuid": "c9756a68-dd9c-42f8-95e6-da739fe63ca6", "comment": "Malware payload", "value": "438ab50dc82f9f1abfc5a84007d0e4a6d72ce15d4bb9ae8fffa034dcc31a13f682ec96ecb56ec9f040b29ed99fe7cbb9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632334, "uuid": "4e4bd701-9144-4449-aaa8-dece0ac9a657", "value": "T1D8840112A7EC5063D9F907715CF617831F36BC92ED78532A2746694E0CB3A80A87277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632334, "uuid": "a14884b7-0c6c-4cd8-b38c-eb1e0df991e2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632334, "uuid": "e8a04a22-8b75-43e6-a844-5ecf3f12fdc8", "value": "6144:Kiy+bnr+0p0yN90QEKThzJ8b9UUBueJEiu0dqCCcHnlRHg+hln9ABMC9o3R+FGxe:CMrEy90g38b2WTuncHnl9d7nKiR8g+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689632334, "uuid": "3a75dfbb-72ae-43cf-8473-6199a1c1de63", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689632334, "uuid": "ca3e771f-8e00-42e3-9e66-9696df94e833", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632334, "uuid": "73a9418d-e97e-4d3b-aa52-ce3b66341230", "value": "a1a46d17e8d30209b30d9e4f40d0c739", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e390b35a-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689594956, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594956, "uuid": "59d3b708-a5f0-4d12-872e-e96038682d8a", "comment": "Malware payload", "value": "fc80eaa8dc5fd0e02d01e08c5b096176", "object_relation": "md5", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594956, "uuid": "9da4cada-05d5-4ec6-84da-7acb1f79c15c", "comment": "Malware payload", "value": "0e41b0fa5a3aacd59f2ed015d9bae73beffdead9e53699eda5e669f1cce0ceca", "object_relation": "sha256", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594956, "uuid": "61986689-5ab2-41ab-b057-293aa48ca832", "comment": "Malware payload", "value": "020e12ec596a055dba19b354a7e45956aac26659", "object_relation": "sha1", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594956, "uuid": "2005bf43-19ca-4b86-ade6-d8a42cd1bfeb", "comment": "Malware payload", "value": "7f51d17c6d162edaf20008ff77c412bbd9439928fc9d4f87faf01c90dde87a9620214ea8bd9268570abfd9fc91aa91d4", "object_relation": "sha3-384", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594956, "uuid": "b823d9ad-20cd-45e9-b581-f64b66992e2c", "value": "T11705E1447F50B1CFEC61D5B2C63676166BEEAC25937B82025F207A057B3714E9A3B382", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594956, "uuid": "b7ae1201-8c26-4978-85a4-f8025403a325", "value": "6144:fYa64Lq+0tmni+Dvt7IVjbxUGWXFIlmZWrvct0F:fYqRImnoFiPFPMu0F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594956, "uuid": "2c4fbaa5-c08a-4f6c-8257-7edf8bd4d58f", "value": 811008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594956, "uuid": "985edd43-b04a-4c57-b77a-3fa5e8bc6712", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594956, "uuid": "cb3d813d-8a2a-4112-b955-b429e95a83cd", "value": "Senwa Order Enquiry 028727366.iso", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a75e30cd-247b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689582400, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689582400, "uuid": "e39b7147-7ea5-40c5-afb0-8202a003cdd2", "comment": "Malware payload (AgentTesla)", "value": "941734e4adf9b38559b784738780529c", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689582400, "uuid": "fe3fb5c6-a6cd-4f28-a245-7c282046222d", "comment": "Malware payload (AgentTesla)", "value": "0ebaf9f2aa570e5caa39d673bca5bd556c87b7ac4de3101688e39d6eb5640e68", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689582400, "uuid": "e2880c43-2d14-469d-8be1-8a2af9e2f836", "comment": "Malware payload (AgentTesla)", "value": "67a4f87cc5b07ab58f3be1528df1a002136bd5dc", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689582400, "uuid": "126fabcf-5bc8-4e4c-affa-e7b559867eea", "comment": "Malware payload (AgentTesla)", "value": "64ea4de97344db5e64abaf5d8e751a6deda9f9d42c50fb1f933dff3c90b629f39f9bfd867c4da3573baf55b5f3bf512d", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689582400, "uuid": "5a8898e7-d8ae-4f9e-9b0f-02250435b38a", "value": "T10094235824B1DE338968EDA4518FD4159B7F04D1917AB28B4DCDE64ACC0834AB0BFBDE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689582400, "uuid": "b06a4983-ad97-409b-96c9-c7a1a46b8dcd", "value": "12288:UiATLWm8mQfYGL0IaKJgCecwu7w/wfqVMi:UiWLr8mQfRLV1etuQei", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689582400, "uuid": "726b1447-d258-478f-a6c7-889c3506b706", "value": 433480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689582400, "uuid": "10b0f62e-1eb3-4dd0-a29d-68007c09e360", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689582400, "uuid": "8e90ab3b-b5b5-4b7a-8906-025b6de36b97", "value": "Img20230526_09173020.tar.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "831bc4df-2476-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689580191, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580191, "uuid": "99887d75-61b3-44c6-b734-e63ba112fe49", "comment": "Malware payload (Formbook)", "value": "f9c5a0dcc0b87f1f86736e64687b654e", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580191, "uuid": "5eabf909-cb0f-4050-aab9-9d6031d08431", "comment": "Malware payload (Formbook)", "value": "0f63a7b1fab28970c4a5e8024fc623d116d8dbd83ac15600285f2222b18ab876", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580191, "uuid": "bf9b6aad-ba07-4e5c-9aa3-321d3fc9bceb", "comment": "Malware payload (Formbook)", "value": "4ec07070c8a836084bf4eef29cdecfd202099919", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580191, "uuid": "05c707c6-0e6c-4167-b03d-8a2241e935b7", "comment": "Malware payload (Formbook)", "value": "6f8babd52d269b492e53575a49a27d126535343e530d0dca619f28f02b86651f22261e9cd59d583da03ceae98b1d2f32", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580191, "uuid": "cb184363-90a2-4ed9-94ca-66ae2ae61fe8", "value": "T1B23423D031AF819AF64EB93CC62114B78A516F031DCD4ADECCF3B9ADB15ABC14D65228", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580191, "uuid": "777a18fd-5754-474f-ba25-e7780c636fae", "value": "6144:8Kzf7pnfcfMk1l6dQGZqulEglQ5p7s3U/HZNFVBP:8KnpnIMLW+q6NlQ/5//z1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689580191, "uuid": "676d5e91-61f4-4a4c-ac8b-95b51a9ceb41", "value": 245115, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689580191, "uuid": "835b685e-7697-493f-ad4f-d3c2609ffbe6", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580191, "uuid": "0ec4fb53-82d2-4dcb-bbf5-836036072181", "value": "OFFICIAL P.O. # 11009810 - Revised.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a67da562-24f6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689635226, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635226, "uuid": "28a7b02b-befb-4585-94cc-882e26ffc458", "comment": "Malware payload (Mirai)", "value": "c24ce2d8b35ad6eeefc22f97d9708564", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635226, "uuid": "3a08ba32-7aed-4375-8b11-b37f2af4a211", "comment": "Malware payload (Mirai)", "value": "0ffcffe5c7f1302321913eac664580302036f3b7d4100c9d631d59d0941d0175", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635226, "uuid": "eef56680-da7e-409a-b7ff-53bba99bd73d", "comment": "Malware payload (Mirai)", "value": "1967dcc00097a3f72dd9566c88e3c71f40196c90", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635226, "uuid": "3b569e40-31d6-45e4-a3b5-e93149ef1b26", "comment": "Malware payload (Mirai)", "value": "964ca2710c60d0c5f14ba12d6ef77c8b13570b535efb8b1cb82db185b0ef87c76ae7a5b1b239409109e3db2eaaa15bb7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635226, "uuid": "b79700bc-9f45-42ad-b71f-7ef36f2cb7ba", "value": "T123533B99F4028E3DF88FE9B984160E05B93123D212931B276BAEFDE37D331659D12E45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635226, "uuid": "5cd4014c-8ef0-4687-a80e-791527563757", "value": "768:me4gpsM204GEkRbjveXQonQiuQtt7v3gFHy1eu48B8vB6J7EzNfXQuJpozJE7PQ:mo3EkRbDfDiDHIFy1X48B2SEzNfAuJfk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689635226, "uuid": "02dcc1f4-5623-4f57-bbf3-8e3b6440e0bf", "value": 65100, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689635226, "uuid": "72e68e27-2141-4a56-b10d-dc1d7c71136d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635226, "uuid": "804b756e-21d1-4a90-81e3-f5fcd1388287", "value": "c24ce2d8b35ad6eeefc22f97d9708564", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e49a8aba-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689594958, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594958, "uuid": "3bf7a1b4-5f10-4831-bcd5-dd9fee6c2868", "comment": "Malware payload (AgentTesla)", "value": "b0276351a6142928309425683ee250c2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594958, "uuid": "af4e8bac-8dcb-4cb6-90b3-008c595d39bf", "comment": "Malware payload (AgentTesla)", "value": "10af8bf109b278a0b8c32192044d463b42e66a3ff1063663300e0172d12f922b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594958, "uuid": "87bcb167-5e76-4e53-b642-388d8517b0e8", "comment": "Malware payload (AgentTesla)", "value": "ab422d302f215ba2b24c46f71110157da0fd83b3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594958, "uuid": "a158f954-5057-4bf8-a756-1f0cc42b3a53", "comment": "Malware payload (AgentTesla)", "value": "5fc46523e9ddb5e0360790e1f10b43acd842345a03caf266af281621405d91d6caddcf867fd6708ac920e066e348e705", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594958, "uuid": "95e71bee-6ff1-48e3-9685-efd2914132b0", "value": "T124B4233456B864BF7FB36A9E9300753676F5B7C351A226BBB8067A3B14C4D880C97432", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594958, "uuid": "7a4c0602-3d4d-4de4-8e5a-5db83c5b487b", "value": "12288:YT2ezER6SmbutdqXlXKIp2sSBZJ2d2X7BbuYgaea:El+IBK4yZMd2XNiBZa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594958, "uuid": "d2342bf7-f7ce-47f2-a1ba-e9ac7a343306", "value": 516466, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594958, "uuid": "649fd380-51e2-4eb7-b212-09708e8b4036", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594958, "uuid": "fb7ddf80-f7ae-44c1-80ab-8498db492e8f", "value": "Shipment Docs_1.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7876ff77-2436-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689552686, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552686, "uuid": "76237a1a-c6f1-4317-a716-166b97ec3c6d", "comment": "Malware payload (Mirai)", "value": "29093517469609497f659b14fe0c0d91", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552686, "uuid": "54743596-4794-4407-b61a-ba79eca7254e", "comment": "Malware payload (Mirai)", "value": "10ecc79f51742bd6292fb334bdbcc4ef93d709afc2871d0aa033aa4e95a6fe99", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552686, "uuid": "e0ae1149-01e2-4fbd-8bc2-501a30070672", "comment": "Malware payload (Mirai)", "value": "c75b6c6bca49ea297d08b66bfc0bbbcf6c4727b1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552686, "uuid": "09293b16-432a-4365-9ec0-ed816ad8aae7", "comment": "Malware payload (Mirai)", "value": "5504c343f34b477cf472a12637c022eb86206fa1643058a41a6ee83e5b2f8be5c60a218e91fd5c1e857783dd7d1793f0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552686, "uuid": "c331d703-a04d-4c8c-9779-afdbfc82a7bf", "value": "T1D1D2D0F77ECD98A1D730AE381A35D7C1712A9EB0A0E278211101473CF6E525F7639A97", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552686, "uuid": "0d6b69a6-0720-4a81-916b-0c1e7a7a4ac6", "value": "384:JDjk72BYCgEzmoQGlZjIj4LTWX3B3rajg9gOVN+KIJX/9YhymdGUop5hQtze:Jvk76YCbqOMj5r8Gv0VYs3UozSg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689552686, "uuid": "359cc662-b175-42b0-a11e-06e447b1425f", "value": 30808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689552686, "uuid": "76e9e764-5a6b-44bc-a9c8-a12f0f9df61a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552686, "uuid": "e36ce13d-f633-43fc-a55e-a24c214446a4", "value": "29093517469609497f659b14fe0c0d91", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "603b57dd-2450-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689563812, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689563812, "uuid": "e5ef277b-6656-4e60-ae50-b9fc4bb759db", "comment": "Malware payload", "value": "f486233aead4e549c23dddbf9c82b313", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689563812, "uuid": "a2cd5f86-7fd2-4775-9f32-fb323d791857", "comment": "Malware payload", "value": "11702d51e2bc9cd171c440ada0ef551facfd70b4755beb9dc1fd6bcd3b537e05", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689563812, "uuid": "dc8b72ca-7d6b-42ff-bb53-4ec03d6d93f2", "comment": "Malware payload", "value": "8d886dae983895525ac488d19115f42535f0f538", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689563812, "uuid": "8bb0640f-fc97-42b2-8988-0a251320d3fb", "comment": "Malware payload", "value": "a96d0b5b04775518c23f5b19ee661fa7145044f1dd44957b9edbd3ea988c0752cc1576fe670bc0a260a52905a38d3571", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689563812, "uuid": "9a849e79-5004-4a1e-a214-7a83426ac868", "value": "T183F6335FC6EA196BBB4259A37E5265CE10452FBB673CC206DF94E143E420F0DB94ECA0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689563812, "uuid": "0df1b070-7d3b-4a09-8865-68953169ee49", "value": "393216:SCt/p1xErTEVkPNo4PgfYYBchuCakADREI:SCH1xErTxPO4PgXBhBLtP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689563812, "uuid": "14af71de-ff96-4b6f-a677-d39c37875f1d", "value": 15410773, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689563812, "uuid": "ca6a154c-1876-4078-8346-0590e0a681ba", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689563812, "uuid": "231d9c40-c11a-42bb-ada0-eafec176ac2b", "value": "Album-Lonely-Girl-At-Home.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "00d56692-2468-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689573960, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573960, "uuid": "a2752335-4ab5-435a-997c-426823f02f66", "comment": "Malware payload (Loki)", "value": "14d963816663784e39972a23d6d6d17e", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573960, "uuid": "b1f1a5e0-4c9c-44ea-9c5e-f85499903630", "comment": "Malware payload (Loki)", "value": "11ff2a1bc993c6e93eeabe23c7e57190eb0207e41af2826f471efa7256da66ef", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573960, "uuid": "03d7aa83-661c-432d-9f49-b9ea38d577a0", "comment": "Malware payload (Loki)", "value": "4ea672b1767be0a06e8fafbd9f0000269b30bfb5", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573960, "uuid": "c44526f6-382c-47b0-bf7f-f908d30f5dd5", "comment": "Malware payload (Loki)", "value": "308ca5bf4fa4ac67b3f1a827a9e9c13b52198ad3ea5a5066a8b3c09594714cc5de713559f662494441256b2b8afabaeb", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573960, "uuid": "8b463d02-aadc-4329-bc0b-6d7e4909be9b", "value": "T1D8A423E83FE5542014137280FFFBA991C1099AE5F876B1A99EDCB3530F129F651BE04A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573960, "uuid": "40b0d9f2-b661-4470-be80-ea4f33ce431d", "value": "12288:LVUNCoV6ql0Vw4hvRfuKvN6aLgac6xRetGJ6EjcmhH:yvkNhtuKv4WetGJNNH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573960, "uuid": "bf4e3b84-527a-4fb7-91ee-84c1bff04328", "value": 475974, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573960, "uuid": "d44e04fb-630e-4e64-8ad4-14c4058667fb", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573960, "uuid": "6b4e8008-9e84-416c-b7f2-6d0630aac923", "value": "Shipment 1d228ed7-f248-a747339c8b67.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5bfe272e-24bd-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689610620, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610620, "uuid": "ca83dfef-8395-4184-b59a-16be6d066791", "comment": "Malware payload", "value": "736cbca41c9b4c6549165146e85d2c65", "object_relation": "md5", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610620, "uuid": "7dd4870a-5289-4380-a796-c369fd78432d", "comment": "Malware payload", "value": "12594bf48aaa6464ffeaab95c56538674db0477fe8b5ef779b00e5b1ec776c17", "object_relation": "sha256", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610620, "uuid": "a96703b2-24dd-4a32-89ee-609aafd9c6c1", "comment": "Malware payload", "value": "593a1367b745d9ef9633ace3223bf433f1c747e5", "object_relation": "sha1", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610620, "uuid": "b0b06fe7-f465-40dd-87e6-ab468b56fd3f", "comment": "Malware payload", "value": "f8662d7b4a6000263fb7bdff2a90b1f5d63780686cc3b797e32816c82623ee965fe3dfebe963e4b87859294650109109", "object_relation": "sha3-384", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610620, "uuid": "35a8e4be-9f70-460e-a436-0d31dbf1db22", "value": "T18B925141AC40E642F34B3CB94582B62C696F850FC7644902F78DBBBE5B7CAB84097B1D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610620, "uuid": "fcc21011-027f-43c2-9f6d-908ce17ce838", "value": "384:QcyvJDDCNrr2YyHEHaeizHlf2GkxUtJNMw5ARMthKqsvvvhUvhkvkNp8mpdIc+Zo:QcyvJDDCNrr2Yyk6eizFf2GkxUtJN7tP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689610620, "uuid": "658975e1-70b5-47f5-84c8-5c22037e997e", "value": 20050, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689610620, "uuid": "8d22bed1-9595-4c71-9089-b7639f74fa24", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610620, "uuid": "792e7d29-b60e-4ee3-b2cf-abe6039d9ec9", "value": "11.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b65a310-24c5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689614162, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614162, "uuid": "dc893854-3b00-4989-b721-7a7b049855da", "comment": "Malware payload", "value": "32b60170107b646e694e6b322f3ddc6f", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614162, "uuid": "f8e76c0d-03bb-4b6d-83bd-30ac18595b92", "comment": "Malware payload", "value": "13777dc4be611dcebb4f08fb8240bf3bb1d76775b56901403957c5648703efa8", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614162, "uuid": "781d956e-3220-4273-873e-11ef387e327d", "comment": "Malware payload", "value": "935d09f9d863a4a991e64f7dbf1275f42a19abc1", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614162, "uuid": "74c07501-f7d6-4d1b-bf63-9a2907d2bc7f", "comment": "Malware payload", "value": "eb5a608aa9269065778a4149b03ec5186d803be5bf551221e1f92721a892524a71f17b43f45ee9870957a1a7266387d7", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689614162, "uuid": "e6c82a67-c75f-4074-a51c-7ae262d124c8", "value": "T10DA533C7A400767EFB53D4684EC1C1A4B95EED688DD0F07AA3B55320D689EACCB90A03", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689614162, "uuid": "24f49a3a-5b8d-435a-8845-f349336b5fa1", "value": "49152:0MSZh75uH89hZaHGN9+fhBkaMbBbwWeab9:VSn5yIvzChBQbyPK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689614162, "uuid": "721f5a8c-5a82-4562-a705-57281f3c49fa", "value": 2252186, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689614162, "uuid": "677652d5-b0a7-44c5-af0f-84555406e19b", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689614162, "uuid": "827daa30-3169-4c89-86eb-0b242e23ff72", "value": "SPARES ORDER M-032-23-SPR.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f49b2ca-2482-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689585312, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585312, "uuid": "1e25ff2d-b712-4757-9824-a3d686bcce88", "comment": "Malware payload (RedLineStealer)", "value": "654c895c98ff2a53376e4c39b47a62b8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585312, "uuid": "cc130811-2b54-48ce-9064-bba2506f5646", "comment": "Malware payload (RedLineStealer)", "value": "147e96218cfdee0a9cc29956ebeab5cb6bc3d59e0d33024ff85d2ce5c4c31452", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585312, "uuid": "7c6a588b-cdf6-4816-a946-13ea95507922", "comment": "Malware payload (RedLineStealer)", "value": "a8c162a59454632607db6dd1814479fbea69de67", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585312, "uuid": "1ee3d5e2-5d2b-4c85-af38-fb765cf6081a", "comment": "Malware payload (RedLineStealer)", "value": "083e2a440b1d1416f0c22fd86c29325a17c74cd328571d6ee8b5c437a8e9e6216afb93dee509eff7f3374d2b179111ea", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585312, "uuid": "3b5e4e00-3820-4244-ba2b-6e2f841f1882", "value": "T125F40120BAC584B1ECB719380EE2B771AB7C79301B79CEDB5B404A6D4F205D09A35B67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585312, "uuid": "e2836a5f-f0a5-4426-b780-cce919ec65de", "value": "fa8d20faea9ef7b4e2b7fbfe93442593", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585312, "uuid": "8661a544-d1d6-4e65-94ce-b350b61109b6", "value": "12288:f3DkEGDINi1EwkG8TsHWihcHZAE1NDlLn/QxehHXDlktmW+4cEmt:/DkUNi1EvG5WHZnpLn/bytq/t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689585312, "uuid": "c08a395e-f16c-48e7-82e2-d99bfff4407d", "value": 750383, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689585312, "uuid": "edf8efc6-80d8-4ad9-94ad-3e7d95bcc3b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585312, "uuid": "1ca243a5-02a2-447f-9f25-7f0bf55edf12", "value": "PO.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f1534cb-2466-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689573179, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573179, "uuid": "f7acddda-704a-47a9-8177-b6b73f792ae9", "comment": "Malware payload (Amadey)", "value": "b503b26e4d7f2974e22730f9824dd0db", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573179, "uuid": "8eb14abc-6301-46d4-96f2-23418b952f79", "comment": "Malware payload (Amadey)", "value": "152d9ae72c87ab71f893352216c5c2739b754dbf102ee6b3cffe77516f81c856", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573179, "uuid": "108f35f8-93e3-468f-bf46-654e1202721f", "comment": "Malware payload (Amadey)", "value": "80344b8ee3f1f8ec7a740c2b9fd3ca581d82e81c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573179, "uuid": "ea843748-964b-4da8-b31f-a20c25484e55", "comment": "Malware payload (Amadey)", "value": "52f4ca0ec8ef78e59ae5263676ff997f775c7e98a063a41011e59369797cc9dfe9fb335c8727488e944affa1f940b19e", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573179, "uuid": "407c8146-e9a4-4232-80f0-1f13cbdb7ed3", "value": "T1E1152307A2D95033E8B627316CF643835B3ABEE08978875B3795689C0D736C498367E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573179, "uuid": "c291d380-24fd-47cb-9d65-ba1003e31680", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573179, "uuid": "7e8f20da-723a-4220-afc5-87fc973c585e", "value": "12288:2MrRy90x8n1dw/r9ZT8a+FTzO62YHBwMEECux+aOLK5yc8Diy3DenB8VSohN:ny2udUXr+lzGCJHx+awOq78eVN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573179, "uuid": "97b7ebc6-c673-458e-8c58-7d25f2b45d0c", "value": 944640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573179, "uuid": "13a47918-0e19-4704-8777-b678c0ddaa93", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573179, "uuid": "58a04dcc-f210-45f4-843c-2656a2cd2f3b", "value": "b503b26e4d7f2974e22730f9824dd0db.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd9e65aa-24b7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689608261, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608261, "uuid": "42f60463-a41a-4589-ba96-8a63f2844106", "comment": "Malware payload (Loki)", "value": "f9afd2696ec499024bc48c275788906f", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608261, "uuid": "c5a27d07-ac0a-48a9-856c-9a6e7d7db2b9", "comment": "Malware payload (Loki)", "value": "15d2444b018821c5e0d30a3ca15eed8882b40edf69fd33df2fb28a0e0821afeb", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608261, "uuid": "ddec8902-0959-4bf2-ad3d-f8265a4b05e8", "comment": "Malware payload (Loki)", "value": "ac815d06caeaae6fc26804a411846ecba1264e1c", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608261, "uuid": "87b2f842-1151-4e22-a792-645c8aae070f", "comment": "Malware payload (Loki)", "value": "5c32cc6eb0dc37e66e77c4e6fd694913b0e38a276649cc573fe850e5d9fd6a2670983afc48e4c20727091b0a621672d6", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608261, "uuid": "fc8434f8-5cc0-4811-af38-a79b7d09db83", "value": "T1859423ED7F4F2FC0142D8469D3D3E79FC710A2B944BABA54A05090EDB2F6FD81548A29", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608261, "uuid": "127c0922-2454-454f-9912-2638f271a929", "value": "12288:aCdnb7asXiOrJdG4iVpTLEABYPeCyozhrpYx+jTUIQ:a2nbjiOvAD0wYPNNlrpYxq5Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689608261, "uuid": "4680adf7-5d02-4e18-9ff2-9dce5663a042", "value": 423200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689608261, "uuid": "352d7701-7597-41fa-9449-7623f2d41029", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608261, "uuid": "47402372-8cb5-475a-a389-4b3dd6276032", "value": "AWB - 3345808270.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65484552-24c7-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689614931, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614931, "uuid": "74fb8730-25ef-4efb-bb21-c3ba38583915", "comment": "Malware payload", "value": "6a4a1b5cf1a94700422f6291ad9f4759", "object_relation": "md5", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614931, "uuid": "156cb35f-67f9-4a21-94b6-c8b58551c3a4", "comment": "Malware payload", "value": "15fdf1d43eed87246181bcc85b1ac2c36859db266b65de78c3eb51af9f95c359", "object_relation": "sha256", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614931, "uuid": "c6c3b83c-da24-4cdb-8e01-6d13dd8a06c2", "comment": "Malware payload", "value": "ad97e3ae6b4af6b0e373be85e5c490c0ba38d465", "object_relation": "sha1", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614931, "uuid": "b7459b2c-e8a2-4e34-8c8a-ce3a47d292b3", "comment": "Malware payload", "value": "65a197e608532ccdfef13ea192bddc57043ca02c16c175510a12d32c4807f78a5046dd0181ce13d21737e9a3a11fdb74", "object_relation": "sha3-384", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689614931, "uuid": "c821b7a9-8f8e-4b91-bd59-e6f79e707557", "value": "T1A311A9A993240E7AD4B357B1CC396D0C98F68C730B5FD15EEA273144C6281D11F947A6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689614931, "uuid": "e4d371c5-1a97-4179-a097-69d81275a12f", "value": "24:8FN4sfO6suhe1ORqhl4jgnq9P40us64ITfIzqOVaFrb:8dfO6Phehnu6TfmZa1b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689614931, "uuid": "648b65da-c5af-4305-94f9-1250f23fff27", "value": 1073, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689614931, "uuid": "8551acdd-6d5e-4321-a040-1d02c8e1121b", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689614931, "uuid": "eb2635c8-6d77-4a67-ba36-a73cbd581eb9", "value": "402023084432.801242.12257.lNK", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b41b1c80-24b7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689608191, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608191, "uuid": "22bc6623-bd25-48b1-8ecf-1ec4e7f0b4a5", "comment": "Malware payload (DarkCloud)", "value": "b15ac309b3580b711b01836090373b08", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608191, "uuid": "d27376fd-5269-445a-9839-53d7a4aa5186", "comment": "Malware payload (DarkCloud)", "value": "165029913999a83ee7ba07a4e60d39305af1f0d13ed8f390beb1b321c9a49c36", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608191, "uuid": "53ba1ee6-09b3-4e51-8647-9f874be2c8a0", "comment": "Malware payload (DarkCloud)", "value": "53f6f3aee8a757cda6e73ec085a5ca4a1c7e3265", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608191, "uuid": "ae07c270-ef85-4712-ae21-366647a67a7c", "comment": "Malware payload (DarkCloud)", "value": "f0c09f52f13b9cec8e102bacd579ebd4072a1246ce763b62fc1e72c7f02e8b39d625ad0b9ed00366465db2dc6e424807", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608191, "uuid": "c33245b1-55ae-4a64-be43-405a6531a063", "value": "T176F43394BCA302A39774A4AE415DF7E9F197123D03333826A8567824D9D1F8C8B3B9D7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608191, "uuid": "fc6cb87e-43a4-4170-8229-603eb5735759", "value": "12288:lmjyzHWjvnMWfoGejK7PkMVxoknUAfBAkdEG8aPss70bo5Yz:ojfMqoGeikAxokDBIGRsMSz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689608191, "uuid": "ecd6a0de-b15a-4a9c-92e7-7fda8f02db83", "value": 733717, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689608191, "uuid": "6461ca37-b64a-44e1-8bb3-10e241f176ca", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608191, "uuid": "7f152f78-61d0-4a8f-9290-0c5f76480b2e", "value": "COMMERCIAL INVOICE.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81c5b88a-24a0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689598228, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598228, "uuid": "1785380f-cdf2-49a8-b9e6-818d21477647", "comment": "Malware payload (Mirai)", "value": "9a49d270d35c1d41ed4254ddabf9c0fb", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598228, "uuid": "b26bf81e-722e-437d-850d-9e57944ebcf1", "comment": "Malware payload (Mirai)", "value": "19424ed585f4515072d68239182f7984adbf3142f56a7c5b3c98c9b281b804a4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598228, "uuid": "9cfc2e27-a96e-4aae-b493-e040de32ff98", "comment": "Malware payload (Mirai)", "value": "e91181a7d90bc21953992888d0e32fa205b9de24", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598228, "uuid": "0e91c888-cdce-4315-b32c-6543e435d574", "comment": "Malware payload (Mirai)", "value": "deb88ec5603d39a6402d79e5c4f908fafe6854cbfa980950dea87ec0a2648155552b8e746ed8ad942e3282168c9988c8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598228, "uuid": "ed3ab58e-2ad8-4ba3-849a-c2221b9bb2ef", "value": "T1F5F2F19096E1C5D5C8BF487B147FBE4A8A04B99C42949FE3DB9C38218F70F4439281F2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598228, "uuid": "e30e3085-e9a1-4853-92ea-ab787ae6ec83", "value": "768:3ILxjZgTjVuOI5x4WDDOwMAquuifkbWOnbcuyD7UfyqE:4LxjaFuJ0wUicnouy8qqE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689598228, "uuid": "6385c3f1-07ee-4712-8700-ccfc5da323d7", "value": 35160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689598228, "uuid": "704670c8-d6b3-414e-8db6-1e6a570b01ae", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598228, "uuid": "da27a57f-c37a-410c-aeb5-8d4b8b018780", "value": "9a49d270d35c1d41ed4254ddabf9c0fb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69e729d2-2436-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689552661, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552661, "uuid": "883d7e28-753a-462e-a204-d5cea5ebfd59", "comment": "Malware payload (Mirai)", "value": "d18e4f47b91c0d45d31162889702e68b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552661, "uuid": "f865d866-dae1-4004-ae4e-35793b0a95ca", "comment": "Malware payload (Mirai)", "value": "19c6e18d6c68088ad35c51dd7412b8f58c7fbd40df1b38e24c47b29d837d51b0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552661, "uuid": "b4ba0335-8bce-4eb5-aedb-8723fc0b6e1b", "comment": "Malware payload (Mirai)", "value": "afc1b83566fef572d40bdfc656025e3414cca5bd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552661, "uuid": "b8099afb-1bb4-4151-a18b-86de4cf7bfdb", "comment": "Malware payload (Mirai)", "value": "d39be8afaa989bada9835d97a69b1e4e5a83fab129e0d50538813e9518f02b1d4ef93d27f28b72db7ba2fc7a121ba7e9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552661, "uuid": "704bede9-82ad-42e4-ab02-31a1ca46c50b", "value": "T114B36EE5E800AE7CF99E8675C1274A09A525D2184F930E37F5A0FCEB6CB315CAE17D81", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552661, "uuid": "86f806b6-df83-45bd-9a98-d5536f051bc7", "value": "1536:wSpDyI97vhpm+l+ZX8bw5bCmHVezze7gIgPq08OGt6B+unK8u88vSicM3:n/vhpm+l+VBVezzSgpb8pQ9Kx7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689552661, "uuid": "14ea170b-bf23-45bb-841f-299157ec34dc", "value": 112096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689552661, "uuid": "78503e15-26a5-4273-a346-556cb6f3663f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552661, "uuid": "a95c6675-f47c-4f37-b124-de21f6a30a34", "value": "d18e4f47b91c0d45d31162889702e68b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f29ec1b-2484-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689586010, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586010, "uuid": "b7cb4a62-4316-4e2a-9506-7128a03defe2", "comment": "Malware payload", "value": "14c987e9e45bfdf257532065850c39fe", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586010, "uuid": "cd3307a4-67d8-4895-b41d-4a7d181be80f", "comment": "Malware payload", "value": "1a005c73ae212780670b84552e3344bd11aeb962fe76691cb2f159dec5794004", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586010, "uuid": "f46c4fc2-aa02-4ebe-b8f8-8177795e179d", "comment": "Malware payload", "value": "022f722fa9078e04493a0e3138f82d4e41422e2a", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586010, "uuid": "f6fc3f49-c716-4013-a4c7-a98a56ae66a9", "comment": "Malware payload", "value": "aa22fcf6e6cb7b6d834881d1ccdb9c74128b4b63ed5d92158fa4d2d991b05f96b064e7aa2210e70225e133bea9f60a44", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586010, "uuid": "82eb5733-d2c1-4e25-9d45-601dd288a14e", "value": "T16D6412283929C645C18B99754DF4A48F4788FC66AFD18CC33A1CFF4F59B2F89B502922", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586010, "uuid": "69dc96e7-7c79-4bff-bca8-75759115689c", "value": "6144:6o74unJZP8VNXAkOPWxk1f45RWEBmiKdXfiIf3TzZBhsdnxtRcFEGX7K2J:6o7h/8VpAr1fqAXdPiIvCnxtRiFWw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689586010, "uuid": "fb0c008f-8287-4e92-b127-a02f6fe6f9f6", "value": 336384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689586010, "uuid": "15abbdc4-2a0b-4bcd-820f-6a0ea8663b00", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586010, "uuid": "11048f6d-87d7-4bc7-865e-aac513f5dbb7", "value": "KAZLOGISTIC \u0417\u0430\u043a\u0430\u0437 \u043d\u0430 \u043f\u043e\u0441\u0442\u0430\u0432\u043a\u0443 SPC5788137PC.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf722f71-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689594922, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594922, "uuid": "ed3d1a51-35d6-46f0-a581-8506258627a7", "comment": "Malware payload (AgentTesla)", "value": "0538c3e468f2a3f4351dee342387ee3d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594922, "uuid": "eaf9ca32-66e6-4ad3-9a0d-7fa3c5773ca5", "comment": "Malware payload (AgentTesla)", "value": "1d4dfebd18951391cc117bc58cbc30b136e4d726a7e3c9c47c52475d1d0702d0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594922, "uuid": "da61b120-e050-480d-b3d5-53ec909045a5", "comment": "Malware payload (AgentTesla)", "value": "115f5038fd728f7bd3632d5c69f6d83e374eddd8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594922, "uuid": "0247879d-f8de-4ae3-b3f0-7aa7a4bfd32d", "comment": "Malware payload (AgentTesla)", "value": "91c0ab2e9206c7aa922de2cbf4da5ef5c404e60cfb98f2ede1c95329cd3384f043d676336a651aab1952dd3bd4addb6b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594922, "uuid": "c8b51dad-2f33-4138-ae6b-0f087c43b963", "value": "T105D4AD78603F8BAFE757CBB6D420245212F02F622AE6D68CDCB6319F3D75628A144573", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594922, "uuid": "88dd27b9-db9d-4eee-8533-dc85a885df35", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594922, "uuid": "2bc88ce5-35be-449e-bae9-4c59f5968c8d", "value": "12288:gVcI6X2zDoZNy306STPmvwkvLpHTk4+8QfzNqTrQaSejL8ZAT:DZkCPm9Tk4+8CzNqTrQaSejL8ZAT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594922, "uuid": "4a7f2caa-40b1-41a1-9932-f4c2787ce0c1", "value": 614872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594922, "uuid": "05b90f20-534c-4c8d-a24d-19610b6cb032", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594922, "uuid": "eeca2c2f-8f5c-43ef-99e2-b160ae9fb4d4", "value": "Application.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59c46bec-24a5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1689600308, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689600308, "uuid": "88b2658a-30f6-43a7-9a8d-533a85a6188f", "comment": "Malware payload (AZORult)", "value": "b8d6742f6a90edce230e1eace21b7f62", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689600308, "uuid": "a6d302d0-d4be-493f-b9b8-2b0f8aa931fb", "comment": "Malware payload (AZORult)", "value": "1e8562d47b5f32ebf2e36d61906d2c981f166968f496f8b9b2c917c80a5d5ba5", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689600308, "uuid": "7ab7bc9d-c8f6-4385-91c5-3e2053aae8b1", "comment": "Malware payload (AZORult)", "value": "648fb8eb8e71aa4aabd4147a64aef96064c69c40", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689600308, "uuid": "3ae197f1-bd77-4c9d-bf92-20db2f50196f", "comment": "Malware payload (AZORult)", "value": "3b440947d1062a623f3ae00bd7bc997213aa6f5970496e686d74e2dfc24153fb97f8f2152f0607fc66a3a26d231136cd", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689600308, "uuid": "ce64b2c7-c547-4215-8577-38f693124d04", "value": "T1DDE3022A67909573CBBA09720DED6E77FBF0551A2126131F13903F8AB5772C24D1E782", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689600308, "uuid": "1dbe66f5-06d5-499d-a899-623f62eef238", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689600308, "uuid": "22b34ec5-e15b-4d1e-828d-b11d10f00b56", "value": "3072:+NzPHk9MpcQbz/4bFL7Ks6X11oSyDJ4SGUix0sMjKG9lkg+fLKSvu24E:+hRFDpXTodJ4SGL0RR9lkg+f2C4E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689600308, "uuid": "0bfdac1f-88ce-446c-b4fd-bfda735ba4fe", "value": 153084, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689600308, "uuid": "2677f7c9-17c4-4104-af07-31ea25c0f85f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689600308, "uuid": "a56a3b88-fdc6-4b9d-9dcf-b9652f327ea9", "value": "MS-66016.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "422d5c03-24e9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689629475, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689629475, "uuid": "bd6fc93c-b349-435e-a39c-ab927ac38ddd", "comment": "Malware payload", "value": "10e841b7d0bff1a7aa989ebdf7f35976", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689629475, "uuid": "dd10e4da-8b28-40a1-8453-c76bede9156f", "comment": "Malware payload", "value": "1f345a1671523926cf7c62e3f4a85b19a2559a6117519eab5f44aad967072357", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689629475, "uuid": "2075e823-7cad-4505-99db-1482c78d3571", "comment": "Malware payload", "value": "0aef47167e8202c6a2fe2863cf493f3e798b9676", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689629475, "uuid": "b9ffc079-1954-44f4-8050-25d19cbbbe58", "comment": "Malware payload", "value": "4e57e4886246b0afda652985f835e17c8950eff90c21f73243dc09cc12dcca22f9affbc716e9d4a5502843ade34093c7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689629475, "uuid": "bfdf624d-b2c2-4e07-80b8-b06a592263c4", "value": "T16FA45C56AFC33EC0DF89A6B24800FBAE176E4275CA42D0C4BD6CE5525B275A7D70B234", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689629475, "uuid": "3c7d1047-01bc-4be8-aadd-1112413a4662", "value": "eca0c30b65294d02a6c6180a6b323b58", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689629475, "uuid": "b267440f-e04e-4fca-84b4-1ebbea267987", "value": "6144:2uWP/BtSnurUylcrGYlnIttxv8HbcLgsd1Gus5psdrvV44dixP+MHDkBYdxtG9+E:2uWP/BZUyoLu8Agsmxwrvejkd2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689629475, "uuid": "bdd816e2-37b7-4c52-8610-755875ded24c", "value": 466944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689629475, "uuid": "7671d514-fbca-43b4-a6d6-c6ca9d85c7f5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689629475, "uuid": "99b056eb-509b-4f1e-b5ca-be6be2996505", "value": "10e841b7d0bff1a7aa989ebdf7f35976", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31012ae2-24dc-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689623862, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689623862, "uuid": "580b7b18-770f-467c-b99d-bf3eaa75c3b2", "comment": "Malware payload", "value": "73d8453bafe0723ebd0366b19e223cf5", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689623862, "uuid": "89fbff37-4ac8-4261-b057-ff551e3c80a4", "comment": "Malware payload", "value": "1f9608369e65dd661a77e6f7ba62ff9435061a7be179bd1602a55893e754e1cc", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689623862, "uuid": "2ff4846f-c343-45d3-8458-eac64c030448", "comment": "Malware payload", "value": "00f567ae3dc39aea2e6aef45b0b0c8fde471f5d7", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689623862, "uuid": "3815a72e-1974-4189-b838-2ef757963227", "comment": "Malware payload", "value": "6bbfbde82157a0c7834a74505098f3c35c863d33cfaa628980a1f4a7d0e0ca52fa3558dc0d1b21c2e038162ba6951bd1", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689623862, "uuid": "1950eba3-0bab-45bc-9182-e7bad6404f4f", "value": "T19AF38D0A67F420B6E4B657B598F202935A327CB15B7882FF12C4D57E4E336D0A532B1B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689623862, "uuid": "9243dc23-c8bb-4416-8f7d-89fc7e85b1cd", "value": "4cea7ae85c87ddc7295d39ff9cda31d1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689623862, "uuid": "917bb8db-137c-410c-b5f9-6500a8e39046", "value": "3072:bahKyd2n31d5GWp1icKAArDZz4N9GhbkrNEk1oKD/T:bahO5p0yN90QEdKD7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689623862, "uuid": "cdf9de5f-c1bf-43ec-a954-5738d6b2d191", "value": 161280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689623862, "uuid": "0e66e9de-e411-4a33-9dfd-6c793df8cee1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689623862, "uuid": "9633cfaa-fa4e-412d-9925-ffa58b2dee3d", "value": "73d8453bafe0723ebd0366b19e223cf5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c3189b41-2475-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689579869, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579869, "uuid": "08202072-74b5-4f63-b6aa-db35086bc95d", "comment": "Malware payload (AgentTesla)", "value": "5cb02d2fd343288f323d28e4b4af58ad", "object_relation": "md5", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579869, "uuid": "b1974e63-15a4-4e62-998d-bf4ffcd20d04", "comment": "Malware payload (AgentTesla)", "value": "1fdeed1ee87d73b9b3f71b4cbaad747e0003d0d10e4567c9351135147840c5e0", "object_relation": "sha256", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579869, "uuid": "ed53f273-3288-4105-b6d4-a429d77bb9ff", "comment": "Malware payload (AgentTesla)", "value": "997b2bc9e48acf8c63167934424dfb7f2b64add8", "object_relation": "sha1", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579869, "uuid": "e7fdf03f-1d07-42a7-be75-b024f188a985", "comment": "Malware payload (AgentTesla)", "value": "e223655923252b9619ad09f909cdbbc4aa447fe9121794572ceab5ddfb488ee6cb019dcf3e4501a7d53c025e4998d158", "object_relation": "sha3-384", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579869, "uuid": "7a0e1beb-0c06-40a0-b234-96dd7c16501b", "value": "T189B423BE887A7621EFFCBD378874207BFF874B4601543946CA35CEE505937522A8E219", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579869, "uuid": "c58cf007-ecf1-4dac-b4ad-08125c44cd0f", "value": "12288:rUe7/CD3hYXzl1YNUa/XAavmbpHROZoX1QmaHFlHMXk8lnkS:rNjCDEl1YNJfnVoX8HFWkskS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689579869, "uuid": "67bc4347-b2f0-43b4-9ef1-68573bd15a95", "value": 504225, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689579869, "uuid": "1d0729c8-3c93-438c-8e95-814992c3ca12", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579869, "uuid": "56cf2568-c11e-4f1e-b292-2968175eae85", "value": "PO_4800038773.7z.001.7z.001", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4614ea11-2468-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689574076, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574076, "uuid": "99791f91-fa33-4b1b-a160-bc4ac6167726", "comment": "Malware payload (Loki)", "value": "e7d0fee78fbbd99cc4d5fbede8a87f1e", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574076, "uuid": "83427b02-4eea-4712-ba6a-ca7e57ece84b", "comment": "Malware payload (Loki)", "value": "2039b244c42b06c3133712d5ac6819bb3a913fc3fa837c2f533aa9eef6380024", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574076, "uuid": "16109af0-049b-4e51-9bda-3b4f40ffe2ad", "comment": "Malware payload (Loki)", "value": "b20ac6c0c1880785878030c2d1a415b2649032db", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574076, "uuid": "93c4ae7f-8480-4fa3-ab4f-2fb76043067a", "comment": "Malware payload (Loki)", "value": "3aff90bba3ca5391c10a6eea74b1400d804eb954677f6b43a86336e42189be56f3b1b900144a141cf60f07ed0f8d4b9a", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574076, "uuid": "88805232-44f9-4058-9a11-abf3464e8a51", "value": "T12BB4BE79403C83AFEB57CBB6E435255222F403965EF293DC8C7A209F3E79238A1546B5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574076, "uuid": "ee40e6e6-f5a5-4517-a048-90ce07ba6e0e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574076, "uuid": "112e0852-7cfb-4128-b345-f0726941c386", "value": "12288:4qTrQaSejL8Zm9Yfk3nGtTktmile5HVjgoLUzVN+7:4qTrQaSejL8Zm9Yf8w5iU5ZTaVN+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689574076, "uuid": "06dd47cc-d2bc-4610-8ddd-8879984a4029", "value": 507392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689574076, "uuid": "f5232641-c33e-4d19-a954-b1c22d0c953d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574076, "uuid": "9ab2e7bc-1e27-42e1-8b0d-4bf27da818d9", "value": "DHL Express_D09884445.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf7d892e-2490-11ee-a6f9-42010a9c0055", "comment": "Malware payload (VanillaRAT)", "timestamp": 1689591460, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689591460, "uuid": "3a14e566-39d3-4d07-ae47-d96fa5760d56", "comment": "Malware payload (VanillaRAT)", "value": "2240642fb1ec17326aba4bc86afecb30", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "VanillaRAT", "colour": "#F5ACDF", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689591460, "uuid": "6e8c9627-4566-4068-9f1d-eed95cbeb8fe", "comment": "Malware payload (VanillaRAT)", "value": "203b9d7b8796ea071beb263723991d57a40b25b77d0cbd2e4bd8dff62601331e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "VanillaRAT", "colour": "#F5ACDF", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689591460, "uuid": "3e1b2853-4b87-45e3-829c-eb28336b5d05", "comment": "Malware payload (VanillaRAT)", "value": "2601fb7ed63861ad837bc0b9a283f1230a295fb8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "VanillaRAT", "colour": "#F5ACDF", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689591460, "uuid": "d1821678-5b01-4ca7-a010-b0eafc5a1fb5", "comment": "Malware payload (VanillaRAT)", "value": "77c5aa2a4adbd8271cac694c67bbfa2f470951c98aec583e933e5a22ad1271c8410cbae50df27ee72473a589aaf9fe22", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "VanillaRAT", "colour": "#F5ACDF", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689591460, "uuid": "2f635a16-a6bd-453f-8d66-ec284e4757ae", "value": "T1CFF34B391FE88A67D57D0F7AB832020FDB70AD067922DB2F5D84B09A1E737814E16752", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689591460, "uuid": "0d04498b-1552-4aac-981a-663ee37baffe", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689591460, "uuid": "b12cf60b-98d7-4b06-8ea0-04397b2ce45e", "value": "3072:SJZKnPE2YyJzELtyTtyYeY8lNgoiJ+sX8HFvytb4NQhjktOJ3Mz+:SJZKBI0tyYeY4eoiJ+sCFvXRW8z+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689591460, "uuid": "0d0102b5-712a-4982-8d3a-bf9d89fe9a50", "value": 171520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689591460, "uuid": "24128814-3850-4009-ba1b-f562c448bc76", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689591460, "uuid": "b4e4c9e5-9c5f-472f-b1ce-2c156ca03e92", "value": "TeamViewer_Setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76788de1-24a0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689598209, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598209, "uuid": "15259560-cddc-4503-b33f-7e49de5afee5", "comment": "Malware payload (Mirai)", "value": "18cfda34bb24e4e064cb24ec9b677149", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598209, "uuid": "5460ad2f-fe66-41e5-8e4d-47e6cbeb6853", "comment": "Malware payload (Mirai)", "value": "218927f537346eb589781c2a24fdfeb84ad7280d1d3633ce6d30660c8359307d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598209, "uuid": "8667b519-889d-4904-a015-d5cfbfc8199e", "comment": "Malware payload (Mirai)", "value": "5c19fb1df92c757a0499262c63ff0f1ebbb6e52b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598209, "uuid": "1a5c1b8f-f157-4ee2-9ff2-b9501e135d66", "comment": "Malware payload (Mirai)", "value": "e899bb6a96bb5d665ace78a509e71f3dd42d600a713a33e8fe0045801488639919c0904b09c3e9808801d714fd4df2fa", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598209, "uuid": "249ca965-85de-4c4b-841e-6f99941fb621", "value": "T190836B25B8392E13C0D4A43F22F78325B1E5234D29B4C65DBE760F8EFF296A024575B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598209, "uuid": "c507cb0f-9cb2-4c28-b5a4-024d8a861f17", "value": "1536:hpvYERq6KSlO1QIzjb9XmrbZtmJlLLTLNBaWwhdHuIUAP8rZ:7o4IQ+BmHZsLLnNBQhVyAs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689598209, "uuid": "8f13e7f4-92f0-45c0-8bae-675a99e6bfa9", "value": 83008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689598209, "uuid": "ff0aa137-6138-49c7-8149-ef0d83841485", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598209, "uuid": "4e195a6e-afe1-427d-a01c-a4a19d21dc91", "value": "18cfda34bb24e4e064cb24ec9b677149", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1cff91fe-24a3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (QuasarRAT)", "timestamp": 1689599347, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689599347, "uuid": "c90e26b0-84bc-4d69-a5ed-0f43204cf3ce", "comment": "Malware payload (QuasarRAT)", "value": "adcfb6fc48fe920f153d6ba5e279790f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689599347, "uuid": "c697b124-3bdc-492f-bb90-fb50a652ba3c", "comment": "Malware payload (QuasarRAT)", "value": "2259304db67dd25fa5ce47bde5b1c8cffab23292c2cec7d3bc2a0c303aace85b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689599347, "uuid": "60d6468d-5e49-4bd8-899b-d55279494536", "comment": "Malware payload (QuasarRAT)", "value": "0ad8a4b0777fb91f8169c75345122755b72223cc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689599347, "uuid": "2a772ceb-1647-4efd-9cb2-b18e9344c6f5", "comment": "Malware payload (QuasarRAT)", "value": "73a45ad48c7e0682e98d7f8175688dc8da1d2651192cb72201a0f2d11161da069ad0c7a870211c836110c951bef5acb6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689599347, "uuid": "72d631bd-3c75-4bcb-a939-ee873f830dc7", "value": "T16FE55A143BF85E32E16BE2B3D5B0501663F2F82AF363EB1B6181667E1C53B505C416AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689599347, "uuid": "2f2ef195-262c-4de4-b37d-766761fc59a0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689599347, "uuid": "b4355967-fabe-407b-adb1-925583fb5249", "value": "49152:WvzlL26AaNeWgPhlmVqvMQ7XSKbDxGPhovJl7oGd8CVTHHB72eh2NTP:WvpL26AaNeWgPhlmVqkQ7XSKKhcc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689599347, "uuid": "fa5708e8-03a2-4a0e-83ae-686b732be5a4", "value": 3266056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689599347, "uuid": "3be15f7d-f37a-45f1-a79c-f84d59865064", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689599347, "uuid": "1a09ffc2-bc4b-4956-9a5c-c2eb4457fd25", "value": "2259304db67dd25fa5ce47bde5b1c8cffab23292c2cec7d3bc2a0c303aace85b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b074bd7-24a8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1689601626, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689601626, "uuid": "fac99958-c229-4449-ba29-a7ceb417f43c", "comment": "Malware payload (ArkeiStealer)", "value": "ae4c66cd3c6db9a0d78b4b151e2ac1a2", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689601626, "uuid": "7ea576b7-3468-4022-adb8-15942a3489f5", "comment": "Malware payload (ArkeiStealer)", "value": "2666bc8583d2fb41a96376ab46c4b96ddc676e4187ca510b977740a5fa8a4fe0", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689601626, "uuid": "8a046e23-8fb9-4fa6-bf67-0389e2b8c3f3", "comment": "Malware payload (ArkeiStealer)", "value": "ade1144a4c13668203c25d78a0963f9385a38075", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689601626, "uuid": "86e36a49-0fcf-44e0-8fa5-286aa0a3d4b1", "comment": "Malware payload (ArkeiStealer)", "value": "b3d9375050fff850be58dd8305dfe6210e533e969058a8bbd0621c7b1a23f6abcb8ef7c7e93303c20e7876c9f5ca197d", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689601626, "uuid": "03351433-95cf-483f-99ab-6232580fc7c3", "value": "T1C1A4023237A68071D5B7253018758AA12E7FB8A1577591CF3768063E4E30BC16ABD39F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689601626, "uuid": "7bb84201-4d11-4e3f-a00d-6d0087199195", "value": "c1faaafeea493fa6a83d7c193e85adf1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689601626, "uuid": "8f85843b-e3f6-4e03-a38d-903927020f26", "value": "6144:3ATBSIM/m/cZfQiB2d6ytmhE9h+HJMPcboNAjqIjxFyx0Be2oR:QNSIz4dy8qCscbonIVF/BevR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689601626, "uuid": "5016433b-6b8b-412d-a179-cddb4591cc7d", "value": 482304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689601626, "uuid": "156438f5-589c-4e14-abe4-81f393bf5d06", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689601626, "uuid": "6212261a-a33d-45c4-9c40-6b276b68d856", "value": "ae4c66cd3c6db9a0d78b4b151e2ac1a2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0736bc5-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1689594924, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594924, "uuid": "bf18c636-e271-47ca-8107-f5b2bc9f53d0", "comment": "Malware payload (AZORult)", "value": "844edf2a28751f2090fa62ce5590dedf", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594924, "uuid": "0410a85e-55d4-4530-a9df-ca27c1f73cca", "comment": "Malware payload (AZORult)", "value": "26b7779fd3108077f76f93ed88d3f1acf602a81b1db131568df51eed8dfceaf1", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594924, "uuid": "dba5a7fb-7f5b-4b7f-889a-1c249ca1b78d", "comment": "Malware payload (AZORult)", "value": "a07a63332d1f5cfc991561786e84c523ebf59e6e", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594924, "uuid": "4c7ffc0d-0c3f-42c6-b590-399a717f6216", "comment": "Malware payload (AZORult)", "value": "17f5ba1bacca547821e342c68aef31dba4160c1f36482d38548a12b8622b1ca5d054dc414dedb729ece075aae8224984", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594924, "uuid": "f4ad4a45-9d72-46b3-8a26-3b96cf3c89ed", "value": "T17DF3125E74FB9F1D4346C058A85B3845F6A7469D0ED7CA460388F83EA39162838FC27E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594924, "uuid": "9c1db7c9-f7bf-4e76-81d7-10b54f8dbf8c", "value": "3072:8tDbrYjP3YHVd2tJpwWHXME/I391sByIiX8t40tW71Df2qgYyFnqQSuexx:ObrAGet/X5yqlW752XVkN3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594924, "uuid": "63395672-e6e3-42bd-91a2-f9b9e13bdba9", "value": 164230, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594924, "uuid": "bf283cfe-6551-4b0b-b11e-7807db3112d4", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594924, "uuid": "c72f9d3b-4b29-4301-ad7a-57ef08573e91", "value": "CI_0723149782#.pdf_1.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6dd774dd-2436-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689552668, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552668, "uuid": "416df644-dbbd-4093-b406-06dc164956e8", "comment": "Malware payload (Mirai)", "value": "a404ebd5675c8741b6df3fe333490067", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552668, "uuid": "09257fc6-c54d-4661-8201-9bc131456788", "comment": "Malware payload (Mirai)", "value": "26bd07cee7e973f868fdb8a4d07ce8068d90295ba035ee4216e08ece9e058ba2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552668, "uuid": "fa8a264a-7d10-418a-abcb-287cbc1606ef", "comment": "Malware payload (Mirai)", "value": "622b21c7fa65af275c9cb8313a090db42d6a30a8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552668, "uuid": "be238d8a-d27b-446e-91b0-4113d21968c0", "comment": "Malware payload (Mirai)", "value": "5bf3b5c609135d96e10d7246cb89d9d714748142b869cf0104c07348acd0985ccb37d9536032277a35e1c5d1b34d0ea7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552668, "uuid": "a1102990-2f39-44cc-8d8b-ca0e08169704", "value": "T1CE03F1909785FE72CB603B715CBA5EC127880BBE406F30FE929855D85AD0942EE6924E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552668, "uuid": "c263df72-fcd1-4aa9-a0ed-d98fd153d62d", "value": "768:uXNl1Fej2PMP/u3OTtCTqywxlEN941MYQLF3dJdcrcG9q3UELj6:uXNlxMHu3OpCmxAlYwF9KcrLG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689552668, "uuid": "62ce0436-e884-47eb-a13b-2bd3fae9666d", "value": 39668, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689552668, "uuid": "60e2bb0f-7c82-4ced-a0a6-a854adc8af7f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552668, "uuid": "81af1419-2e60-4e72-b25c-f0c2a21dc681", "value": "a404ebd5675c8741b6df3fe333490067", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7fdb7546-2436-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689552698, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552698, "uuid": "68850e2b-29ba-421e-bbc4-30537c15d1d0", "comment": "Malware payload (Mirai)", "value": "f2806c4bdec9413be35869f8cc1f695b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552698, "uuid": "80e749ac-24c6-4d3a-98bc-de609ab42d52", "comment": "Malware payload (Mirai)", "value": "274dbdb08089f0ec9f0eb8a0a0dd382c25100bd5adeba8b1dd64c8cb3d0efae6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552698, "uuid": "bd4ef4d6-c3d7-4da2-8b58-2d318607a20a", "comment": "Malware payload (Mirai)", "value": "0ce6d4d29463be32cee48a7438fd2fc6bb912651", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552698, "uuid": "1a64d074-097d-4d46-b4f1-120cea406c49", "comment": "Malware payload (Mirai)", "value": "ab6591e948156e508ed3fcae753347795aa2ee17ea42ae184d9cf66ecb02b5080b2a39f84827e99f954bf002e9153982", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552698, "uuid": "0877292c-b63f-4b8b-9eb8-df1172436830", "value": "T1F2F2F190035122E1EDAFC0745BFD5B681E2A0FBEB243CD04A56DFAA9E5076613CC67C9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552698, "uuid": "650714b9-5ffa-4c6f-9366-5cc705864286", "value": "768:eyibp0/JNI4GezEZOGkbj3YmFdv3ib69cxjaWltJJgGlzDpbuR1JC:9iKI4NzKObjoy1HC37VJu4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689552698, "uuid": "8b4778f8-ab9b-4cba-a2a4-25f9eab98fcf", "value": 36504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689552698, "uuid": "c17090cc-337d-4193-a4d9-70680d2a436f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552698, "uuid": "3f02d405-67df-417f-9f0b-92038be35523", "value": "f2806c4bdec9413be35869f8cc1f695b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "39641b20-2466-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1689573196, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573196, "uuid": "c4f37a33-c342-49bc-a1b3-be70df23ffdc", "comment": "Malware payload (Smoke Loader)", "value": "ab03f70b31107892e798091706ca4f4f", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573196, "uuid": "b7afa4a2-6280-4eea-bf59-e43eb513de55", "comment": "Malware payload (Smoke Loader)", "value": "27bd31839d54056c7868df571290b527d4940f209b66b3bb0a2cfb31f454c7d2", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573196, "uuid": "58f0e2f3-3b7b-4dab-8928-02b52850b8b0", "comment": "Malware payload (Smoke Loader)", "value": "6975a37ca9a7e5ed68111457e0633992bac30a53", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573196, "uuid": "f04da4aa-2fbc-4f0a-965d-0ce7955b4cb1", "comment": "Malware payload (Smoke Loader)", "value": "fafebe59a4ceada7f201eceab601d0654726977d7fdd9d901364d589a7702e32ca3432214aa3fa8e47f488d2399d695a", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573196, "uuid": "706637f5-73d4-4d75-9274-e4ef9af300a7", "value": "T19365F103D804DBC3D40D83F4BE530EE90F0A6F19E9997DDB10667F8B3A71A62495A22D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573196, "uuid": "d120f32c-9997-45cf-989a-5fdd3776a0f7", "value": "24576:wgu9VNZylw6V9OZyOw6VleHBlEzp7uNR0bgcwyA52CcP5YwVux:wguPR6V9YO6V8hOzNgjyPP5Yz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573196, "uuid": "8c17e215-1b7a-4288-820d-5868a7bcbb87", "value": 1436672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573196, "uuid": "524697d6-c7c6-4113-b75a-ca5a9b11d6f2", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573196, "uuid": "62e136ce-4ab7-421f-ace0-d70908f34c51", "value": "32307017.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84e5eed9-24bb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689609830, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609830, "uuid": "b78d3def-c7a9-4224-9e6a-f52d4011076c", "comment": "Malware payload (AgentTesla)", "value": "0c60f7258b05528fedfb993f2b27a6c7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609830, "uuid": "5d28dfb4-7326-4641-a9e1-c6a3de2fd33f", "comment": "Malware payload (AgentTesla)", "value": "27c778ddd5fc52f6b2d3950b409b9d0eae0aa20efc48c29b6aea24c3735a979d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609830, "uuid": "84cd5ea1-7e39-493c-85ed-17535d8dd245", "comment": "Malware payload (AgentTesla)", "value": "11ebf4d5684ebca973e6a7b91345f6820256c9d7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609830, "uuid": "9a34b1df-94c4-471b-9ba5-9a2ee3e3de9f", "comment": "Malware payload (AgentTesla)", "value": "eb8dea0e84c8c93221962c825adf435f313b1e120bf4332029a47752339540ae4c7de6c3f4122c81feae0efe82241e96", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609830, "uuid": "a9443c4c-0b62-4648-b5f8-5e068c2cc277", "value": "T1E4D4AEBC7138A3EFDA07CA32D8642C5161E0226757E7838E8877159FBE2D466DB141F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609830, "uuid": "6d964f10-42f2-4566-8d7c-78de25e5aa2d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609830, "uuid": "b022709d-d179-42f9-a6d7-0ee0887f2903", "value": "12288:pqTrQaSejL8ZyCUUsXj8T03cidXD8c6FMmHSsHVT8gbtrIAVu2MNFb7E:pqTrQaSejL8ZuUOjR3cmXlwSMVrI4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689609830, "uuid": "df8a6a5a-1ffa-4fef-8066-236b3702f889", "value": 619008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689609830, "uuid": "5e83cdca-74e8-47dc-9f1a-ce24f720e6cb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609830, "uuid": "2fb84db3-3f79-41ca-a4d4-af1a389947e0", "value": "SHIPPING DOCUMENT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a54fa684-246b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689575524, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575524, "uuid": "3cd32c68-1229-470a-b554-560e12f64f8d", "comment": "Malware payload (GuLoader)", "value": "a15da9fdfd935a4b05adc5e0cf0053a0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575524, "uuid": "065797ad-a358-4172-b1d8-0f7a1817186e", "comment": "Malware payload (GuLoader)", "value": "2a831c8d63686e4b79cfced16e26d47f95de8cdbd178876659f9e7ec75e42789", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575524, "uuid": "8217c797-8d8e-4ef3-a456-9a755cb4abff", "comment": "Malware payload (GuLoader)", "value": "71be4a53794322a70c36f22a532bdd5a9e82c47a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575524, "uuid": "feb2ae0a-f0ee-4036-91ff-25a8acbce72b", "comment": "Malware payload (GuLoader)", "value": "4034bf0093f9514a2068a08f0de38a9ee2f55a9be6c0164b6c8ddeeb8a6bcf5316c1cba6653008eb003544b2119da1f6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575524, "uuid": "c62a858f-be48-45a4-aa39-b2ed25c9e8ad", "value": "T132746B49F762ECE9FA664339257128263F819C1E61D9295C218DF7263C36313409BDFB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575524, "uuid": "7b146f6a-f35f-4fdc-844e-8b6e061561fc", "value": "4ea4df5d94204fc550be1874e1b77ea7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575524, "uuid": "1a5b24d5-52bc-40c8-a0fb-eda7d822bd88", "value": "6144:Hwq3NpAucY3Mh7fR6dtdKE0CuLavZDC8xr3gKkYbrx+gb6e+D:HzMp3cfKE7ZDCC1rrx+Ve+D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689575524, "uuid": "fa43410e-9ab7-4695-8336-6e7fda1f471e", "value": 360769, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689575524, "uuid": "f2a8f6c7-c286-4727-abbc-125b2dbe56a8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575524, "uuid": "76dad01e-d03a-432b-bc47-549bb817644e", "value": "a15da9fdfd935a4b05adc5e0cf0053a0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d2ff50f-2476-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689580074, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580074, "uuid": "70a1814a-6f29-4a24-9187-60eca910a4ad", "comment": "Malware payload (Formbook)", "value": "719a44c77dc4e67c23db78111bab1829", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580074, "uuid": "5c7ec7f0-cc78-46fb-a77b-83d8ca0f98ed", "comment": "Malware payload (Formbook)", "value": "2bd5c202c8ee7ee88ff5c099750238ef15f538f940316181015077469efd757e", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580074, "uuid": "f49a34d5-fb4c-4c59-b46a-3ffbb421a6b4", "comment": "Malware payload (Formbook)", "value": "2e8d64da608ecdaa6ecca82faa497712a9377786", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580074, "uuid": "a2be9f32-7b95-471a-9915-51b3e8d437a5", "comment": "Malware payload (Formbook)", "value": "f7395d8b70e850f8e40735b09be0341281402529924f84de8fab3a143acd0c124c39b60cb6fc52522f5a56670de062f1", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580074, "uuid": "2c37bc8d-725e-43c4-8a93-40097864ba7a", "value": "T1F63423D031AF819AF54EB93CC62114B78A516F031DCD4ADECCF3B9ADB15ABC14965228", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580074, "uuid": "9fc90258-0130-4a2e-b257-a750af919f59", "value": "6144:KKzf7pnfcfMk1l6dQGZqulEglQ5p7s3U/HZNFVBV:KKnpnIMLW+q6NlQ/5//zL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689580074, "uuid": "396d91ed-3064-463f-8ca1-806fdbf9d0f9", "value": 245061, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689580074, "uuid": "c83e999b-1761-4b4b-9da9-605baa98c5cc", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580074, "uuid": "643f3254-9841-45dd-9042-933ca0f78b65", "value": "Invoice.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4298597b-2467-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689573641, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573641, "uuid": "dc5f1016-9143-4168-8695-7e6d41f5d8fe", "comment": "Malware payload (Formbook)", "value": "6093782072b85033c1744d54d08ea30b", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573641, "uuid": "f97eacec-dcc7-455b-b01a-0ef386ddb36e", "comment": "Malware payload (Formbook)", "value": "2d8884510415663d00467a8a1d6458f08a52c6789ee094269e7682c25351ce85", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573641, "uuid": "fe307387-f08c-4232-a97f-f55499fade6a", "comment": "Malware payload (Formbook)", "value": "879b0fdc196867ede45c97a9f8e30015ac6c516f", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573641, "uuid": "15c36397-dd24-430d-96d2-a7e6cd0f725f", "comment": "Malware payload (Formbook)", "value": "192b2e92f6dd62cc25565f786b51838177460f7e8759291b432a87e42cbd14f732801cd16c08b36162c58ebf3a5a97f7", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573641, "uuid": "c9286e3d-bc65-426f-99a6-039ee18ce83e", "value": "T144D402003AD26B6EC27E5F7428C95B3447B48652A273CF177E24BEE73AC1394294897D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573641, "uuid": "6d2af94a-a001-42c8-a80b-8f358511005f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573641, "uuid": "7cf48548-5ca5-4867-9d22-ab7a0cd666cf", "value": "12288:/d/xLlrLlMi293YX9sJ/CzSH2McOs/vlHul2n11bfygk8m+TmhHH:Vx5x2eX9sJ/Ce5sX8sPb4hHH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573641, "uuid": "a018d6ae-9a56-4204-bf2a-ac50ac432a94", "value": 647168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573641, "uuid": "9920b76a-aff9-4515-8e7b-90cb29b3aea2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573641, "uuid": "7e356f92-f525-43c3-bf20-86cc92dfec33", "value": "ATTACH_W.EXE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "168cdb85-24ae-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689604061, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689604061, "uuid": "62b53f11-41ac-4229-a82a-2351fce42a29", "comment": "Malware payload (AgentTesla)", "value": "b0bbd50fa79c09ee6c6bcdf6ac72c3bf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689604061, "uuid": "b5bd4c4c-6e8f-4720-834e-bab8c51a4c2f", "comment": "Malware payload (AgentTesla)", "value": "2e7065b61ad1031bb5440dc41f8a944bf08c9ef9d0f694b87cd707cbed03f242", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689604061, "uuid": "3458b566-3bfc-4c41-b972-59c52e15e05e", "comment": "Malware payload (AgentTesla)", "value": "bb5708fffaad755e1e291017189635829c405d77", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689604061, "uuid": "0b937270-8a10-4648-84c4-561967c44018", "comment": "Malware payload (AgentTesla)", "value": "275d55f825001bbf94acc39854361d4b7b832c00fb304547c211db21dfaa21e6abc5e4e91af13ac8d6ec9ab9092c5ccd", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689604061, "uuid": "50e3b1dc-1999-4081-9dd0-a8f27cb7ef86", "value": "T19363C8D1651969D7FEAD61B3B93B8CCA26606D7F4BE0142D345FF63241B22134207D2E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689604061, "uuid": "c9670c4e-8252-4b5f-a8b9-e9fb664ae426", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689604061, "uuid": "a6c8be60-c7ff-4737-9f47-e0ddedf6f49f", "value": "768:jD2yZdP3SScNY8rfRqTuM+1+55emZZoHZqCyo0k4sxZO5GAwOywPXwA770X9mncF:P36G8QTugvAN50kvfZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689604061, "uuid": "172e9fa3-9344-41a5-b9eb-2dd41d47d40b", "value": 71680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689604061, "uuid": "a8170404-41ea-4e91-baad-0bd03e352a38", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689604061, "uuid": "5859751c-4c41-4010-80da-53f81f2babd0", "value": "SecuriteInfo.com.Win32.PWSX-gen.14949.30811", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "049d2611-24b9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689608756, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608756, "uuid": "2eb0356f-1c4b-4b07-a031-17c1cc6e6806", "comment": "Malware payload (AgentTesla)", "value": "1725fb76ff11da738de872591014b1fe", "object_relation": "md5", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608756, "uuid": "58be3647-dd5e-40c4-bdc9-d6cf2863743d", "comment": "Malware payload (AgentTesla)", "value": "2f971888284392cd734f62b0f4c80f6f1b8e18f089fdbdef21b53171175e85e3", "object_relation": "sha256", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608756, "uuid": "5c9bc103-a7d6-4acc-85c6-6a90a9b3da37", "comment": "Malware payload (AgentTesla)", "value": "6469a3cdc19cf2fcb2a3435895ffcf548c212771", "object_relation": "sha1", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608756, "uuid": "51ac4904-1e06-4dce-b4f5-d87b7101356e", "comment": "Malware payload (AgentTesla)", "value": "475e6e17a2b2e8ad3735d1b4ae5357bacf08f25a16cdfcc5f66856abb506178a0306fc7e3c433ee7ebda150a5a25cba5", "object_relation": "sha3-384", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608756, "uuid": "374037a2-8e89-4cae-86f0-76e901231350", "value": "T1FB9423BD5270E6A4C9973C37E5452A94CCBAB3F0432A5743E2F81E814C742E3B51BE4A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608756, "uuid": "3f6e1a1f-b1af-4cec-b870-3c651aa91982", "value": "6144:PnUWfqy9yDdDMMLnbKxSNEQ6xgJ82hPVEXVaPFTZvBksto2UoXsF44E4JFkjSKuk:9CyAmWmb2nh9EXIKsnR6Fq3UQpI4ka", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689608756, "uuid": "4063d3dc-c5ed-4a96-92b3-18b029a4156e", "value": 444149, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689608756, "uuid": "2d921781-5b90-4841-a966-f9968db2c18e", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608756, "uuid": "7e35a49c-a51a-4acd-a39e-fe0777305fb6", "value": "PO 2100312939.7z.001", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "32b8fa98-2468-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689574044, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574044, "uuid": "d0f93b21-fa28-4632-b367-9c9a9a97c4f1", "comment": "Malware payload (GuLoader)", "value": "5c4a6288c0bec5de5c943045b23d5c7d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574044, "uuid": "4b930ec1-4839-4359-99fc-eb5b630a4dd1", "comment": "Malware payload (GuLoader)", "value": "2f9ceb5c16492fe780bafa6e4902ad28de4ef9588a8278adf36d62b1f563649b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574044, "uuid": "ac0d4aae-a1c0-491c-b323-a3cac0874dd0", "comment": "Malware payload (GuLoader)", "value": "55a36b9e4be44bdddcca50a862b1330a6845d88a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574044, "uuid": "55566208-37c2-47f3-9f22-af27b69ae724", "comment": "Malware payload (GuLoader)", "value": "1b4501045ddebd91b8cea5aec8c6f5bd64ebeae12826bb405ee619cf4f1727e7a9de4e832532c45693d3c279bee1a976", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574044, "uuid": "e878cfab-2a20-49fc-afe3-40d0c8e19b12", "value": "T10CF302527590D5BBD7B016B0197B6F4BEBA5CC261314124B0B648FDA3A222C38A2F7D7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574044, "uuid": "bb6b8f05-32ca-437b-a943-56f8eafd2842", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574044, "uuid": "69db401e-849e-4edd-bbd3-d3d01eb54348", "value": "3072:+NzPHk9MpcQbimFPu3n9S48qV8xMhpvbcwA0O7yakUtTL34Yc4rsQBofqMY:+hRF3Fm39ZS0bcwJjaztTL34YL5Of+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689574044, "uuid": "6b171519-9103-4c3a-8c38-9f0ab512a7c1", "value": 162252, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689574044, "uuid": "d5a30055-8b44-4bb0-a1d6-bebc14109024", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574044, "uuid": "01ce269e-2436-478c-b5a4-e83f43a3605a", "value": "E-dekont.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "920b1c48-24a0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689598255, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598255, "uuid": "1c0d2ae2-65da-4954-a063-b735555d6ee7", "comment": "Malware payload (Mirai)", "value": "f2d1e3c2faaf159709fadd8199682caa", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598255, "uuid": "993e58dc-b284-4437-b836-015f8ee5d4b9", "comment": "Malware payload (Mirai)", "value": "326572668f0561813468650b34489f7796b880e2ef2c2c1c06b2ba97c2448799", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598255, "uuid": "f13f0696-1aca-4de5-8539-7add5dea7e60", "comment": "Malware payload (Mirai)", "value": "5ebd4ca74b3692fa02eb579550e137a7aff88571", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598255, "uuid": "df632000-ac0d-4862-9d35-d58538131741", "comment": "Malware payload (Mirai)", "value": "488eb306c12fcb63fb74418b0568ea0343867ece6500f2e0dc10a44cf8b5957503d85b1a0c3fa26c10bc665182689b52", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598255, "uuid": "8172061f-cfdb-4a40-8c51-d985b73b1be7", "value": "T18CD2D031D7D1A632CAA02F7FD22F424357B45CB8E4973722A74008687AE80176A7E5DF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598255, "uuid": "60b32391-db38-42ce-9981-52adb008c33a", "value": "384:v69UqyocYqhX6voLdGWe9wv6IfrOrXND2/AQK9gY79cL04sgPRReCoD2QmdGU5Eh:S9jy5kKe9e6Ify2cPX4sgJk6Q3U3C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689598255, "uuid": "98385a57-932d-4baa-abd7-40b40943ca75", "value": 29856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689598255, "uuid": "d64f131e-066f-4ee8-bd76-63db6c85b352", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598255, "uuid": "b466bb13-dd96-4eab-8b31-3387190faed3", "value": "f2d1e3c2faaf159709fadd8199682caa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27d9ae79-2474-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689579179, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579179, "uuid": "7d5e2b2e-4de4-4035-8c0f-9f8892902d00", "comment": "Malware payload", "value": "52f23393aa4111bda5b076e48c6444ea", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579179, "uuid": "b8f8f2f8-3425-44b4-9c85-ad0d5d37433d", "comment": "Malware payload", "value": "328b5db495f7cc2d72ea6b914e001a673422ea4e8e01afeb4b5912ee81e913d6", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579179, "uuid": "24b0eb7b-4f74-4b2a-baa8-778300a86660", "comment": "Malware payload", "value": "83e609dcf415e70c844361d2b7d3e0baeaad3715", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579179, "uuid": "52d8b7cb-b105-4246-a6df-9368b8efc0a0", "comment": "Malware payload", "value": "5cc740ac607c5e302506cb1df4a6496ecf153b5f74c4c661720e128c96dd6a0ff5bd96a8514820d6b4ce26d2423e019d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579179, "uuid": "28c3770e-b706-4ca7-a860-8fadfadaf77d", "value": "T195326D7EE24611E2DF7A1ABF669E655C09342232034419A357C7880A0DC4EF7FE31EC6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579179, "uuid": "054de68f-6d75-41dd-8e4f-44e42ad75dad", "value": "7fd46a7f56c0e23d5f7b090d08198d6d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579179, "uuid": "2ee2d1b6-1273-44e6-8020-7fec9f1aae25", "value": "192:bIZ7Oh8X38mVi8X3pETtXiA3LH0BVmUHY4InTD58+1/aPVsWL4:bK7sWI8ETtBLUevnCVsp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689579179, "uuid": "152186ac-f790-4f7b-abbf-96af92a2910b", "value": 11264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689579179, "uuid": "0a1c3f93-5e35-468d-b42b-819f93a97905", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579179, "uuid": "515e325c-3e0d-45f9-98d3-b94db74338ce", "value": "SecuriteInfo.com.Win32.InjectorX-gen.3179.25366", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "47536890-2484-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689586104, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586104, "uuid": "9b068bb9-2edd-4b79-8cd9-3ea64016f60b", "comment": "Malware payload (SnakeKeylogger)", "value": "39404bf80efce043e4c58ca2b8bda804", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586104, "uuid": "5b050ebb-acde-4b10-891a-ef617078c282", "comment": "Malware payload (SnakeKeylogger)", "value": "32cf8921f08f7dd5ae4cb10ab8d8326e24d112360b9a39a9fe4e49c0b3e96661", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586104, "uuid": "2234b89f-9adc-4e1c-a010-587601a1ee67", "comment": "Malware payload (SnakeKeylogger)", "value": "a2a9dee79856bc32c852ba693eaffcee3bfe88c0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586104, "uuid": "288ff6d9-65b4-4105-8312-b5efe2eebe08", "comment": "Malware payload (SnakeKeylogger)", "value": "4647a63b68c4e1619d367ea800e8cf003e2aabafd5bc93c613bbf01cd1c4cbfa8144310ebe1dfe527aa10e8cfa96f5bc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586104, "uuid": "116e7204-3950-4315-9284-2a05892fd434", "value": "T1FBE449BC3134B3DFCA17C976C9641C60A6E022A747DB924F882705AFBE1D5A6DE141F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586104, "uuid": "5e8e9d10-cabf-41a8-827b-14d87e50a570", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586104, "uuid": "09aba117-9d1f-45b1-9614-5f43f817555b", "value": "12288:KVwtQJT6Y9K+2xYFzxvgPpzLRxDbkTrA60pqzqTrQaSejL8ZDJO+1RebNH2bH2fL:KgOLwmzmhpRbEv0MzqTrQaSejL8Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689586104, "uuid": "0f59319f-fd2b-45c2-9e77-1e561e12e713", "value": 659456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689586104, "uuid": "5d1df3f1-ee19-4f8f-a2f7-0f02b37ffaae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586104, "uuid": "cc18ae69-9c01-4713-97ae-e04a2f3f4fd1", "value": "4YgDQmxs9McH2L9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85c93816-24b6-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689607684, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607684, "uuid": "e89749c1-fdda-4b19-91c9-62bbd6d2e4e1", "comment": "Malware payload", "value": "d98aa91f1d78086a3399de00c835bbb2", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607684, "uuid": "0b28acec-fc63-45bb-804f-f8dbedc5787a", "comment": "Malware payload", "value": "32d98f96953be847366ddd09f3cb22468beb288b3f728fdce58ea946ca33e579", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607684, "uuid": "58fec98b-dcfd-44dc-a89f-a1452720a4b2", "comment": "Malware payload", "value": "a58dbf4d63d64dae6ebafa2dcafa89b7de6a1354", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607684, "uuid": "dd1748eb-0734-438b-b532-a9a70d140991", "comment": "Malware payload", "value": "26c50d98b60bcea0d0453c72cbcfe1ee6b880e493c8977fed916fcf5c23786adae9d65982490f9cd22e1cc4d58d14f11", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607684, "uuid": "ec05fa2e-09ad-4b1f-88f4-c95281c72643", "value": "T1F4626DBB52CB5696FE774AFE52EF295C815A22B1033405E31786540E8F90AF3F1729C1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607684, "uuid": "8c6659a9-ae0b-4372-8258-8b77fdccd537", "value": "8576330f9aeb41bf60082dc9f971f9a0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607684, "uuid": "ed031bec-65f5-4213-9785-f446fcf8f197", "value": "384:FTK7p3TtJLQb5z8T5abu6ZawtwCOH1mWPHfS:sTtVQ98lYf1OVRffS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689607684, "uuid": "c695d1bf-49ec-4def-bcd2-a2bd6a697319", "value": 14848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689607684, "uuid": "39c97326-aebf-4594-8584-f1e61f93e850", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607684, "uuid": "6f61e298-eb36-49eb-a978-126ac54dd8e7", "value": "SecuriteInfo.com.Win32.PWSX-gen.17796.21005", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "08c72dc3-2455-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689565813, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689565813, "uuid": "d370165c-ae0c-4ed1-a3fa-f3fdfeea656b", "comment": "Malware payload (RedLineStealer)", "value": "99085375b1828210e165d5c812365440", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689565813, "uuid": "af6bc2d5-b524-40b3-af2b-a2c822bc4a01", "comment": "Malware payload (RedLineStealer)", "value": "32efefe7dcbf2ee7a88c9c7e42f95b6bf1d2eac4fde5832d4e61bc29bb204074", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689565813, "uuid": "1f5094aa-61c1-4e25-b0ef-0cc5031b3375", "comment": "Malware payload (RedLineStealer)", "value": "16475f94fe7a10e621ea9a83067af0795ab36294", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689565813, "uuid": "ff94dfb1-52af-4614-ba24-f76fb2f5ffc4", "comment": "Malware payload (RedLineStealer)", "value": "d2ccf57253486636b1cd7a918d95161b710c1a42731a3b605ba48a3a00e7edd78acfea93539c40522166983cf2bad272", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689565813, "uuid": "75b5268b-e4d7-43ff-b971-4f104f720f7d", "value": "T143D4122171C980B3D89395704C65EBA1DEB5F8365B36A90FBFC2462E6E30691C636F07", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689565813, "uuid": "6d6272b4-5a7b-48b3-a73d-310efc797387", "value": "f3173778f088ce2b56b8257bfe393419", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689565813, "uuid": "caeafaa9-ec10-4f80-89e8-471519ea3d70", "value": "12288:jO7/LXS+hIsHWihc5weaDG5wBx/ZMpAtEA0isKbhlASa:jODjvhtWaenwBxKpCEAeUh4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689565813, "uuid": "c0cc227a-908a-4394-90bf-634f4798fc7c", "value": 651133, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689565813, "uuid": "e9433c99-9e5c-42a4-a749-eec8ea01cae7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689565813, "uuid": "f7c806b6-8b2e-4ebf-bc37-db5285880ef6", "value": "Suntrust Bank MT10378496435273 .pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a778533d-2473-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689578964, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689578964, "uuid": "ad44cd22-5c09-48d7-aa71-96ac84baac97", "comment": "Malware payload (AgentTesla)", "value": "e8f0bebf44793cc564377f15353402f3", "object_relation": "md5", "Tag": [ { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689578964, "uuid": "523ab9bc-f451-47b7-8e88-ed1df6810392", "comment": "Malware payload (AgentTesla)", "value": "3382406df353ded10d7f5142621dc91b4a9602116cfc4c821c1d9cb6123cdca7", "object_relation": "sha256", "Tag": [ { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689578964, "uuid": "54310eff-01b4-4068-8db3-8850d041f160", "comment": "Malware payload (AgentTesla)", "value": "6de0de721c12e2cfe09fd9708e002e3e78ab668f", "object_relation": "sha1", "Tag": [ { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689578964, "uuid": "7edb5ca7-f1af-4550-b147-e73e0af66b6d", "comment": "Malware payload (AgentTesla)", "value": "5d8ba7b1bec279cae19aa36a6571cc920d620a455cc4a49dd40aaf91406375309cf50b37c7fa959527c39b98e8d86602", "object_relation": "sha3-384", "Tag": [ { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689578964, "uuid": "0f27d1d4-4967-461b-b951-276e09fc9ead", "value": "T1A3B42395FE20C2C59B854678870736DC0C56E7BFBAEACD50053F2E4AC46A8058BB9CD7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689578964, "uuid": "63327227-dfe7-423c-8a7c-7cd235639f98", "value": "12288:RMBKRYpuOjjX/ht7BQQ1EZCE25JGmXmY66K5gjUU:R6h3v1Z5fmmKyjUU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689578964, "uuid": "08abb3f0-04b3-4178-a6a1-2ed8799dde8e", "value": 537787, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689578964, "uuid": "17b1830f-ddff-4bc3-a387-2272b6593e88", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689578964, "uuid": "2ce40182-b773-4b4b-ba17-b20d46ddd5fa", "value": "Transfer copy.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5bda673f-2473-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689578837, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689578837, "uuid": "d714bbb3-7b95-49fa-b7b4-3d6e5e7f956c", "comment": "Malware payload (AgentTesla)", "value": "5baaaa8573bc3cdfbd02c11cbbb78431", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689578837, "uuid": "aef98f07-9e07-4dbc-a106-5a4d45eeb55d", "comment": "Malware payload (AgentTesla)", "value": "346446528c0e3de0d9c5cd80d25cf8f0985f34db3bfdd1f5d9e697b57f2d9a9a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689578837, "uuid": "f475661b-1574-4cc3-ad54-e3d76dbfd2bb", "comment": "Malware payload (AgentTesla)", "value": "e1ad10d3d45c3ef6e796aad2e509c5d1e9f4bf63", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689578837, "uuid": "15eff1cc-62da-46fe-9bdd-bf1e72147c74", "comment": "Malware payload (AgentTesla)", "value": "31cd209c8a17a7dbe166d28332874eb43ee00656733fd25e2c41791c5b338c3b3f68572cd935e4152cdaf52096384909", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689578837, "uuid": "65312b18-1508-42eb-9916-d2d68d0fb157", "value": "T1BFD49D78603C876FEB57C7F6D420101223F012966AE2E39C8CBA64DF7E35724A651A77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689578837, "uuid": "6f6b42bd-3faa-41c0-a8c6-4f68199dd2e6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689578837, "uuid": "0ca6ab17-b855-458b-9c0f-4a04971933fa", "value": "12288:dfhXvYzkmI8LXfHsPcCRIhSj8j1Atga6K2vFHthqTrQaSejL8Z:Dfjt8LkPvc9KIHthqTrQaSejL8Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689578837, "uuid": "1e9f0a79-d20c-4111-a962-350cc84a0a75", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689578837, "uuid": "22b431f7-5990-4eeb-9ab6-7cef84fb3395", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689578837, "uuid": "18ad6dda-f419-4161-8631-fc99e41bcd3d", "value": "Statement of Account.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c27bc40-24a0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689598245, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598245, "uuid": "fde04cb1-4080-449b-aad1-a8cdcb3f50b8", "comment": "Malware payload (Mirai)", "value": "59cc847f3fba0e84e8b48f9ed24b7a8b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598245, "uuid": "a09faa1d-67f5-4e8c-be3c-bfa558acfcb4", "comment": "Malware payload (Mirai)", "value": "34f77614336db7a944e8256e3a24ae062eb62250a7691403324968ca3dbad772", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598245, "uuid": "34213fbb-76e0-48fb-b860-e281d48f6666", "comment": "Malware payload (Mirai)", "value": "b73434290328473031bd8475856e0bdad196f358", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598245, "uuid": "46079eb9-a1a0-4fd1-aae6-75382f108b60", "comment": "Malware payload (Mirai)", "value": "a986d638b7b9629932bc78b14068f13c823a6a3c6cb1c1690a649ff559c0c38d29ea536d5cf2df8a07604b70cb0f06f5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598245, "uuid": "ad1a9c30-8b11-49be-b1bb-5983fbd4d86e", "value": "T18203E192919166F0D6289D30F8C59A42B7E1067A85FF730A4FE90359FED3494E33862A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598245, "uuid": "e4b2c305-4af7-46f0-9af5-7fafddaa6696", "value": "768:CAPYsSOMfhTuGyRMUIlDpoKi8mqVAv4HgUGdNJwwDsnWAhCq3UI19:CeBvMfhTLsOS4ApdNDDsnvFP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689598245, "uuid": "27749b09-b83e-4566-a6d6-69a6ed9373e9", "value": 38192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689598245, "uuid": "e5b5b157-4057-44c8-bfc7-daab7b3ebcbb", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598245, "uuid": "6ff829dc-72cd-44be-810b-55a0673f55a0", "value": "59cc847f3fba0e84e8b48f9ed24b7a8b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18987359-24ae-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689604065, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689604065, "uuid": "59c3e4d5-22e4-495b-a8cd-862fd21b7c13", "comment": "Malware payload (Formbook)", "value": "1115513127e3fca808190287a7032598", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689604065, "uuid": "c5fea2ba-b492-4a40-bdd2-d2adf3eed85e", "comment": "Malware payload (Formbook)", "value": "351e57f3d222d0e1fd7639e2853d6e0a25025987c4cbfd232d22728e83debc7f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689604065, "uuid": "76aa3854-d231-423c-9a19-75965c05e3ce", "comment": "Malware payload (Formbook)", "value": "538e3aa4c3f8d2433299dac00b6a6d6a84ddc1ca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689604065, "uuid": "de67d683-7d28-40f0-aa34-e34fd013b400", "comment": "Malware payload (Formbook)", "value": "cd14c367709c976b7ccd78b491cbf675e95bb6a1d5fb970245b0acd0854ccc956b5da6e37835829738f54d1db1a381de", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689604065, "uuid": "2d9c7b5f-46f1-4548-b0fe-4d0b1902850b", "value": "T165C4CF38113C87AFE767DBB6E434145613F013621BF2D38C8CB664AF3E75624A2949B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689604065, "uuid": "f8cd4f10-09df-4d92-b6cb-d8117bedcf55", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689604065, "uuid": "2a6c1176-f67f-4e86-9b4f-f66a40d0c7da", "value": "12288:GKj+GN6Q0TdH5nqSJK2jT4CnARN6lDizQTphye1oqTrQaSejL8ZlF:GzzqCK2jTXnSAUGhyeKqTrQaSejL8Zl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689604065, "uuid": "199e6d58-da0d-49b7-9a1c-58aa9dc5bcf0", "value": 595456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689604065, "uuid": "5711d804-71cc-4ed5-a242-bd656bf20685", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689604065, "uuid": "55866b65-2369-4cd0-aa9f-ff5165315b6c", "value": "SecuriteInfo.com.Trojan.PackedNET.2182.14807.861", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c953c79-2497-11ee-a6f9-42010a9c0055", "comment": "Malware payload (ModiLoader)", "timestamp": 1689594381, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594381, "uuid": "e034491c-b4a5-41da-bdaf-525491e5191b", "comment": "Malware payload (ModiLoader)", "value": "cb44cc09475bc059fd460f9a6d12d9fb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594381, "uuid": "41ae1b20-cbda-41c9-a1fd-c6ce37c2e14d", "comment": "Malware payload (ModiLoader)", "value": "353f8ece228306908b2fd556d8668d31c861aac3860c573448c77b3abc94e6b1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594381, "uuid": "aef8defc-dae0-4c74-94e8-3f277b32abf1", "comment": "Malware payload (ModiLoader)", "value": "c3af3bea0f25e4caf0cf88ea9d95ff7e4e2df34a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594381, "uuid": "ebcae099-c3ec-4162-9e26-06afb4dd8274", "comment": "Malware payload (ModiLoader)", "value": "ec41b8c670f542166a6f1bc04d880a9ba46824ae2ca7141e51c74709cd14c14a924386a0be85a01dfcce79a578b07589", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594381, "uuid": "8138a764-ea94-4cf8-93fa-2481f9be4141", "value": "T18DE49E16F5F18C72D062AD7CCC0692FC98157F706D26B447AEE83E495E7D6802C2AE63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594381, "uuid": "15150d89-6f36-48c2-af08-21de7f0de93c", "value": "2088f91fe222df3acca5910bde40b5f3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594381, "uuid": "3baf5bc1-e475-4303-858b-3b7823204b0a", "value": "12288:exndS6phb/cci16UFHRT+fv8ASQYmnwxIRP0OHLmChB:e1pZ/e6U7q3yLmnwKB0Obh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594381, "uuid": "6189d8fd-4611-4598-a459-d93def7327e9", "value": 700928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594381, "uuid": "fa5a6afb-5bfe-460d-b147-49fa211e247d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594381, "uuid": "ac2fd60b-1258-450f-9ed0-c24781f0c7af", "value": "U prilogu je dospjeli racun.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8564c58-2477-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689580683, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580683, "uuid": "1b3a3587-d825-4cfc-aade-8146650fa463", "comment": "Malware payload (Loki)", "value": "e15f81de38c4a82994abbed275f8496e", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580683, "uuid": "8e9a6d6f-a9b4-4501-a8fa-ececeb2e3e11", "comment": "Malware payload (Loki)", "value": "359b7dca0b14c952c35a570272b3d9c3a9d6aa7eaebbbf8cd6a26413f09d20d0", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580683, "uuid": "9a2569b7-651b-4cf2-beca-cb749bf80e60", "comment": "Malware payload (Loki)", "value": "32fda8c328bdc0c6939cebce82112af7d1ab5b71", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580683, "uuid": "8ab05cb5-c2b6-4fa2-ba8f-dba7585ab0e4", "comment": "Malware payload (Loki)", "value": "ad759134fb9c7e68e0da935c2f2c157579008968a0181121e9d9307eb9898ff1e8e0df152f2a0627387027d7ad48342f", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580683, "uuid": "393504bb-d19b-46e8-b46f-8ade40ca5428", "value": "T113A423021FD056298AF77A31F359409B3097BDF833EC5799B75335428288BE3BA5A486", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580683, "uuid": "4b2bdfb5-37b3-45fa-bf16-497e8666358c", "value": "12288:uGZKGno/OfkWTmG4NoYK7gg2SNBoIcrO8bxbvO:uGZrcekWX42hH2Sr6S4DO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689580683, "uuid": "bb0a1579-3fbe-41c2-90f0-c8fde735c728", "value": 448858, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689580683, "uuid": "d45ea199-027c-4d93-bd38-fb9a5b18750e", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580683, "uuid": "898ae174-b492-4d21-812b-21f45bc49ebd", "value": "A01_Shipment doc _for_ASL H1209.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b89c74e-2462-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689571642, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689571642, "uuid": "13127a73-f165-4ae9-a588-3403c099a2a5", "comment": "Malware payload (AgentTesla)", "value": "d027252964a2876a6725e40129243c4e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689571642, "uuid": "19e482bd-5503-40cd-886f-aff84e690e0f", "comment": "Malware payload (AgentTesla)", "value": "35d0ebd1aeba54167215c5414cebcd9ca2ad2ac67545d4090a8657b0d4b59c61", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689571642, "uuid": "49ee2e75-9769-47c2-b6ac-da0d35e45782", "comment": "Malware payload (AgentTesla)", "value": "1524101b30dd399e96171e80a37a2c34ff3960c0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689571642, "uuid": "b475dced-47f6-4c81-b293-62a3748110ab", "comment": "Malware payload (AgentTesla)", "value": "9acd4619e3928ddc2e07c1bee8dfe39497044d67010b255126c667a6166506605785892025772b9cfbbd65d4770b4c0f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689571642, "uuid": "7ee399e3-2075-4033-9c00-007bd30b777a", "value": "T1DBD43B1B3AD02957E42E427E107C6A6CEAEEE61D427FD924342CC293B2F664C0D5D74B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689571642, "uuid": "7872bd19-0570-4e77-9c81-72ebbe0facef", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689571642, "uuid": "1309b020-dfa6-44a0-aa15-f0fb5fe83d8b", "value": "12288:QSU/GQIut7DRWmhKImT1dMStENbyoy/c079WA/mS:tU/z7VrhpmmZ0/cA+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689571642, "uuid": "60104cfe-4f1d-4626-99e3-d296e00f70af", "value": 641024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689571642, "uuid": "470d72f5-dc15-4fe6-b3c7-622d691e460f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689571642, "uuid": "05ea0181-245f-4d29-bc5d-4761b0b82c7e", "value": "SecuriteInfo.com.Win32.PWSX-gen.7213.18298", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a0e7d53f-2467-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689573799, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573799, "uuid": "a54c8f39-c70f-4abb-9666-cfbc015bcab3", "comment": "Malware payload (Loki)", "value": "22e17c46c749a753fd6fd732c1a72400", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573799, "uuid": "a24bec8f-93a3-4292-9329-3e662e90f3ec", "comment": "Malware payload (Loki)", "value": "361fa480921081dee06a974b2d53bab2ae571d2f64e57485ce62f541723ed644", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573799, "uuid": "42c72b8f-ff1f-4996-bb2f-8f50c224d498", "comment": "Malware payload (Loki)", "value": "f1596e0411eab8890ce8589467a290a2a135a49b", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573799, "uuid": "8236ee10-da41-4992-926f-d7da467e6dac", "comment": "Malware payload (Loki)", "value": "9d80a6b1e3cd93c542297ecbdcd311926f1a8361d26c9aff4dc15d1dcd79645962fa651e001a3e3a2b864dc73a584575", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573799, "uuid": "6a911f08-047e-4f1e-9036-d66bb14df864", "value": "T15CC4BE8173B49E31E86ED2B8202920D8DF79B07E64B6E15A5F9A34D11E60F77371B603", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573799, "uuid": "4bbf828d-1caf-460c-9a5d-7e4d4378c108", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573799, "uuid": "fb9bfb51-1868-4140-8e1c-1153f408382f", "value": "12288:RDp88rNSoVmakaSjF1TO61KfE3fv/Ra9ZG17O8eVSHcgeReFRbE5K:Q8RFSjFV5KcvvIK18S5EeFtE5K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573799, "uuid": "599897ac-36ba-4bdb-a9ae-645b775bfdd6", "value": 583168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573799, "uuid": "952aff37-d296-478d-8892-574832772efa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573799, "uuid": "f44c41f1-3bb6-4aa5-9ed6-5302ede2d1c3", "value": "AWB - 8488476883.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "04ac720e-247e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689583415, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583415, "uuid": "4eba6f01-4b0c-4fe1-95bc-d4686fcd4129", "comment": "Malware payload", "value": "9b7fe1d1cc0cbd82b50fe1c08db0e598", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583415, "uuid": "8cb68b3e-55f0-4d7a-aeaa-c09f31036f89", "comment": "Malware payload", "value": "366d782896ab83ed982d75e254e18a0b87e7dbe6be181d12b34a3b4afc0c1d43", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583415, "uuid": "095f3210-145b-455e-881c-42b1df0fafaf", "comment": "Malware payload", "value": "5cd011094afea140f419c96446442950387ca209", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583415, "uuid": "51d0b284-add0-4bfd-b806-9ff62e58cfb0", "comment": "Malware payload", "value": "f146d98e02908e01ef69c8b72d39f77e6dbbb3c4b5ff8c79a61cedccc14595fb1e87116bab93fdd9f2ffc4fab9448cf9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583415, "uuid": "c4fe53e3-fa2c-4b82-b8e4-9f4e2b3c5965", "value": "T191D4F14273FB5275F9BA1738C8B78A905D327CA869F1611A1D70F94E2CB478198B1F32", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583415, "uuid": "86df6126-1907-4543-a113-e22a395c5fab", "value": "62a229400c0a26f3ac4f1d8b675ba4e3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583415, "uuid": "c7af9344-c864-4a14-be30-615385912a89", "value": "12288:ayl5uVUGQJT+wtJFnHPY11PA2sKl64E3jg1YD1Wz8sa888888888888W8888888j:ayfGQJT+aJhHePA2s9FZ28LK6W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689583415, "uuid": "c00c00f5-e9bc-4d93-96f1-675388a2b478", "value": 628736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689583415, "uuid": "59afca73-da9e-4e3c-9163-6214d8985401", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583415, "uuid": "4ef32f2c-360a-4e27-bd8b-caa753fc6793", "value": "1.\u300a\u5173\u4e8e\u5e02\u533b\u4fdd\u6700\u65b0\u7f51\u5385\u529e\u7406\u670d\u52a1\u5e73\u53f0\u64cd\u4f5c\u624b\u518c\u300b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2028cc72-2467-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689573583, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573583, "uuid": "d22ce831-d1ee-4d44-9412-3a0876121ca8", "comment": "Malware payload (AgentTesla)", "value": "c659f45201bd6d696e3629e69c0ee7df", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573583, "uuid": "e890f567-a45a-4030-a65c-c26f06ac9dfb", "comment": "Malware payload (AgentTesla)", "value": "367d06b65a7742e5594241feff765bcaded86c2d991611f8ed93693cffe5dde1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573583, "uuid": "7da7b36d-a433-4e1e-ae31-038b13c25e38", "comment": "Malware payload (AgentTesla)", "value": "ed29b4290bc61c0e6e638f3ed6e988a9857b43b7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573583, "uuid": "4e8bd56d-9550-4c27-ace4-345bbb3b4f53", "comment": "Malware payload (AgentTesla)", "value": "b5be4778d4ec4d2f687041d6e96510377ac4ed0bb0035a0a45c47cb10c5cc55ddac53502a8b88c9e43063ee65fd98b00", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573583, "uuid": "cb2e37ee-ec24-4898-ba5b-b5598b4b3b4d", "value": "T116C423A698A54BD6F32C491260EBD561000EE0CF0A6A7F931A97904DFDDF0A73E671F4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573583, "uuid": "4611a8e2-b46e-4b56-8fd5-6d36f28239c7", "value": "12288:2qvpCTGn1238J/w5u9+xhYbT4Vc2FFpJgK98EZ:2qv5+5u9+sP47FI0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573583, "uuid": "3fa4fb16-9c1e-4a5a-9c3c-59ff615a367d", "value": 547791, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573583, "uuid": "82f62530-41be-46e0-a805-4e957ab7d38e", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573583, "uuid": "c6b277a5-65f6-4135-bdbb-852b0ec0b8e6", "value": "Proforma Invoice.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a26216cc-246b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689575519, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575519, "uuid": "f33d3e6c-2cc6-4928-b27c-4d8caa152caf", "comment": "Malware payload (Loki)", "value": "3e95261aa13150799f0146b58e080ec7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575519, "uuid": "54d4cbc4-af5c-43fc-961b-81c3e773925a", "comment": "Malware payload (Loki)", "value": "367f82b0aa68d1f0949ec9709ecdb4da28e5ef87c41b5de4c2edbad414631a6d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575519, "uuid": "6bb77572-487b-4761-ae97-c1837ba38a64", "comment": "Malware payload (Loki)", "value": "355bf29c3caaf40ad6db0b1c5d9556d5623b34d7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575519, "uuid": "f65de4b8-19b0-45ff-a7e1-1ec2f3635f6e", "comment": "Malware payload (Loki)", "value": "995a878d515799593929943cffee99938027f1bf6b4362e850618ad4659ecea1e60b746badb1965287f861009d99e10e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575519, "uuid": "4fb96861-1435-423f-839d-0a8d45d89da7", "value": "T1C064B84382E1BD44EA258F73EE1FC6E8BB5DFA908E597B6521199E2F00B1172D273610", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575519, "uuid": "cbba9cc2-717d-4646-8901-1cc360993627", "value": "990ed3e722a6c734f32b219aae1f4a33", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575519, "uuid": "3d947fe7-1d41-49af-ad5b-20ad67dc8ffc", "value": "3072:/TLAh4yEWMuqJA7pMp77E3Rzr4yGxHe5ybZ7OTiAT:rLAun6Uk6E3Jr4N1Jd7O2AT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689575519, "uuid": "abc4b3e0-e68e-48f3-806e-4fbc54808e67", "value": 321024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689575519, "uuid": "0c37dd59-5ff2-4416-95df-95465eec4924", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575519, "uuid": "0c876baa-5f88-40a7-8c47-edfd2fa85f7e", "value": "3e95261aa13150799f0146b58e080ec7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "faa83dc0-24a3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1689599719, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689599719, "uuid": "b445b6ee-9cd6-43ab-b45e-5f8aa2df8205", "comment": "Malware payload (AveMariaRAT)", "value": "c1ab766e9ed55e37926362034ecfc3ed", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689599719, "uuid": "4338cc80-40e5-47c7-ba0e-7548adbec763", "comment": "Malware payload (AveMariaRAT)", "value": "368e5c2f34fb3cbbd99ea69d08b16f8e9fd6ae3aee0e95e8c6c96c3f96ff1b70", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689599719, "uuid": "4a32e7d2-5ee0-4eaf-9d80-7f439bb1c269", "comment": "Malware payload (AveMariaRAT)", "value": "7396d8cc235e501850b2504fd80b9e8b693df1a9", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689599719, "uuid": "157df3aa-590a-42b0-abc7-50827904ebfd", "comment": "Malware payload (AveMariaRAT)", "value": "7c550431c1df4e7db41571220730b744402a3e29790bf665da61c3d1085c90675c0af79df5897fe7ebd0cfcc54544048", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689599719, "uuid": "067e0515-cfb7-48fd-bb5f-588a6a719138", "value": "T19A14025E07D8A037CEBE2733497B71153B309584EC32DD1E95D1D07A7FAB94069902EA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689599719, "uuid": "07c134ee-4305-40e7-b413-391e0926797f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689599719, "uuid": "6b3ba9d0-d4ba-4f34-9226-5cd26134d1c9", "value": "1536:VtTcLvsZVRxi2pSckAA4QYKUaz1bzl2B8h5ZwhfDvQxKBDPPH+XwMLZqkPLX/4eV:DxisCiKU2nPEFDvQ84XbZLDXgXAJZIk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689599719, "uuid": "6fd7f150-73c8-459d-87ea-832e5e3711e6", "value": 203776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689599719, "uuid": "dfd4d92f-7677-4dbe-bb04-dca2ecdc8b97", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689599719, "uuid": "c3ff2726-57bd-4a62-8427-0341d4a99f59", "value": "rUrgentQuotation___gpj.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95249014-2479-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689581510, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689581510, "uuid": "139f5cd3-b80a-407b-8a6c-45cb9896bc75", "comment": "Malware payload (AgentTesla)", "value": "48ac769a7e3f86389d95984b125c6689", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689581510, "uuid": "90a6c0fe-af2e-43f0-b7b2-8c6901531c69", "comment": "Malware payload (AgentTesla)", "value": "38851f7f1649d499353e60bc83d7af6784c8c46021045beaa76fbac4a1831eb6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689581510, "uuid": "616683f6-2942-43a8-a461-b67c6840b03f", "comment": "Malware payload (AgentTesla)", "value": "00509f18c9b3d8a9729bb2b8cc9b13545be733bc", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689581510, "uuid": "f0041446-29a8-4a5b-a27b-8e13af566911", "comment": "Malware payload (AgentTesla)", "value": "08771e3b063974c1aac4be47bfecec6a3bbc7cdfa3a5077007f61b7069115ced86496f9b3608fe3c46ce8272503bf693", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689581510, "uuid": "3760ac39-8372-4e5b-9045-0c2fe55dbf24", "value": "T17935BFB876047DE6267F436BDA96ACDD03B62B639ACBA4CD806477C30563375EE02C05", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689581510, "uuid": "683e95db-3c8e-4cd4-9387-4670e06887fd", "value": "24576:j3H37WDSvU4VEUoMoJQerQk8EwwW54p82plNIVQX4v5m0M9gwDT:W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689581510, "uuid": "2b916c88-c345-4898-b240-d55c44fc602a", "value": 1150414, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689581510, "uuid": "e988ea38-6569-4bc9-a6db-eabe36083196", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689581510, "uuid": "67f756c8-4e59-4672-8105-abfdc900eb1c", "value": "invoice and PL.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eae284de-24e9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689629758, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689629758, "uuid": "5a979c15-90e4-4d5e-82d0-3107dbe4095b", "comment": "Malware payload", "value": "cd569ee0887dc89ffd403c92c695066b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689629758, "uuid": "c12b20ba-081e-495e-a892-a6422b0a0896", "comment": "Malware payload", "value": "39a5367900dfa6067d116e0213b4bd6a8f3c0ac82c83290b15e52c49fffbc4a9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689629758, "uuid": "b48b108e-218a-4f57-9487-35b885ca2361", "comment": "Malware payload", "value": "27775324e07b97ce058af81cccf18e9c71c9d1c9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689629758, "uuid": "76f96bd1-0de2-4a4f-a97a-8b1f87dc2bae", "comment": "Malware payload", "value": "26186c06c44a514e9eb1bfea836ae8a23982e14221209f4076bfb25e066f17aa21157d9b9ea96075e2196dc682091a9a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689629758, "uuid": "1fd1f43d-e94a-453c-a7ac-208615499876", "value": "T110840212E6E88033E9B9677019FB03C31B367CA19978476F2345A95E1C726D4B83277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689629758, "uuid": "6e14b19c-48e3-4ec6-96b9-b6d657de63cc", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689629758, "uuid": "139d3178-cdbc-4e21-99c3-f3245c9f0dac", "value": "6144:Kwy+bnr+yp0yN90QEWI8its9kWH7ZNCQt/ar/ewS4eejiFGaXFz+5S+:8Mr6y90wLcDeKeejiFG0SN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689629758, "uuid": "f97628d9-9b85-43bf-a75a-420ad4e13ab7", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689629758, "uuid": "7b4b67cc-baff-47ac-aa73-043c41e7342f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689629758, "uuid": "e91d7aac-46ab-4411-b667-1b38040caec3", "value": "cd569ee0887dc89ffd403c92c695066b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "103c970f-2465-11ee-a6f9-42010a9c0055", "comment": "Malware payload (ModiLoader)", "timestamp": 1689572697, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689572697, "uuid": "d47c843f-c627-4266-81d5-7f4002568397", "comment": "Malware payload (ModiLoader)", "value": "4b26c5d77671cf27c5985bc4435f8c44", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689572697, "uuid": "0cfe9154-9171-4aa1-af8d-a8f7e7228d6e", "comment": "Malware payload (ModiLoader)", "value": "3afa4d43deae2aad0375c5a5075bf49f28a35aa85b811807419a38ad3e63d389", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689572697, "uuid": "7ef58919-b58b-4001-ab86-575291e3ff08", "comment": "Malware payload (ModiLoader)", "value": "0f70898475898a074a64494a6894114f09a924f8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689572697, "uuid": "c2547b71-15d2-433b-97cf-368682bad991", "comment": "Malware payload (ModiLoader)", "value": "bb95abf266ed11f3f38cd207970d1b931b8f39b54b9d6a98a2a5948695db1930218b611f2094884a1cedeef0d2778a38", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689572697, "uuid": "8e8ea8d8-d7ca-464d-9a76-ddd2a1f2dee3", "value": "T1A3E48F29F5B04C76C167BA3C8C0A967998197F603E257487ABE43E0C5A3D2907C19EF7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689572697, "uuid": "203ed3b5-1d61-4f0c-923e-63f276c8c217", "value": "2088f91fe222df3acca5910bde40b5f3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689572697, "uuid": "db96f2e8-1372-4bf4-bbb7-ee09a64e68bd", "value": "12288:exndS6phb/cci16UFHRT+fv8ASQYmnwxIRP0OHLaChB:e1pZ/e6U7q3yLmnwKB0OPh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689572697, "uuid": "11273c21-83e4-4475-838f-1dc266b4c7e0", "value": 700416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689572697, "uuid": "42147a3a-fa8d-4025-91cd-d239bf7b08bc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689572697, "uuid": "ee304dab-5243-49fd-a916-18801425048d", "value": "4b26c5d77671cf27c5985bc4435f8c44", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e3f0941-245a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689568077, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568077, "uuid": "63766399-8451-498d-8e4a-f07dfb6ac405", "comment": "Malware payload (Formbook)", "value": "cd089d7b8d69c3f254d5233a96d03a5a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568077, "uuid": "7b09dcdb-946f-4cee-bd3a-ab217735e3ab", "comment": "Malware payload (Formbook)", "value": "3b2cdea86106106bf0ec55e86a4b2e4a6beaf5fda5597c774f4b6de99a0cb08f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568077, "uuid": "41680016-32d8-4fe1-b7c8-bc18c7bf576f", "comment": "Malware payload (Formbook)", "value": "2006bcf1f9218b8f8edc0da7579194329d5ef164", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568077, "uuid": "b3a3bf30-52c2-4f01-a5d6-e7a42f006309", "comment": "Malware payload (Formbook)", "value": "a3eebea2a18e2cca20f6d8f04faeb0c2a84bc134ae3b8d4a62fa149bf8bf4447d3734f942660dab079ea59ad71c295d8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568077, "uuid": "dd187a51-4bab-4da9-bcda-eef1d7fe7d2b", "value": "T1C24412001A38D0D7D8E20B7086BEA37527F594375578930773A08F693EB6B50BA5C7BA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568077, "uuid": "b89b159a-c33e-4b61-9936-da6e7e7977d7", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568077, "uuid": "5440027e-294f-42a0-80c5-c7d7f2afab33", "value": "6144:PYa6XkwuWlg1h7+xk6zL8QYx1yYUJMro/Ey+GzY9nRKf:PYFkJWlgv+xk6L9YnyYyscaM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689568077, "uuid": "b2cfe983-d0f7-4aa5-b23e-707e6f01953a", "value": 260990, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689568077, "uuid": "fba53650-473a-43e2-831e-760d59ad394a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568077, "uuid": "098a95a7-0503-4c0f-99cd-05ae26bc0fde", "value": "SecuriteInfo.com.Gen.Variant.Ransom.Loki.1608.27624.22284", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "551ebefa-24d6-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689621346, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621346, "uuid": "904266af-ca4e-45c2-8296-3312a7f4d46e", "comment": "Malware payload", "value": "815996cd5d7442c707261c1b30dd1042", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621346, "uuid": "341331e1-c5db-460a-9708-b9312d4586af", "comment": "Malware payload", "value": "3bb40bab103c5f34e08a2c179ea379abd37d9861d7f6ac3d56d5c0d693b4260a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621346, "uuid": "4fb94f32-5fc8-4023-92c6-a9b201611d4f", "comment": "Malware payload", "value": "fd331e80c76444662ec0947e591441ec97ca1dfa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621346, "uuid": "1fd7b98f-2812-4814-9285-fc599c2a61ad", "comment": "Malware payload", "value": "e54ba49b69eaee2068e98ef90e26e24dbf0bdb2286167e96ac7620576a25815937e7b9c806efa0bf6a34c1bdf900a1f1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621346, "uuid": "9db8d0a7-6d73-453d-b483-be8ef1ee8927", "value": "T17B0352746BD92672E377DFB5C6F685C2A826BC627C12D90C108A23450833F56EDA1B1F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621346, "uuid": "83483a5f-0dc6-449c-b588-5ff5eda945f2", "value": "9470ea6ce8a031743fbf1e256278f573", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621346, "uuid": "beb48c5b-f733-40c1-a3a4-b31e5a7993df", "value": "768:UEEmoQDj/xnMp+yptndwe/PWQtOOtEvwDpjIm8lB4dCOBy/G7:ZzFbxmLPWQMOtEvwDpj38lD/q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689621346, "uuid": "6ddd732c-f827-49b1-8ee2-b4b110122193", "value": 40830, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689621346, "uuid": "e6683f75-7b21-452a-880d-81fe4afc7b52", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621346, "uuid": "b1a5a747-f6b2-40db-9e26-9974d7055e42", "value": "7DAF9A41.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9fe72c78-246b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (ModiLoader)", "timestamp": 1689575515, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575515, "uuid": "094e0ebd-1361-4e10-9759-0805ec64a5e3", "comment": "Malware payload (ModiLoader)", "value": "bcaf6001ab90614008b635fc7dcfe7bf", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575515, "uuid": "900ab280-a399-4126-a34b-3e939c8bf34e", "comment": "Malware payload (ModiLoader)", "value": "3c2660c8eb5e8c66e608962ddb6a5ec9e58c1f948e4b9bc54a998a79823a9937", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575515, "uuid": "37375ce6-985c-4149-8b59-a7c4d8fb4464", "comment": "Malware payload (ModiLoader)", "value": "d8a7f2d5dda01ac4fa81bbcf162758f9e2996706", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575515, "uuid": "1040563a-9e21-4b9f-bb40-695d071c4dd1", "comment": "Malware payload (ModiLoader)", "value": "54e35cd03ecb13a48f864e9766e04df900aebc7c8608489a826bc24fb604bd9b8dbe141e5dcb85869d037952082f5653", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575515, "uuid": "80cede8f-40b8-4a4b-a85d-11a98ad32d13", "value": "T160E49F26F5F08876D1279D39CC06A6BDC8183F707D26B49397E83E055B7D680281AEB7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575515, "uuid": "6b2a6416-3612-496b-b50f-91ed547eb54b", "value": "2088f91fe222df3acca5910bde40b5f3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575515, "uuid": "c852e735-15bf-4f6b-b5df-db43058d7cc1", "value": "12288:exndS6phb/cci16UFHRT+fv8ASQYmnwxIRP0OHLsChB:e1pZ/e6U7q3yLmnwKB0OZh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689575515, "uuid": "75c24f52-b4f3-4c76-9090-5ea63b28674a", "value": 700416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689575515, "uuid": "33b7ebc5-e4a7-4c5c-89c5-6f16036db038", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575515, "uuid": "4fa7fa69-2f4c-4c3b-8efd-5b4b8947a423", "value": "bcaf6001ab90614008b635fc7dcfe7bf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5cfdcdb2-24d6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stop)", "timestamp": 1689621359, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621359, "uuid": "cdc0e512-9c58-494d-87fd-4921b9920ea8", "comment": "Malware payload (Stop)", "value": "c26a54e4c9991aff00f8d8903b54dbfa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621359, "uuid": "ed0fb05b-925f-48e0-acad-6bc7c1547b31", "comment": "Malware payload (Stop)", "value": "3c58aafb270fa38e45d861a5c8c3a8c0d1744667dd0e31a4909c3d4b280a80f3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621359, "uuid": "8e19f181-1711-459e-8d1e-95945b7a593e", "comment": "Malware payload (Stop)", "value": "baccf07e35cad313af1e6bbfc94120351d7c9063", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621359, "uuid": "a667a6b5-92ca-4b2e-97a2-ccb8e59a1cfc", "comment": "Malware payload (Stop)", "value": "739279854b0430b76ffa0e173ed2227adcc34fb14caa6980e2ef759d06dee89330f779e640d6638e944cd2d2b7bcb396", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621359, "uuid": "002992c6-fec3-4957-9e29-ccb72b0ae7b1", "value": "T186F422A333E1C132D4B7643D4A75DBA12A2B7960E73449DF23B4225B1EB07C0B67539A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621359, "uuid": "a84db06c-8f41-4e37-8d9e-04592bad7126", "value": "c1faaafeea493fa6a83d7c193e85adf1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621359, "uuid": "ad2a5bc9-820f-4961-8155-d9360e84f4eb", "value": "12288:ZVFVjZQk6cQJzLYUfk0mMHG3dnwMsr8dLYAYpRHAHFj28u4RGshzlD/Ia+dX59:Lv+k6cQJC0U3dwbr8dLQZqFj2F4RGVac", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689621359, "uuid": "a0d09483-d206-4167-b08d-433df7d62f03", "value": 775680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689621359, "uuid": "c68ee902-0093-4afa-8b3e-800e8a3f2509", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621359, "uuid": "538833b8-428a-4f07-ba10-880cc15d8f9f", "value": "988F5272.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "664c4cac-24d6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stop)", "timestamp": 1689621375, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621375, "uuid": "2d8c5b64-da37-426d-8933-d3b0c3665f7a", "comment": "Malware payload (Stop)", "value": "ea60deffcb914ac8350bba3767750276", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621375, "uuid": "92fe363a-c3c1-4df9-8468-b897186d610d", "comment": "Malware payload (Stop)", "value": "3d5b8c9301eab4924abf87381de4e43ca7a8ac415d526310726c336ae51ada82", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621375, "uuid": "9757bda3-fcc0-47c5-8d91-ca5a57a8b2a9", "comment": "Malware payload (Stop)", "value": "75e8a6acd03b222a1fdceeb00d18bd754c14cf0e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621375, "uuid": "04181369-d7e8-41e6-a442-ea9368def10f", "comment": "Malware payload (Stop)", "value": "afe56524f0f6d9977bedaacc0d75b9516f5b1cfa703628f424c9ea26a4c76066433b9a2efb02a00ad38b7b955d790592", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621375, "uuid": "e7bc9850-429c-46c9-8e0c-d905db7f4f58", "value": "T150F4233133E5C076E0A34A705174D2616ABB7A71DB7446CB3B982E3E1E743D06FB4A4A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621375, "uuid": "8e56e707-3743-4ca5-9f11-4595c290c297", "value": "c1faaafeea493fa6a83d7c193e85adf1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621375, "uuid": "67187399-5599-4055-ae80-552ca6b2778a", "value": "12288:O4zphL2C6EQsXTDCT8SZPF9IYwXytJ7ZPYIs/XAGZptfJrnbhC3Y2mhGu1yOvwv:O6t60CT8SZNCYayL7Rs/tfJArugq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689621375, "uuid": "44924f73-e345-4c27-a553-5a30301b1fc9", "value": 775680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689621375, "uuid": "3bca9446-5f11-46bb-a3a5-88e1cc7bb732", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621375, "uuid": "85b5053f-e7cd-41fe-9d35-84a752b9dc85", "value": "A04AE35B.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05d6e77b-2484-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689585994, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585994, "uuid": "01797987-64e8-46aa-924e-bc8105a55229", "comment": "Malware payload (Loki)", "value": "6385e97010865068d50af4c15828af3b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585994, "uuid": "035c3bc3-a0df-4e50-ba08-e13d3e29f5e0", "comment": "Malware payload (Loki)", "value": "3d84c7753d68182e7ca22f69dbb983f4015278c2b5843942399be16dbf8f5f7e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585994, "uuid": "4d0117b0-ae5b-419d-8286-33857b8e79ea", "comment": "Malware payload (Loki)", "value": "408ed57e0874c3d5c89eb1e22ba295e66df9aeb3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585994, "uuid": "d25354dc-f18d-4d45-933e-9894749c0558", "comment": "Malware payload (Loki)", "value": "c179543b3e472cb9583827be2ac2d5f46f38ef69d0ccd6c91cdda263dfa20d3ef6c2d12ae0f15ab50d8adf786d1b2d6c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585994, "uuid": "3651ff05-938f-4c82-a5fa-93a13635f983", "value": "T1DCF423522385E442EC620F705BAB7A03DFF1DB6BA812274F17D088B66D561D32E1B7D2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585994, "uuid": "6c258a36-5c82-4549-bc69-7a6aa6b38ad4", "value": "4ea4df5d94204fc550be1874e1b77ea7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585994, "uuid": "d0f8225d-141d-4d22-9633-024aeb9d2103", "value": "12288:Yg9BqMsNXoEuR3hAD0AVqRCU62yzfvuJqhKduldKeQLV65wDGu+RNI21mN:ftsqEuLADXdXzvQqwdulA5gZu+RNI2a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689585994, "uuid": "ae29b395-5daf-4a06-99e9-c64b8e1ef7c0", "value": 789776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689585994, "uuid": "fc41887f-5491-4b18-bc2f-2fe0c586f58a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585994, "uuid": "b9544e09-72d2-47d7-a26e-8d10f2bf14c6", "value": "Upit za ponudu cijene (UNIZG 2307-17HR)\u00b7pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "438fcc38-24d6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1689621317, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621317, "uuid": "4fd5bf67-44a5-48ba-958f-5f0b4c9072f0", "comment": "Malware payload (ArkeiStealer)", "value": "08819e55df0897a6dded1e5e6bf83601", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621317, "uuid": "2366dcf5-f4ba-4fd0-a329-586a29ee6ad9", "comment": "Malware payload (ArkeiStealer)", "value": "3dae32e22775721f2f9de5fec79dbcd8d62adaeb057b47c4524e02d130a43b25", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621317, "uuid": "ae4d8529-9dd8-4248-95e1-98f59468f617", "comment": "Malware payload (ArkeiStealer)", "value": "22d39992c6245b86ee8b14e0cc820e46a9094c45", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621317, "uuid": "397c53d1-e180-43f1-a585-9561922d84aa", "comment": "Malware payload (ArkeiStealer)", "value": "22b980c3ad0426e83126dcc01dfa121cee3d640fc30ceb6f215419848da8146e02bc04e8306a046664e4fe8f1a17cf49", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621317, "uuid": "33aed43b-0c6f-4eed-a1ec-c46bbf88809c", "value": "T18FA4E163A2E0EC73E56686728D2AC2F4762EF9514E19B75B23187F3F18311A1F263351", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621317, "uuid": "e8733543-d0fb-481a-ba0a-5bf99104b8d1", "value": "89580c01d87da774c9ed352344b8ed4a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621317, "uuid": "84ab72f6-35ce-410e-bc2a-acd5df3c7ead", "value": "12288:jErxmIpVdwdZxBGvtzxpLyXX1hN7DHvT:AJdMZatoXJ7DHvT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689621317, "uuid": "c301646b-2e45-42ec-b26f-0700dc76d7ee", "value": 457728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689621317, "uuid": "abbd6d60-a407-4b25-b36f-38ca519eca97", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621317, "uuid": "48cfe13a-0d34-4aff-b965-53a394eb16fe", "value": "0F5DACB0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "244587de-247e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689583468, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583468, "uuid": "9c127537-17f1-4068-bfdd-9de71dc1ee81", "comment": "Malware payload", "value": "58b9f260ef3b531ebd9db11650f005e9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583468, "uuid": "fa0e9698-c0b6-4ee1-9dbd-f66389365519", "comment": "Malware payload", "value": "3e8f6dba2a8b7a53ffad7b90f42d4dfdc3a3e616b45ba4cc01a97e34e6871b67", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583468, "uuid": "112b9579-778c-4b83-acf3-df712ca31b7e", "comment": "Malware payload", "value": "2a64ed7a283502757c26288b135daec73fe22c9c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583468, "uuid": "6e66082f-547e-4f38-bf16-bf4f1be92fb1", "comment": "Malware payload", "value": "10134e62e265a3a66497ae2bc7efc568771d35d805b2df9d625a2af34c108a64678cac8f700556b3e0b69f8f3c1496b0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583468, "uuid": "6277cb89-a13c-4fdb-885b-95cee2dc7e0a", "value": "T112261802B78AD996C25A263BC183C5F42370DD056613DB2B7ACABF1F78537B6DE41602", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583468, "uuid": "cea80771-2b68-4a85-a866-d2a91ac86c0a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583468, "uuid": "e06bfb2c-b457-4d55-86f6-d19d76a2bfc0", "value": "49152:rsAr6LQNXWzmrbGQO9MmHlvsLpxgiTFBcQ5+vBh1+k:pXZ+QO9MgiTFBQ1f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689583468, "uuid": "aa2a5ddd-092a-48d4-91c7-c147016e44cf", "value": 4722176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689583468, "uuid": "21c672bc-1f7c-46fc-b9e7-633a8abf97eb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583468, "uuid": "1eb5bab4-c093-4f1c-988e-6609ec3542b0", "value": "SSEAR.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a3b4144-24d9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689622697, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689622697, "uuid": "3a40af28-aaf4-4225-8f04-9429ccb1f231", "comment": "Malware payload", "value": "be2f2959ae20d42131b58f37f241749c", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689622697, "uuid": "2a69cab1-f782-42a0-ba64-b390f2c6a244", "comment": "Malware payload", "value": "42b4e116c5d2d3e9d4777c7eaa3c3835a126c02673583c2dfb1ae2bf0bf0db48", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689622697, "uuid": "006ac1b5-b5ee-4b70-bdf3-dbf6cb6b2685", "comment": "Malware payload", "value": "85e96d75e1940323ce306bdc480b9fab47ef5a0c", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689622697, "uuid": "cc4d549f-c63a-403c-ad9c-60753db2f1ac", "comment": "Malware payload", "value": "92b729e102f56d163fac542312d1ab1d3e6f54ae05bfac103f0914fb6d1e86a57968302e81a3ce13150e2885a8a16b59", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689622697, "uuid": "87ae1f51-a50e-424f-87e2-db70b669b5dc", "value": "T1B353951D6D229FEDF7AC873047B38F21E699339626A0D6C1E25CD5006F6024E645FFA8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689622697, "uuid": "359e8125-0768-4e52-83ca-d6df9342db02", "value": "1536:AA4Kl5da5v9TPv/LwFKdyx7GTXL5GEZ6+j:BabLwFKdYGTXL5GuB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689622697, "uuid": "35400576-531f-40ff-b2ad-a19f14a3d946", "value": 64724, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689622697, "uuid": "79847bd8-398c-4a65-b765-d91a2673ffe9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689622697, "uuid": "74b943f1-32a6-4d5c-9eaa-25c012661856", "value": "b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5e2cd9af-24ba-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689609335, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609335, "uuid": "0e18fb5b-a82e-488e-a1c5-3d803dcff8b0", "comment": "Malware payload (DarkCloud)", "value": "b50c9a7ff94d8d2865299b84f1712890", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609335, "uuid": "366561bb-a8b1-4a94-8ef9-ce3cf4d1794b", "comment": "Malware payload (DarkCloud)", "value": "43b0616d8f71811739454e94f8a91e47dfd51e0d30a38c7a90f78feb6b177556", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609335, "uuid": "bf0cfbcf-3b71-48c1-9fe4-de34cc6de779", "comment": "Malware payload (DarkCloud)", "value": "dd1437cb289ffdacd051cab722b31e972f790c45", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609335, "uuid": "02285bc6-f955-4ed1-883d-52980ab87240", "comment": "Malware payload (DarkCloud)", "value": "02382066d4cef8da5fa0f6b38f6672d23dd741a4ba6267698ae3775bca09bfa714d00f9b99b0c0e5419af7c298ee1df2", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609335, "uuid": "d034c0a0-4255-489b-9666-abb32a27f7d1", "value": "T17694220A3EA4D0D7D8F205B45979977696D4AC39A8798F0F6B24F29F78720C6402E337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609335, "uuid": "5d04a20f-ea19-46a6-8ba7-b402986c1393", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609335, "uuid": "5d71520e-963b-49b1-a208-5febeb5817af", "value": "12288:/YYcuUm8ZsDV38pY00/Y8cK45AKo/fWcUn:/YYcuL5l00/Yw4cfWcC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689609335, "uuid": "04d63a74-01a9-4d62-88d1-da14533e8149", "value": 432023, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689609335, "uuid": "975e1071-b063-4dce-8736-09b0b588756c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609335, "uuid": "79565864-ed14-4add-b5fa-38b76ff5dec1", "value": "PRE ALERT NOTICE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c54207b-247e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689583455, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583455, "uuid": "87fd54b2-4adc-4fb5-a942-5890ba162f55", "comment": "Malware payload (AgentTesla)", "value": "a8120a32f23a2bedff0f6a7fe07f35cd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583455, "uuid": "b311c2ab-c48f-4a19-bbcc-791246301af2", "comment": "Malware payload (AgentTesla)", "value": "45f47c94a6941a53e10edf8021e157d3eb74d6dc04559057b522cc9cbe30651e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583455, "uuid": "455ee6b4-2a77-4c84-8568-5cf9afc9487d", "comment": "Malware payload (AgentTesla)", "value": "efcfbf51aee2166df873ec7bd30960c03a594b6b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583455, "uuid": "b23c24bd-aec6-40ab-83c2-dc0ac0efe9bd", "comment": "Malware payload (AgentTesla)", "value": "bf3e112e2eddc2ddc86f803562578d4c464b2e7377e06b9751db9a16ffd92892d8e921d77886473aca7060349f27d32e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583455, "uuid": "c3b07c6a-6aa1-4ed6-9efa-c20dcf206dda", "value": "T10C255B46B9801A57D82E433E103CDA78A6EEAD5D563ED82C34DDBA6373FA249041D70B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583455, "uuid": "1d15f643-0b77-4239-9d6c-6b617f54234c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583455, "uuid": "743fe1aa-9298-4867-8326-a0ff290116e7", "value": "12288:M56h9GQIut7DAWm2xBvDEtGxU5UdJdqolLhY7b7J12H97oVOzWwdgKaEKf6P7r9O:J9z70r2DvAtGS5baH1oVegKadi1q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689583455, "uuid": "31f07346-7f40-4172-bbf7-da8f0215194a", "value": 1030144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689583455, "uuid": "c5acf7a2-d1fa-4ca2-8f19-c9eaea17c52c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583455, "uuid": "08b0b5af-f8a6-43f9-8a02-e90801d6301e", "value": "Invoice AR20230714N.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc15070b-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689594917, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594917, "uuid": "98a6cd6e-88e5-48e1-88fb-45483cf442ac", "comment": "Malware payload (AgentTesla)", "value": "f683b5dc5a111d770b0acf73d9fd53e3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594917, "uuid": "4eea23f7-8aa6-436d-afe6-cf745688154e", "comment": "Malware payload (AgentTesla)", "value": "46247eae2879b89ccae5e98acabb802062b6f21dfe86eb604ef136c2bcaf4958", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594917, "uuid": "60c79612-f217-4b40-b80d-cfb29b9cad11", "comment": "Malware payload (AgentTesla)", "value": "a721e8ee78d56a66bd228e029a449daecf0267a8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594917, "uuid": "abfb936f-9cf7-4e55-931a-a228d3a13450", "comment": "Malware payload (AgentTesla)", "value": "67bfcda8e5c64a0e29076a38cc23493b3d7f17be3e1f9e34958e91421c37becd8b6703c7f94cccbee870d23ac58c50bd", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594917, "uuid": "ae2078a2-b4c5-4966-b8f7-6fecda67c616", "value": "T1D9E4020077F94F16E0BB8BF29630523057F67AC77973E2454DC2B4DA49A2B804A26F67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594917, "uuid": "c0c88958-70d7-4ee6-8505-c90cafff6aaf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594917, "uuid": "5112dd32-0fba-4480-aa6a-8e68ec31b471", "value": "12288:X7y3YPOJZPe+5/XzaD/qxhM4cEaDb93OdB6XfvKsEEv+by+k8rkPz:O3ze+5/XWbhT31ABMfvKVE2bm8Sz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594917, "uuid": "1ffd299e-c2d0-4c13-893f-3ce5895b4bcb", "value": 691712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594917, "uuid": "886bf39b-4a06-4805-b6c0-d6494b99a9ed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594917, "uuid": "c4514a0d-86a5-4dd7-85d8-ba264a77320d", "value": "2363104503_4202741358 - Tri_H20.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f39061e6-24c6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689614740, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614740, "uuid": "6b4694d2-ae26-4837-bfa3-e844f7bd7c6f", "comment": "Malware payload (AgentTesla)", "value": "c6cf640ccb026a080509b872030721c3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614740, "uuid": "426f8092-1e2d-4824-a9bc-518309d9b231", "comment": "Malware payload (AgentTesla)", "value": "46b6fdea59c36bbb7d05b93343d11617e65aa3d76e9a2bf2c1d5969070364a29", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614740, "uuid": "4d30bd6d-5ae2-426c-bfcd-fbc1d8015084", "comment": "Malware payload (AgentTesla)", "value": "906602dcd4de25331faeec00ea1105cd0bd90a8b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614740, "uuid": "3c71f636-52a5-4538-a84a-6167ae05ea6a", "comment": "Malware payload (AgentTesla)", "value": "817019d480d31bf5e4467a3475ce9aae17e5062f957842ee8171ad92c477edfad48b142f703fab8367a4216ceb2fe0af", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689614740, "uuid": "df1cd203-0bf4-4063-a2b4-c3a3dd378f79", "value": "T120D1A51167D08A32D5B24B75EDF383816338FA616D96DF6F2E88110FAD527801A727B2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689614740, "uuid": "71e4e69e-37a9-4eed-9bf4-2952f50142c2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689614740, "uuid": "79f5558f-f522-4a5f-97db-5b11436df5d5", "value": "96:wjm3iYkzWmBNgIQQtTp+8hpCrp48vFU3y3XEaxfA7wXBzNt:izW4SO9p+IpCrp4TVaxo8XD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689614740, "uuid": "a40f384c-7f72-4d5e-bf24-60e298492cc4", "value": 6656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689614740, "uuid": "a1bd18f2-dfc0-476b-b651-3ae39174ee25", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689614740, "uuid": "eb44a180-490e-4b8e-a47f-8b913818fca5", "value": "OneDrive-Document-Order-#52257.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "706303c1-2449-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689560833, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689560833, "uuid": "d1978547-28db-4798-9d40-862fc91caba1", "comment": "Malware payload (AgentTesla)", "value": "9f4f7baf0e6ad951f02724b1895883f6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689560833, "uuid": "72c530c3-591a-424e-8439-8ea0a6e5a3ee", "comment": "Malware payload (AgentTesla)", "value": "46be56b98260d02be547d5a17841bf5f8262e835096609fa6f1fcb2b162f0d21", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689560833, "uuid": "fb4cf4c4-e49a-4fa2-8ee3-d9900f4a8dcc", "comment": "Malware payload (AgentTesla)", "value": "010a049f47ac3f2340fb14f1a74a4ec2f049d3d2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689560833, "uuid": "1cf4ffde-7af5-4ef7-a174-09ba67617db8", "comment": "Malware payload (AgentTesla)", "value": "611a4162681c493a62487e067a5ed450adc721829cc3323d1f867e163927832962a04f2990114653ccba0d9bdc18ba42", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689560833, "uuid": "1c71339c-4d99-445e-b90b-ff599aa5274e", "value": "T1C13523032D0B61F9D3AA473ECBA310211BB1DF93BBC3E342D8AA476549637DDA41954E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689560833, "uuid": "808c85fb-3a76-45a8-8963-47136b416ece", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689560833, "uuid": "e5ba95d8-0bc1-4b7d-bbb6-8c524f2a7fac", "value": "24576:hmzthpLfocz/FrE2wJ/BeBe69gKbZBkaVLckZNbkPAE9FHhdUQxD:oFzdrE2UNGk+Lh7u/BdUa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689560833, "uuid": "3522db25-4c45-40d7-952c-708197d136c1", "value": 1108992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689560833, "uuid": "de88ee53-2c65-4082-93bc-7efdf0e768bf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689560833, "uuid": "61d9e4cb-1021-4c33-822b-8eb2b77459c3", "value": "SecuriteInfo.com.Heur.MSIL.Androm.1.22709.9971", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b6a29bc-246d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689576340, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689576340, "uuid": "50cb166a-8e7b-492d-afb2-0440455e9577", "comment": "Malware payload (Formbook)", "value": "998c79456d9782eb1a03140e04f36d46", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689576340, "uuid": "8b3b26e4-8f8d-490c-91b8-163ff3451bcb", "comment": "Malware payload (Formbook)", "value": "46eeb436a29d74d779e09058eb574f83903c09c31706791288842640ddd94052", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689576340, "uuid": "d3dabc47-e95d-4d29-9141-93f25b5c8299", "comment": "Malware payload (Formbook)", "value": "9066be672da3a63b2fd7813e5c5ec1b3d1b36b3d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689576340, "uuid": "e86c53e5-e6f9-453f-8eb3-f084348c13ce", "comment": "Malware payload (Formbook)", "value": "b4ae56dcc4962e29d1df90c63689ed3972ac6c994774221f1e2bc8dc0e31a6c6055d2d37eaca192264ff0476b1c5b5c7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689576340, "uuid": "34e28fe6-081d-46ff-a242-d9e1eca8cff1", "value": "T190B4E04ADE42A3F8D876E0B482576A2BB4717988033C43EBDF5016751B61EF4B73A748", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689576340, "uuid": "1ace6bf3-e84b-4c51-8f36-80f21d6e66e6", "value": "3072:qqRbGFyesZPmO4wERAl/PfjDsJGa2Bbt/OF5fx9xmkrSG4uhIAI0YixrrVcR9nFb:qKbuEZD2alrD7a27/efx9FW8Uu6R7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689576340, "uuid": "89bd4791-fe6c-4263-add3-31c2095343df", "value": 503632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689576340, "uuid": "a92fb41c-c0aa-440b-b907-b8f4d1bdf261", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689576340, "uuid": "44cd1321-7198-4b6f-9e01-1a4b22a3b3ba", "value": "Client.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2caca2b5-24bd-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689610541, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610541, "uuid": "d561cf36-0bac-4f1f-9127-e844b195084d", "comment": "Malware payload", "value": "07ced45cb360a92ceb79041845a85f45", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610541, "uuid": "d421e729-ab5b-472f-9d86-02cc06821da0", "comment": "Malware payload", "value": "476e1e0002954a806f5edb48a2a0050028aecef90d8b58774bb879c79de47ce6", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610541, "uuid": "04bf08e7-3383-47ce-b507-474b36559f16", "comment": "Malware payload", "value": "89fdb92c38340123883055c50d12ae4fa170ef1b", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610541, "uuid": "24a587c0-25e1-48bd-acf4-64610c14dce5", "comment": "Malware payload", "value": "a249453921dfc5fe6301413118d2952426ecbb78bf9b866992ba9891cf2da76fc4c0c7c2125a4e26a7f7ada23ff2f504", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610541, "uuid": "04e2b749-cca6-4b98-91ff-fb53bff3eaf3", "value": "T193112312DC5562A8C3D6A2CA8674DED963BFD4494B52EF7C64405C90D6132532DAD00A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610541, "uuid": "d9e2c66d-d3e2-48f4-a61a-99f83ee04e22", "value": "24:XLjCZn6ljFghuXtdkLJO7/ROMGIHALTAH016o:XC9KghuXzkLI1t8L8Hy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689610541, "uuid": "71bf3721-d753-4bb4-80bf-f89adeb5bc32", "value": 885, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689610541, "uuid": "89dcc031-0788-48af-bfec-b1a4cd729bc3", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610541, "uuid": "274b1b92-72e4-484e-8203-d277128da3cb", "value": "tBZ__Qj9(778).cmd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "507c230f-2467-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689573664, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573664, "uuid": "5d25ad3f-84bb-4457-bf0a-df07852a735b", "comment": "Malware payload (AgentTesla)", "value": "841bc4b28567bc672d71cd8a86318236", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573664, "uuid": "b5f33987-e183-4f0c-99fa-4e42cd484c65", "comment": "Malware payload (AgentTesla)", "value": "477a2d13d980cac6ec09b09eda410ea674cb8aa69da8a1e6e2a80fcf3b290c9a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573664, "uuid": "dfd899a0-7ada-4366-b709-38cbb26a6e0e", "comment": "Malware payload (AgentTesla)", "value": "80ff2c2f2e6a5fb63f9d067b158410549ce3a9fd", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573664, "uuid": "64173f27-f490-4fe5-9bb1-dcdb88635c66", "comment": "Malware payload (AgentTesla)", "value": "9c802d9cfdf9ea5df6c9f317a1688f990c0c42b03396757057027416bb2aedcb816cec2a406f21e99ec930e5413e99ab", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573664, "uuid": "4c536443-7d7c-4261-a674-6c94660bf690", "value": "T186E3F14913947275D83F177B8C72A501A6729B8D3E23693F48C090DA6F736017AD3EE5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573664, "uuid": "6bfe6d5e-ef9a-48ea-8dab-0d575ac3bb9c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573664, "uuid": "4e107ea9-d837-4c59-89e1-6b94bbf59e3b", "value": "3072:oxmMRd5YFofTo4dXqJYNebTdz8rlmMtcDdNM8x/8v:osMRX04dXgYNeixbtcRNMz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573664, "uuid": "0b7ed916-26de-4af0-812c-8ceb7f339330", "value": 151040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573664, "uuid": "8a1cad44-4af5-4580-b5c8-116be5a000a0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573664, "uuid": "ae0c4be3-b3ce-4f10-a763-65d761722e32", "value": "TT.gz.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76be4455-2467-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689573728, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573728, "uuid": "36e7d3a7-44b3-4808-b523-e5bbc4e53126", "comment": "Malware payload (AgentTesla)", "value": "e20928dc6cd46158b416efaa74150605", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573728, "uuid": "e28cb474-de20-402c-9484-65efdd56f0d3", "comment": "Malware payload (AgentTesla)", "value": "491660aedd33c20086c3106b5abd7d1ac5936b6a8bc4f826703eacc0edeb9c6d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573728, "uuid": "1454b1c0-08da-4dfb-b7dd-674413072878", "comment": "Malware payload (AgentTesla)", "value": "732d261d795fc18c378ab2efd3c5cc474393a25e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573728, "uuid": "8ba6aa13-157b-4469-925e-f5531309dc61", "comment": "Malware payload (AgentTesla)", "value": "107a705b403a5f595a2c916f3a8fb68a75df3d5769c562ad95e7b2d966b58c3ba1302cca93f8d590d4f2e10a404375dc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573728, "uuid": "bebaf445-e71d-407b-8f6f-ee894cf6a000", "value": "T1B8D4239E296ABF73CD5262D660DE0944E7158FDBA064F9417AC3033F723A62C4462CED", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573728, "uuid": "40d5109a-b3e6-43c3-bc04-7165faa202a9", "value": "12288:1Driq2AfXm0lrTaQJLk/lmEyk3cuyUocccuKl1xpJRpgXyzNXzEin8t:NuqPWWBal5yk3cFRcuKb7hr8t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573728, "uuid": "058c6a16-31a4-46a5-b822-6ab55a7fb58e", "value": 640976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573728, "uuid": "ae48502d-234b-44c1-9d6f-673e40d8b6dc", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573728, "uuid": "4b6aba5c-0c3c-4cd9-886e-3b8c8796d8de", "value": "SOA.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "56aeae01-2473-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689578828, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689578828, "uuid": "2b249601-1778-4ba8-8b62-641271e22d2a", "comment": "Malware payload (AgentTesla)", "value": "f59ea46dd1cfa5403c3c6304ffe77cda", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689578828, "uuid": "78f95953-dd50-4bd8-a480-8dd15a625fff", "comment": "Malware payload (AgentTesla)", "value": "49609190f0c24671c2fd86b74f5d0578eb653da3a9e76ae67a66a3665010245e", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689578828, "uuid": "98b490ca-9c5a-45e5-8f38-a500c373dfd6", "comment": "Malware payload (AgentTesla)", "value": "a31cfb7f329a2fe4376bff132883a537f280054c", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689578828, "uuid": "60689dd4-dcc2-41e6-ab08-c139c23fb100", "comment": "Malware payload (AgentTesla)", "value": "5bb7b17389106bb8bf2e094edf869c34b03612fd09d87494229b99987dad21fd3c190f52e0a270490adfcd685e6c4d85", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689578828, "uuid": "c7c9cc8e-6d39-4d1a-a81b-cf664d0364ac", "value": "T19EB423667F194018F750BC2DED62E8793070F98A6CA8A70BABFABAD40F1015157D2F1D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689578828, "uuid": "af6d152a-5e88-4b90-b601-a75e6ed3c918", "value": "12288:qnL1P6sv36IXRM9YXfHkVCRahwj8j1gtyyqP4Lf8+MZ/C:qh3w9YH4FP4z8+MZq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689578828, "uuid": "213bdfd8-897f-408e-b87c-a69ce4206f44", "value": 539092, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689578828, "uuid": "6c44e48d-4104-4474-bf9f-5994464bf7b8", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689578828, "uuid": "c0697867-7cf6-4c41-8b9a-b5ae8afc2142", "value": "Statement of Account.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d402aa3-2467-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689573659, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573659, "uuid": "8f9860b0-bd1c-47ad-90c7-45c9920ef1eb", "comment": "Malware payload (AgentTesla)", "value": "ada7f505c71cae7cdc7694201d8b7c18", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573659, "uuid": "8becddb0-4fde-47d9-97b3-3214699c9827", "comment": "Malware payload (AgentTesla)", "value": "4bc45d26bb6798cf155619cb19295416035e10e0e810da5cfb806da00807c2eb", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573659, "uuid": "d1f33760-4865-4701-80e2-2871c3eb5d03", "comment": "Malware payload (AgentTesla)", "value": "0b68846c3e3d33942cf81feb6e58571d9fa7e364", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573659, "uuid": "4dcd04c4-3e0d-4926-9ca7-30516c0a1d5d", "comment": "Malware payload (AgentTesla)", "value": "8c272d018a81249fcc223bbcf6de4305694d5448b436192c2031427844d652c9c82149cd7eebd21cca78d7d56102c211", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573659, "uuid": "f476671f-8f0d-4b11-9966-d089cd05b2d0", "value": "T197930287BC9136D8A361210BC8E9FF6A96038B7C37DFD17E6E6095469731201E443ACD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573659, "uuid": "c52b6407-4260-42c0-9136-832527e80e7a", "value": "1536:/PxLlFk65+7cJ7frgO02lovTfJkeNcZ7UIGbTdguWzPZnxrgEodtCk79jiDYM5+E:/55fDJ7sO0Uovl6NebTdzeZnxr+dtcDz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573659, "uuid": "effe2e2f-199a-4f8e-9b0a-b13c3722a8f7", "value": 95705, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573659, "uuid": "28a98481-484b-4c03-a33f-51cef77b2ce9", "value": "application/gzip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573659, "uuid": "83d963d0-f720-4d0d-bcda-0c1edfb93190", "value": "TT.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33e9cd08-247e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Cobalt Strike)", "timestamp": 1689583495, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583495, "uuid": "8d80ec10-7a51-4bdc-9969-3cd20fcc545e", "comment": "Malware payload (Cobalt Strike)", "value": "0e0ca5bc4a793f5bc1484c6be16a2742", "object_relation": "md5", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583495, "uuid": "a634310f-bb35-4c6a-b581-b99aa00a5b35", "comment": "Malware payload (Cobalt Strike)", "value": "4c4a42aa19a24c47d70ba63a35d841d9b6f49c193f709f89b21c1826a74a29ed", "object_relation": "sha256", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583495, "uuid": "d2669c16-8269-44f5-bc52-64cb13ed3834", "comment": "Malware payload (Cobalt Strike)", "value": "d39f1aaab781040cd9bd55cd7a9f4ac8c4f0134a", "object_relation": "sha1", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583495, "uuid": "3b095db7-fb97-44e3-b1b5-83ea2db072f7", "comment": "Malware payload (Cobalt Strike)", "value": "888d1c119d4f2729077a714a8439e95a2021e4228eb039472b96562c98513ceb18300ef82cb84251968ef410794c778e", "object_relation": "sha3-384", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583495, "uuid": "428cda64-f793-4729-8c21-d9e25d3f0ae7", "value": "T10F26AE7225867CFAEAAE6D3184142E402D787C8B1B2053C77B4975FB367A2D48D3C768", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583495, "uuid": "549aa6cb-033c-4a19-84dd-20af494af9f1", "value": "9cbefe68f395e67356e2a5d8d1b285c0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583495, "uuid": "19ef5a7d-33ff-4cf5-9c3d-7ab5d0f39943", "value": "49152:OWHSHIBvrb/T0vO90d7HjmAFd4A64nsfJBusbzFeKLA3gfDsHbnW0/EUGssik+rh:G43+/IQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689583495, "uuid": "f068e04c-a69c-4fd2-9e7f-c43dcfde3094", "value": 4859904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689583495, "uuid": "1550b75c-b155-4aea-9787-fc5bf30f4370", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583495, "uuid": "bed60140-1a2a-45ce-87c6-83c596a3a76a", "value": "4602E9E4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e110026f-2451-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689564458, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689564458, "uuid": "d23ad55c-5eed-4ff7-abe3-2e4c2409f7d8", "comment": "Malware payload (AgentTesla)", "value": "e2170872a931393fb5024e0ab6d67a3b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689564458, "uuid": "0f6105b7-f73d-48cb-9451-3e69e3a0bc06", "comment": "Malware payload (AgentTesla)", "value": "4c5c92dd8f43ed66f1cca431f7cb09c72d5e90202455c88150c0afbe9bae29ec", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689564458, "uuid": "1de40044-0b6d-4723-b261-08791a3d3b53", "comment": "Malware payload (AgentTesla)", "value": "5cfc20fe3a155be0a244ec4a28a1a6ca41df0f3b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689564458, "uuid": "543ebba1-973f-4d87-94fb-81784f0c2587", "comment": "Malware payload (AgentTesla)", "value": "95a882af75a704b2b445c6a21cebf216a7980f3f10a81b0fa7666520d18f06656a182bf44217b1feb1bb04d6907281af", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689564458, "uuid": "4a16bd6c-5f5f-4e84-87b0-6725ff740da3", "value": "T1FBC4D078503C83AFEB47CBB6E834155622F013666AF687DCCCB9295F3E79238A0545B1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689564458, "uuid": "4be20233-dae2-4f23-9fa5-ea4233a6497a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689564458, "uuid": "078f97d4-e899-44df-b4b4-984587e579ae", "value": "12288:jqTrQaSejL8Z4kn+ZhkquMXiQuZd5oA9SHOh77cweIo:jqTrQaSejL8Zdn+ZbSQAd20SAYwzo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689564458, "uuid": "e24c32a7-88d2-498d-86ac-6d3c44fac8f8", "value": 580096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689564458, "uuid": "dfa5dc0b-e751-4846-9ed1-f9d4a6979b11", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689564458, "uuid": "8b475908-7dcb-49c0-b67e-6d5c83cc0342", "value": "SecuriteInfo.com.Trojan.Locsyz.720.25432.18362", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9cdf233d-243c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689555324, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689555324, "uuid": "f6ad8b74-4489-4317-bff9-70b9ed5f2e73", "comment": "Malware payload (Mirai)", "value": "e9b3042238a0902e4d5aa1565735caf9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689555324, "uuid": "c30895ce-3a61-4bc2-9f62-a17d1e355325", "comment": "Malware payload (Mirai)", "value": "4d84bae62b01df390931397b0908ff295fe1fb328f43edeb02bff665eb413a62", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689555324, "uuid": "faa9688c-5b9a-434c-b10b-cf5bb4b3dd99", "comment": "Malware payload (Mirai)", "value": "ca58bb69ad3fce45dff4a37ca8fac75d0910a6cb", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689555324, "uuid": "b9cd246f-0423-49e1-b088-6a783ec084bc", "comment": "Malware payload (Mirai)", "value": "936ec13a04bad1cea146e6388d80db421fbd678a67134209fdce2879eacf139ebdbf98382c77b87a7d1c839047c185b6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689555324, "uuid": "d236ef1e-d741-49a3-9afa-849163052c55", "value": "T1E5A3AF61E3649CE5C1444736A2F1E53E4373AC06B5472EFAAA59C526600FFC8F12D3BA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689555324, "uuid": "52da0821-26db-413b-b930-8e18c78a06e5", "value": "1536:8nksiIm1GeEa9PGmnP1TBFw8cF9lwq20HcvidLHuiCVqxmQcfY:+rlOGeEa9PxHSwq2YdLHDQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689555324, "uuid": "442d7829-4de6-410c-8fba-b57c155779ec", "value": 100588, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689555324, "uuid": "56cf726b-54fe-4b69-82bb-f98da91f3d57", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689555324, "uuid": "63131fb2-b686-4b9e-95f6-d1b24de606c7", "value": "e9b3042238a0902e4d5aa1565735caf9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df41430d-2477-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689580776, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580776, "uuid": "916300d0-fbba-4f4f-a895-c41db29bea51", "comment": "Malware payload (AgentTesla)", "value": "9aeb85ac3103c381a85d21d36064a050", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580776, "uuid": "2b2d78e2-f841-4dc0-b426-f24b9af3d572", "comment": "Malware payload (AgentTesla)", "value": "4e2230087fc9c3f3e87b8508d14234d089169dc2219629889cf1f8e42a4a76ac", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580776, "uuid": "ff4b00ad-fe78-4368-8b35-5012d76ef381", "comment": "Malware payload (AgentTesla)", "value": "6bf8bd22edb3b288785da2ba46297c1055ee2311", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580776, "uuid": "4cca7b51-b7e1-4929-b1c3-2a6ed9954df8", "comment": "Malware payload (AgentTesla)", "value": "ecf308c918eb72ad30b8fc97c53150a952c1d7f35290473e733abab3671576d716ef83ac6ca79a45fcba253ee55cfe4b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580776, "uuid": "8036e1d3-7855-4c25-a024-7b08d611d27b", "value": "T11C456B0475241F57C3ED65F7859A344237F2415E210AE7D1BEDCDAEE0BF2B89A287A08", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580776, "uuid": "1c48e72c-2522-49eb-9320-021d2bec2fba", "value": "3072:ty04M5LM86fLSQQccVZ7DEWN8QlB02l1t+4L7dzJiwJi:k04M5LM86fLSVccVZ7DEWCq1UC45", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689580776, "uuid": "f98f2a30-9701-48d6-a76e-341d6764ff0c", "value": 1245184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689580776, "uuid": "b870527e-0cac-4c4b-a0e8-9677fea77230", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580776, "uuid": "a77451f3-c478-425c-8970-b06a2770f724", "value": "Sample Image.img", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8944ddde-24a0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689598241, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598241, "uuid": "19790ba7-9ff4-4675-b77d-35a16338e325", "comment": "Malware payload (Mirai)", "value": "9d7e17138b157d1394c2d02d0dd86cd8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598241, "uuid": "d86db0c5-f0ec-4e47-ae77-bea4fd554cd1", "comment": "Malware payload (Mirai)", "value": "4f0517fdfaf43027da2e7de60d6649eabc5e793aca845b88281aa9ef1992adab", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598241, "uuid": "8b307931-7818-4b80-b483-525ee077008d", "comment": "Malware payload (Mirai)", "value": "50f01f5512a668ca0918247c570a31449296b053", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598241, "uuid": "2776530d-2757-40a3-8b38-c5df1104701f", "comment": "Malware payload (Mirai)", "value": "8c27816862cd832d660c63b13293a799646af29405191a89e5f98f20edb0d111108b2cc637cebeb3f542e2a392117e55", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598241, "uuid": "a995ec3b-6fc2-4862-93d6-a3b1e5c01258", "value": "T1BC8329B81996F67CF9F250B9F45310EA28610B1C379CE1E3A987603AFFB47087169D49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598241, "uuid": "71102c06-a1ed-4f87-99ff-b6e0abe0bb0f", "value": "1536:ULkGPAJF0A/nnmrgKQWAf6nx5/WvfAAb9t7iY9OM:EIJF0A/n2QWA+5/WlrN9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689598241, "uuid": "aeed20ab-e921-4d54-8715-327d9ac3df3b", "value": 83396, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689598241, "uuid": "ef20af39-a089-4e7b-9918-0f0977b6a779", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598241, "uuid": "4e9028af-878d-4d7d-b655-8e7a7f17040a", "value": "9d7e17138b157d1394c2d02d0dd86cd8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f635bcf0-24b6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689607872, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607872, "uuid": "df03c825-0ab9-4fe1-82bf-59e361076776", "comment": "Malware payload (Loki)", "value": "a26db7153b90943c5c2d4184acaf74ba", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607872, "uuid": "57e1476e-ded5-42c3-9f6e-63bf1922298e", "comment": "Malware payload (Loki)", "value": "4fc6fd8ba76eee1d04d6307ab21c5e23a1bdb6505f0d5a512e37fc75739a9a81", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607872, "uuid": "7877ef06-fce7-4484-b65a-c4f53c712d00", "comment": "Malware payload (Loki)", "value": "ebe0dc8b106371f30cc02fc48eff0ed8b8e7187f", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607872, "uuid": "f71ada35-2714-4c4e-95eb-dc005ad5bff6", "comment": "Malware payload (Loki)", "value": "463d5b5e4dcea8922e3364fb01eded80c80f59a3dc583861f4a74a11b537fd431ea5dabe2a6781632d88bb9cc3c36a2c", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607872, "uuid": "c9d9f740-29f3-4aa4-b611-47eaed0535e2", "value": "T1D4B4AE78503C8BAFE757DBB6E424155223F013A71AF2D78C8CBA24AF3E75724A1445B2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607872, "uuid": "28cb282a-1bd3-45f5-972c-0f714e777de7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607872, "uuid": "de3f16dc-817a-410e-992d-3a83d283b4dd", "value": "12288:0dnG7xlLvWiblIaAe7QZ0MgMIUoqTrQaSejL8ZZ:cnGbrWiblW2QZTgMIzqTrQaSejL8ZZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689607872, "uuid": "201e922f-572a-4ea6-854c-040d8188d27d", "value": 497152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689607872, "uuid": "d057abec-8235-4780-8580-f4373c042f57", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607872, "uuid": "89b4746b-ab20-47bf-824a-c002945bed8b", "value": "Quote# 1193353.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "224e87c8-2474-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689579170, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579170, "uuid": "e268d4eb-f7fb-4d7f-9c9c-ddb75add674b", "comment": "Malware payload (AgentTesla)", "value": "e0ab1c2ae91defc4d4219bc6e39e4c1a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579170, "uuid": "d115735f-bf74-4209-af6f-489f05cc7ae6", "comment": "Malware payload (AgentTesla)", "value": "4fcd3f9e0e5e44fe8b4f1fc41ad808a421a3c59a5cedfea7afa443708badc601", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579170, "uuid": "2c7c3495-1d10-4630-a70b-a2e0f3057098", "comment": "Malware payload (AgentTesla)", "value": "16c4c25cf8cc2e314e48cae28a1eacf85a6cf1ba", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579170, "uuid": "3cbcdb9a-226a-4c4b-ad28-f109165b3901", "comment": "Malware payload (AgentTesla)", "value": "5a84c8ab33830f88b5b41c11bd4624d9f7a1a534f3e6d2fbddfd2637d4f621d2235630ba3cd4bb84131ecd774f424a16", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579170, "uuid": "1561672a-2406-4305-98e8-63f7a9909314", "value": "T1C6D49D38607C8BAFEB57C7B6D430211213F412666AF2E39C8CBA64EF7E35724A154572", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579170, "uuid": "06e1403f-5c50-4776-b077-f9f9725e5984", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579170, "uuid": "5dbbc8ed-4ef9-4e8c-9aaa-1e294c44f1bf", "value": "12288:KhKt61MtkhJp240ZZzg1grOLhk2PLu12j0eq55nm+XqTrQaSejL8Z:9MAWJQTjkEOLhk2K2jkm+XqTrQaSejLk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689579170, "uuid": "dd79cfcd-3f0c-4a4a-8a40-dba0b5aafd49", "value": 627712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689579170, "uuid": "d8b8ff2c-4029-47cd-b7bb-a6e8b0e46668", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579170, "uuid": "12a41804-337d-4732-850c-4c6f169f0a38", "value": "NSfzA4ooMisVxKC.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a668785-247e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689583479, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583479, "uuid": "73107a9b-5d44-4266-bdb4-692a196a5655", "comment": "Malware payload", "value": "2a8b0e993bdf4213b8ee3fe7567b8c0d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583479, "uuid": "ed5fee8a-7478-4432-bbad-7856c783ce69", "comment": "Malware payload", "value": "50982cb0e6e1d9f9149cc13388067e67d449cb982a6e03f92a343433cbfa7404", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583479, "uuid": "19be3939-a164-40a9-a2a5-a862e90acca7", "comment": "Malware payload", "value": "3ca5fdda04f4029bceebb09777ebc1d03c8c6179", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583479, "uuid": "80303af1-a8ba-4b5c-b37c-cc9240fde2b9", "comment": "Malware payload", "value": "6fc5cbab6e2bc301b23acce0024cd5b1bd64e7db3bdb75f569c3d31b7957ec793fddf6ab3f631a72025c7c54cb5f3fa7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583479, "uuid": "67ca48d3-b083-4224-9747-3451b26a87e4", "value": "T17B847F137D81F876CBB5257F7898C6611A246C110AE398B7738FFABD6D33E806720265", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583479, "uuid": "87f4cc89-803f-4a5d-990a-53393ffb23d5", "value": "bc05f8127634012c3356057e71c9ed4e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583479, "uuid": "83c25c07-14d7-4437-8af1-115e0c6faf58", "value": "3072:VzaIOM9KMNiP9IEEA0lgo0A2XVFtiYOu3xFBsAg0Fu6m//6zrcjox/xn:LA6EdQ/X2XDti26AO6nOA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689583479, "uuid": "6902bd8f-8872-4e75-b91d-803176921e40", "value": 376296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689583479, "uuid": "b2771cbf-60b4-4b11-8a13-6c5bb43f5cf4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583479, "uuid": "1ac953a6-ef02-4b40-a8e7-16ddce9c82e8", "value": "1514CA1C.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db65d828-24c7-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689615129, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689615129, "uuid": "8182e943-1b42-4fcf-84c5-0c5abcbfc0e0", "comment": "Malware payload", "value": "aa05d0fda09bc61dd63cb3878b8af9c8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689615129, "uuid": "5e5b7fb9-174d-48f9-9dca-dbe59246ffcc", "comment": "Malware payload", "value": "50c61927f770477b0c6230fa0dd5201035f0ad8372354b53e6d9def4d1949e3c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689615129, "uuid": "cf0c6695-1107-49ef-87bd-0d38a45f8fd6", "comment": "Malware payload", "value": "629128da9551de291e8b9f427e807b021b48083e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689615129, "uuid": "f71e0a48-0ae2-4a39-9f8d-40e59c85b86d", "comment": "Malware payload", "value": "b2bc15111a3dfc1096d3d3ea37d643af447517f3d95186211e00263fe5a0a1b03563749b05943026429da164fa4de970", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689615129, "uuid": "1b97cb57-0753-422f-aad5-109150f22d9b", "value": "T1C4A4F17277A18797DD2F17F028E61B4ABF76B95E5B4316CF7288A50A3C43322422B5D0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689615129, "uuid": "078e11fc-5f67-4c2f-bb76-d35a2f980f89", "value": "ced282d9b261d1462772017fe2f6972b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689615129, "uuid": "95408ba4-d234-48e4-83d4-0ff0dece04de", "value": "12288:c0qxbyl+wwqOyLjZqjk6IN5q7FStO9HR8KQX:Exel+wwcjcsq7QAwX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689615129, "uuid": "91e023f0-9319-4252-b181-f94675f09ca2", "value": 472883, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689615129, "uuid": "1763aa60-fb74-460c-86a8-74f26b7d08bb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689615129, "uuid": "194544fb-2492-41d0-aac1-48c3efdaf66c", "value": "CHI-TAK ELECTRICAL SDN BHD_Pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e172c150-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689594953, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594953, "uuid": "7fc6d170-b40b-4337-bb1d-a90d78b0f9e7", "comment": "Malware payload (AgentTesla)", "value": "eca5a2ace032e120bd87592ea6399e18", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594953, "uuid": "3f70b25e-9554-4c2d-a207-e526e8bbaec7", "comment": "Malware payload (AgentTesla)", "value": "50fa00b80e39589840fa519f562983460856da8a8dd0f874959f6553ae94fce4", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594953, "uuid": "78306acc-90af-4384-b37b-9695fc00572d", "comment": "Malware payload (AgentTesla)", "value": "c9901c0feda8a069131c80a29065053f32d1ee4a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594953, "uuid": "2dc2c1fc-cf88-445b-a24c-d3429cae3604", "comment": "Malware payload (AgentTesla)", "value": "b24e2d60bb00dff251ec6b0dd447c5946e66639d0d10ca10c4307acb69a827bc75afee20370640dbcd1f0563488039f8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594953, "uuid": "150daba6-bb41-4e4b-831c-bbf87ff34789", "value": "T1C6E46C0B3DD0294BD42E423E107C6A6CEAEED51E466FE924752DC2A3B2F664C0D4D74B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594953, "uuid": "078ccc4b-4521-4fb0-8e0f-2a947299bf01", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594953, "uuid": "1dd9ffe7-2b24-4c40-ac16-c938b699e7e2", "value": "12288:1uFwNGQIut7DYP1iogpj7SJSsEG4wNwGUIZH/EoRy2ME6:1uFwNz7sPFgwJd4wNwGUIt7Ry", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594953, "uuid": "4a5dbfa2-2d54-4246-8a2f-bf76d4e534d2", "value": 712192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594953, "uuid": "300e5dc1-130f-433b-bdb4-720e391ac008", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594953, "uuid": "035aa294-cd06-45ec-90f8-a63928a5b0dc", "value": "PO.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b1e1609-2439-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689553845, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689553845, "uuid": "e5cc0636-1b14-4d94-925c-379f1a83d238", "comment": "Malware payload", "value": "622f354ea829538a284e6ac8bb14a4cb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689553845, "uuid": "0483274d-27eb-4c6b-bad0-27e35332f763", "comment": "Malware payload", "value": "51860d607d01d9f4560803231277f56a24638d71aba9fa3cea64cde108161c53", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689553845, "uuid": "2e8eebea-9fa6-48c9-92a8-264243ff18c1", "comment": "Malware payload", "value": "4f6996e9361920e50a507616eaef68eed3754c44", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689553845, "uuid": "24575486-5ed1-4851-9863-e68ed9f4bcb1", "comment": "Malware payload", "value": "27210c277bb168aa2d5369f519377d374289ffc6cebe57a456f3b64be765fad35eef3b8c9f4208895235510bd13f52ad", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689553845, "uuid": "a7dfd4cc-c478-4e98-99c4-33566e8d3552", "value": "T14AB4226BFF12802EF4DD91B2ADFB9D3D0D3289786CF192860A5E8DF0AC19615731581E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689553845, "uuid": "d72c86f0-5723-4751-8107-b5dc4d76107f", "value": "261814086e5371c08c88b3dcc8b8c70b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689553845, "uuid": "8d19c464-9079-42d4-aba1-6e5fb1cdbd3d", "value": "12288:9OA4w136YA8YerNl+EZIoJXz6avUpAINcNOM2gCrlXpTrZQH:7kdRO1ZHtz6avUtzMQlXRmH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689553845, "uuid": "89a0ee34-4f7c-461e-9847-e10b2e40df3e", "value": 531672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689553845, "uuid": "6d63f19d-be06-4074-bf63-56830ae62b02", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689553845, "uuid": "0307a02c-cb2e-439f-8b27-afc3d4cbe5fa", "value": "st2.bin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3d9b619-24ba-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689609533, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609533, "uuid": "bca7b799-16e9-467e-8198-3c8ee4f10bad", "comment": "Malware payload (AgentTesla)", "value": "5a83ac946011dcd14ffbf041dde87875", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609533, "uuid": "1cf074a4-4ade-4722-b858-f6a8cd4b3c28", "comment": "Malware payload (AgentTesla)", "value": "5246086c7222bea3cffcdf5b680196b1369a9730657eeb2f2c5940b7633da65e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609533, "uuid": "53c85bd3-7ae1-49b6-97d6-f90656c7591f", "comment": "Malware payload (AgentTesla)", "value": "b26d68841639fbfe8f55c5b5784cb3efbddc4366", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609533, "uuid": "ebfa3ef8-d4f0-4787-bcbb-68b0a20ba860", "comment": "Malware payload (AgentTesla)", "value": "f93524768aa75a16973f3b1b385eb40c583c0a934bc569e778f4197d5bf87c315ca80e6433c34faf6ff90abad5370296", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609533, "uuid": "4ea1df7e-5d9d-427e-a4cc-310d5a9b46de", "value": "T1EDE45C1B3DD02A57D42E426E107C6A6CEBEED60E426FD925382DC393B2F664C095D70B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609533, "uuid": "02ea42d1-1b5c-46dd-8964-e4404d1e9545", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609533, "uuid": "3e26c65d-1ee4-47e5-a5d1-40e05f9c3b19", "value": "12288:X579GQIut7DwWm1YaUa/XADvmbpHUO+nX1QmaHF47MXk80w9:N9z7kr1YaJfQtnX8HFLkE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689609533, "uuid": "0f11b849-96aa-4bbd-aad1-f97db8c81feb", "value": 713216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689609533, "uuid": "5555c284-876f-4879-97f6-9a5cfc8bb6b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609533, "uuid": "9a60c9b8-db95-4ea3-8959-15b21c053032", "value": "PO_4800038773.7z.001.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84116565-24a0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689598232, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598232, "uuid": "94cd487c-a0e2-4fad-bf50-a8ca15a98cab", "comment": "Malware payload (Mirai)", "value": "a418cbfbea545493f9ef43693f0cdec1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598232, "uuid": "45bf6f77-c7b0-4bde-96fc-e659a1ce3c1e", "comment": "Malware payload (Mirai)", "value": "53dcd435d8524b836378b1dba4c506274c675d9ce6526ccdcdcbedca48499984", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598232, "uuid": "9b554561-88b6-494f-acae-31b91bf125ff", "comment": "Malware payload (Mirai)", "value": "0404ab8e54c1c8073a81196118ea241922907b1b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598232, "uuid": "f5b8d369-f3ac-40fe-962f-193558ff04c4", "comment": "Malware payload (Mirai)", "value": "65c77eb54401434ee2f63288480cc31f762e1d0ba682937566ae912523d22713715d1fd52720fd4ac7ec0a65103ddf87", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598232, "uuid": "9dbe7b58-d833-40a5-a296-77079c7a57f6", "value": "T14573BEB3C9657DA0C2584138B5E69D381B23F50456231EF54E668BA2610BEFCF50E7B2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598232, "uuid": "5849e221-af6b-4392-bdbf-c39b04eff9dc", "value": "1536:i/in9oTi7wPaDwtEZ0EPY9T7QjqTAvGRwjiWuvVCdNMQ:ia90EuczFQ9HpbRwjLuvVc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689598232, "uuid": "3347a60f-da1b-4a18-b599-9879d7b2a226", "value": 74804, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689598232, "uuid": "9df754c9-0965-4638-ae5d-cfebc24e185f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598232, "uuid": "5bf2a60b-42a9-4cb8-b9d9-32c8d24203b9", "value": "a418cbfbea545493f9ef43693f0cdec1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "79639a7b-24a0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1689598214, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598214, "uuid": "b596fe29-d65a-435f-b9ac-17fc959258db", "comment": "Malware payload (njrat)", "value": "074bdd1e98be183d3501cde461be8136", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598214, "uuid": "845e1646-4642-4a18-82a8-4dedf1f4c17b", "comment": "Malware payload (njrat)", "value": "53e6b4fcb7d3717f52af9a0034df04ebb35d0173467ee7374e1b789594dbf081", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598214, "uuid": "462c926f-bd9a-4bfe-9af2-6c5bbde69391", "comment": "Malware payload (njrat)", "value": "88e79b3d0e94bd213559b9ccd95e94b7923f8f17", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598214, "uuid": "4d5c9d45-2955-43f5-828a-44586a3c531a", "comment": "Malware payload (njrat)", "value": "56ba8af802b3025419ac5cad54eb69b0f4e20ee2baf602c0ce7a3b76c9c4d75ae2c36b4c581fe4be2edb850fb93aeb5a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598214, "uuid": "01052e2f-5bbf-4af8-bca4-a0c12995e13c", "value": "T1F513E78DB694E174D5FF8BF1B4A1B2890B71A017A806930F99F114D98FB3EC09611EE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598214, "uuid": "4606d641-04e6-4815-a492-49aa4edbea39", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598214, "uuid": "82ae4371-3795-48b1-ac76-fcd39c4ffe8d", "value": "384:u8ZySa33VarE8yTNJFqfQYMEnwpai0+dzEIij+ZsNO3PlpJKkkjh/TzF7pWn5mgm:u6xq3MY5TnFqfpMpLuXQ/oUC+L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689598214, "uuid": "3f0082af-6e0b-4647-8314-326ed6c803c9", "value": 44032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689598214, "uuid": "93700bc7-2381-4c1f-9666-020c3e847c59", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598214, "uuid": "e053643c-d664-44c7-9ada-ba9bf578953f", "value": "074bdd1e98be183d3501cde461be8136.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8be8222-24b7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689608199, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608199, "uuid": "6dd9ae71-b80b-40d6-bff6-bffbceb0e4ed", "comment": "Malware payload (DarkCloud)", "value": "84e75bee20aad08948b17f1cf395aa98", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608199, "uuid": "1bfd3803-6a37-4e68-bb44-5787210f7c87", "comment": "Malware payload (DarkCloud)", "value": "547cd0ab1f4369a1f7e6477acf6a1440ff44ed8f8839a77a0317cb96f7dd088b", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608199, "uuid": "82a7498a-1473-4e3b-8447-f7d10b438548", "comment": "Malware payload (DarkCloud)", "value": "656062929e91ab351424035ca1cc81da79118972", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608199, "uuid": "a218d907-6ac2-4598-928f-269711b6599a", "comment": "Malware payload (DarkCloud)", "value": "0bcc661fad85b542234a9fa03fc78f54923056862e5a6fc0e0034065d8e556e8ca208f61e75b77618d4609925dad4851", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608199, "uuid": "da23ce31-757a-44a8-a2e2-f3997282871f", "value": "T17405E038513C8BAFEB67DBBAD424155713F013922AF6D2CC8CBA28AF3E757246054572", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608199, "uuid": "e38d5c44-6d13-4255-9e60-ff97e5e49150", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608199, "uuid": "343a07f1-81df-44a1-98a1-7887784a14fd", "value": "24576:YDxBsP07JIOqC/kqEzR1D8ngWUdjwyqTrQaSejL8Z8:Yjs2Iv6E/8ngWew", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689608199, "uuid": "57a168d9-a6ee-43d1-8009-7201d330fdd9", "value": 808448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689608199, "uuid": "83ceb7e4-a31b-4c7a-8317-98f685bed4a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608199, "uuid": "c3a67aa8-ac20-4ed7-bbdd-1cebb7fcad80", "value": "COMMERCIAL INVOICE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44a4df52-24f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689634203, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689634203, "uuid": "2ad60d79-fbbb-43ff-925d-e63b7701f521", "comment": "Malware payload (Mirai)", "value": "06a15c5be06eea611f3f0bcf67a222f1", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689634203, "uuid": "0c86267b-43f4-4239-80f7-b4838a08ad57", "comment": "Malware payload (Mirai)", "value": "547da149020e17583da3857b4f2fb8de1be4d1109b73daf6ede6a5635aeeb9c7", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689634203, "uuid": "bf9a707b-8107-4e42-81a4-618346a6c9c3", "comment": "Malware payload (Mirai)", "value": "3bff0634c592f35bc2d086a6654b0de2fc27f041", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689634203, "uuid": "ff2337f4-0ac4-4190-a868-0aa435b2ba11", "comment": "Malware payload (Mirai)", "value": "eb822d3cdd0639661a1c17620ced622d9e7f95c5d06b3bb309adcad7bf55644e25487d20206eeeea9097341b5275f38e", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689634203, "uuid": "aebec4de-47ec-4433-9fac-308d54024169", "value": "T1A1C2E1A285FACA17CC63437D1938197351585C55E34DEE3D1B2B9ACC12C84F32ABAC53", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689634203, "uuid": "0d8a5f8b-2e94-41e3-ab70-f90e35975ee2", "value": "384:Ms59WXUx5+bkbRaliVErjrL9VD9jPwrSaf5bwIB5/8x2BYFydHY0sNDZvzbSNHcw:t5+Kcrb9VDJef5Q2PdHuzb8HoEPbMb4N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689634203, "uuid": "c55abbaa-1582-4b02-816a-d29a841b176e", "value": 27712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689634203, "uuid": "afc289f2-8889-4055-b733-cf1759fbfc9b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689634203, "uuid": "e02d5bf8-331e-4461-89a0-61fa42932954", "value": "sora.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ceb1703-2437-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689552962, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552962, "uuid": "9774c2d9-69b5-4af7-8820-f3b51505461d", "comment": "Malware payload (Mirai)", "value": "b7de8bbd6e4a45d6fb35410a2a9a0bd8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552962, "uuid": "bb2e6ff3-ff85-48db-a4d0-4a96b3b295d6", "comment": "Malware payload (Mirai)", "value": "54e6b7408babf590fdb20de9691b723c34c0cff1b39f121274eea6589e7cce56", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552962, "uuid": "c9b8e102-572d-4d87-b786-3a48000a815d", "comment": "Malware payload (Mirai)", "value": "d8deec982c8137d27663122a40c0bb5446ebdabe", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552962, "uuid": "7da60d6d-ea23-4945-991b-e6eebe8beb84", "comment": "Malware payload (Mirai)", "value": "cb3c2e90774604b6906478738dfa20738f3a9f5ec6e931448ce28dd520bc04cad0911976a8abf59733b41ffc6f994aa1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552962, "uuid": "9b658942-a706-4be1-8cda-afd86286636e", "value": "T1AC03E1FEBE0D7D8BC99E8CF9A1C806B547102094226F6759A3845DC0B95484B7BEF0AD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552962, "uuid": "521d02b6-9566-4ce0-baf5-f772f51ba87a", "value": "768:MZGVHi2f2YHZqE7YkUoD/3o/oGG1WhchNjNpevLwdpsnPb2JrdP/tIWk:9wmqNkUoD/3owGG1WhchNjN9dpskrF/s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689552962, "uuid": "f70fa76d-74bb-4e86-8162-24b7c535afe2", "value": 38060, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689552962, "uuid": "29a48869-8ad2-4cce-9440-a543d2b6d7dd", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552962, "uuid": "90838f29-9e56-4139-9823-0d48d6fc2d01", "value": "b7de8bbd6e4a45d6fb35410a2a9a0bd8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f0d161d-24e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689626892, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689626892, "uuid": "2e2d66b4-e809-4c8a-95be-3bc1e492dd95", "comment": "Malware payload", "value": "ad607f046a6f855f06d0e7b2cab189c1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689626892, "uuid": "65a9b179-8ea7-4af7-8c64-41495406b128", "comment": "Malware payload", "value": "552719d9dda2789ec880ab52ba8c7e695b631d6fab6d56474b4b6a4f8fe4c21e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689626892, "uuid": "a793b4db-f7ae-4d03-89b5-dd15c46a5251", "comment": "Malware payload", "value": "99a3416dea0f6eb2900c17b50ff171b15386e8bb", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689626892, "uuid": "8772c040-3bea-45af-b269-39a8beafb830", "comment": "Malware payload", "value": "2ef16c3eee7bf8466abe80a1fecb9eab62190998070593e0b5c7e000fda1ccedc09038c61ac8e4bd9b76ce95be9d79e9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689626892, "uuid": "9f9de5d3-9668-4725-b0cd-268fe5c28436", "value": "T17984BE313BA8AF50E57DD7769731148007F1B506E762D60E7EEA40CA2AB2F458773B22", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689626892, "uuid": "dd84dce7-c989-4082-89a0-17a099a88d34", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689626892, "uuid": "4655ee39-531c-46cf-a00f-312906080734", "value": "6144:VZVgqnvYmMKNLgYApEBQh9jToGZaFROm7kv6KreTqH6F:VZ+qnwSg/ECh9jTH3iGreTjF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689626892, "uuid": "38ca2a1d-8c24-408d-b3d3-c11d8c22bbc4", "value": 396288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689626892, "uuid": "46cd2d13-e3c4-4755-bf7c-e629478e972c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689626892, "uuid": "bc501bc7-541f-464b-96fd-5c0b3a1f9f48", "value": "ad607f046a6f855f06d0e7b2cab189c1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e86d67ab-24e9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689629754, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689629754, "uuid": "cc9ff13d-8435-45ee-9952-8a46ce91d0d0", "comment": "Malware payload", "value": "6c956ff4a4f145724aa4077381087bb0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689629754, "uuid": "e29c1329-e8c9-44d3-8640-1868eef13413", "comment": "Malware payload", "value": "559561927ff9bbf07dcf3ca9f1822bf4c2b4356201f7977d1e9faf171cb9dbbc", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689629754, "uuid": "4a370522-22d4-4a5e-b98f-6dad94106aea", "comment": "Malware payload", "value": "d0cb953cf8f0ee6f1fb2f46eec0711e0c9250e75", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689629754, "uuid": "3ae37679-18da-4b61-a58a-9c4e19e0236e", "comment": "Malware payload", "value": "56dd13e3085c02744498b867c277ca63f6ab9ecf016e2db561637768f4e98936275510132b5be7a04c0a6c18a4c8d13c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689629754, "uuid": "f2ad55a9-6006-453c-8e40-f1c42df1303d", "value": "T19D840103A3E88477DEB51B7058F602830B3A7C925D7583AF239198594C73AD4E9727BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689629754, "uuid": "01f28f59-6807-4127-903d-9ecb0d9b544b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689629754, "uuid": "ffeb7aaa-9655-404a-a642-544fc3a76742", "value": "6144:Kxy+bnr+2p0yN90QEgkkWcnZNbQR5//Q925XUMeiCcHnlRHzwzQMBXPu/b9sg:PMryy90P/YAXmTcHnl9yQMBPuJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689629754, "uuid": "eaf9d3fb-ec74-421e-aa93-2324ace7e3b8", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689629754, "uuid": "b089f1a2-0eb4-410d-8a99-57366acd69d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689629754, "uuid": "a4e95846-b281-4d8e-8017-f490cae7d7a1", "value": "6c956ff4a4f145724aa4077381087bb0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ebfb53d-2467-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689573634, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573634, "uuid": "b096d9e8-ce1d-4a92-91b0-46e8268986c2", "comment": "Malware payload (Formbook)", "value": "fffbb2d96df10185cb18d347e43ea5d8", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573634, "uuid": "7d69fbf1-d468-4334-bd27-f26596df17c8", "comment": "Malware payload (Formbook)", "value": "55a6b20be94630f8f1ec81cc3788ad2734735a1090650a460b1a9f1efcfd6255", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573634, "uuid": "a42fedf1-11b0-42ca-8256-1d1fc5f43575", "comment": "Malware payload (Formbook)", "value": "9e010911b60c826e3ea5d925a31b45ac46946812", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573634, "uuid": "4b0c15e9-aa51-4c66-9007-cbb81d0d9684", "comment": "Malware payload (Formbook)", "value": "d31844024160c011a539d7f63dbf900ac2c10a72e00aee29aa1b67bc69bf41e3741f8e9211fa6dbc90ee1cf82505c768", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573634, "uuid": "c95aa199-78dc-4b9c-8c66-35d053e053e1", "value": "T1414502003A925B6EC27E5F7428C9573047B48652A273CF177A2CBEEB3BC1394294897D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573634, "uuid": "e1ee2a4b-902a-4432-9312-b9108053024d", "value": "12288:rd/xLlrLlMi293YX9sJ/CzSH2McOs/vlHul2n11bfygk8m+TmhHH:5x5x2eX9sJ/Ce5sX8sPb4hHH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573634, "uuid": "7601cdd0-6f61-4bf1-81ec-3bf590d1b576", "value": 1245184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573634, "uuid": "8d9c099c-dd5a-41b4-b90e-385a11faadbc", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573634, "uuid": "14a34338-854c-43ae-a4f2-8eb859c3aa7f", "value": "Attach Waybill Doc_3893624792 pdf.IMG", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a69eebac-2478-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689581110, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689581110, "uuid": "999da0f3-29b9-4ae9-8ad8-93a3f816d2a6", "comment": "Malware payload (Loki)", "value": "5771d1ddb22ecd1c9354ccf4566bf550", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689581110, "uuid": "9dc475da-7c35-40fc-afe9-120241e7752b", "comment": "Malware payload (Loki)", "value": "561298773e3378c79eb901e74870a3b9499fb7cde36fe39fd4848b0004496501", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689581110, "uuid": "ded7591e-573c-4e54-afd2-7b34d0148874", "comment": "Malware payload (Loki)", "value": "eb5fbe293ac898e8cc840d3af2d742abed8dea5a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689581110, "uuid": "dca65c26-a4b9-4373-8fb2-25214df17adc", "comment": "Malware payload (Loki)", "value": "fe53fb6e241a59a7ec63381c13a687406dbe3d56d3d81b06c1e46bb3465a580d09dcbabb7da7a595f336426aac46bd02", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689581110, "uuid": "e98fdff9-9d82-423b-92fd-acaa1fe58277", "value": "T1ACB4AD78503C8BAFEB5BDBB6E430255623F013531AF6D28C8CB6249F3E75724A1546B2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689581110, "uuid": "a8f4b775-f819-4300-9822-8e00b84afdc9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689581110, "uuid": "90d170a8-98c7-43db-ab23-4e205ff4f345", "value": "6144:+3rApDs7Iok+NmitBFMzoORgF3+RGxQ0wxROxaKdXnuBvEmeLgqTrNy1ESejL8Z:Wr9y/gK8GROxZ0E6qTrQaSejL8Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689581110, "uuid": "576fc8fe-ddb9-46f7-b77b-bbc7a4246c70", "value": 497664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689581110, "uuid": "0dd0d534-0c01-4748-8a7b-3677928ab4e3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689581110, "uuid": "742be1af-0f4f-47ee-b6e5-0cd61c6bb834", "value": "tRJILHg7zGyM582.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "58e30e69-24ba-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689609326, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609326, "uuid": "7295a7e7-59a0-414d-bec3-c8b21e857113", "comment": "Malware payload (DarkCloud)", "value": "f7824f67d9af08106ca9f6f02b3328df", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609326, "uuid": "01d1afc4-aa5e-4324-9ab7-2f08623721ae", "comment": "Malware payload (DarkCloud)", "value": "5778f12341d4f9b19e85cdaaa52eb0b04d5370fe6a1ef11c03133ac6b2df5810", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609326, "uuid": "24595e5f-b019-4f31-93d2-6dd7a6034e12", "comment": "Malware payload (DarkCloud)", "value": "6860268cfcbe0cdabbf2653921ea162c5054fb21", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609326, "uuid": "53f962e7-4069-44c2-b969-baf2c0651457", "comment": "Malware payload (DarkCloud)", "value": "20c859965521913725d96c2e0a2eea8fa643c63d54693e3277ce70be9f4b43442b93315f11eb7ed9908e5a2ba578963b", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609326, "uuid": "9620f150-d22a-4a7a-aa78-35eeb8372d67", "value": "T1BA94239F7D296486D8FA24AC41B8ABB580C45C3DF9199F08AD39F1DB94624CF007C67B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609326, "uuid": "aeb19e30-00d7-4f97-bcdc-74e733749c63", "value": "12288:SPLMNUQ87sl3V8pq001uKc+Q5wco/fGQU5:STSL73001uuQUfGQs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689609326, "uuid": "5dc7a11f-62d7-406c-8216-19fa7725b484", "value": 417262, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689609326, "uuid": "d4fcf850-8f00-4f03-b54b-9d665928c056", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609326, "uuid": "0a35f38b-9800-4c7e-bd21-091dbd83c7fc", "value": "PRE ALERT NOTICE.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11f1216c-24bc-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689610066, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610066, "uuid": "68deb1e0-9f2d-4a7e-8fcc-7ac4de44e8f0", "comment": "Malware payload", "value": "1a7a82baf7433fef1648fab4883b4efb", "object_relation": "md5", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610066, "uuid": "8e79b8e2-87ed-4ab2-ad52-31670bcc8cc2", "comment": "Malware payload", "value": "5813d925dcd7c0400e03a34781fce601dc87ff5e783f4ab8c80090a204794281", "object_relation": "sha256", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610066, "uuid": "fbf9d84b-7d5b-428f-a352-2cd025b87527", "comment": "Malware payload", "value": "d6fb12bcec58478207f3b1aa2060832296b4cb6a", "object_relation": "sha1", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610066, "uuid": "379f2b30-0863-4a0d-9e49-8d3803160dec", "comment": "Malware payload", "value": "ed3136fcc4ce4563bc35609a498c7ca95dcf4cb84a74771bfee57b26b72c0968d5f14297a54c6f25ceb5212d996ba73c", "object_relation": "sha3-384", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610066, "uuid": "8f112b95-fe0f-4967-a260-29637d2c1adc", "value": "T11354AE607F000CDDE305F0269A52B8E985C5AB4F7DC5C61568E9AA9928F4DF4BCF92C3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610066, "uuid": "6a4dcfed-1667-4243-b8ff-dc65a22302f8", "value": "6144:Bw+gjepGFwmKEFbthOO28tk+WM/Cx5mY0nbB6lzIcF3g:B7wmmKIxhOvI5D65YnANF3g", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689610066, "uuid": "e7143f1b-7e46-4810-b4b7-4fd3177530f0", "value": 282402, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689610066, "uuid": "67e55aff-d5b8-4700-ba10-9c4b732d35f0", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610066, "uuid": "3c91f5d0-173b-427c-9998-3e7bb786a944", "value": "sample.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7adbf539-2436-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689552690, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552690, "uuid": "ff4528fc-8bdd-471a-a4cf-846225c68f86", "comment": "Malware payload (Mirai)", "value": "e9fe597cff3e4ae5d65365fb011801f7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552690, "uuid": "2528bcd0-f516-4fa8-becb-03f3f1fa906a", "comment": "Malware payload (Mirai)", "value": "5a36bbbc93c6f61f7a4b48f064bbfb3575da7be3fa7bcb6f0aaffe044a8c47b0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552690, "uuid": "34860a66-07ce-43fc-8667-aef2f44bad7a", "comment": "Malware payload (Mirai)", "value": "213bb296143426aafc07db556249d46031b4aad5", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552690, "uuid": "4d924bff-ab66-4e68-83f1-2d33e1a70b10", "comment": "Malware payload (Mirai)", "value": "7f32de7eddc88980d6f9cb5a0a19da6eaeb4aaf7f4be247afa86eb52c7bf29e9968f21f0803f54d7a7087a46e9c0bfad", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552690, "uuid": "1fb621a3-ac83-4131-bfd5-d641b7d72bf5", "value": "T168E2E132E558DA5ADF9BFC304DA2D580F75807C12322888066CAEB054E3F3BAB75C9D4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552690, "uuid": "1343b3f0-9b9c-4d94-92dd-6e80e9b7c032", "value": "768:slji+ZwGPzjDXPBf6n7QSbsQsYaelG4MhQ4uVcqgw095:sWqjDXpf6b3seljMhQ4u+qgw095", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689552690, "uuid": "d6f84e03-4069-4974-a28b-5c294285b5f7", "value": 34052, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689552690, "uuid": "471f01a8-9267-4337-8ded-27232c8233f1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552690, "uuid": "28105bd4-1b13-4e06-9c06-178d6bd49d4c", "value": "e9fe597cff3e4ae5d65365fb011801f7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "128ca737-24bb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689609638, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609638, "uuid": "b82aa2ab-7775-4adc-a2c7-a44a837fc813", "comment": "Malware payload (RedLineStealer)", "value": "8e2fd66ea89d07cc85488c177aefc733", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609638, "uuid": "b7ad485a-5af1-4c00-b866-74a29456e712", "comment": "Malware payload (RedLineStealer)", "value": "5b6d6c1bf6cfc3f0c4b792a2416d52588c22701fc9484c7c0a40bfb75ced4c4e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609638, "uuid": "5061a530-c9fc-47b4-83ee-998563e740d7", "comment": "Malware payload (RedLineStealer)", "value": "70b4267f204f98421ec6b42dd51efdcb2251ef74", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609638, "uuid": "034a36cf-e4f5-41f7-8795-1ea207dc696c", "comment": "Malware payload (RedLineStealer)", "value": "3114d418b608d28ee8e1bb7c23afca227ea2267a1dd36c091d74873fb7cf949931d3e5f169257106aa1a6583212a1b63", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609638, "uuid": "b49398ed-7385-429d-a5c4-ec8ebbbadb9d", "value": "T19844BF6633A0C032D0BB5A3019759AA21BBF7C72177595CB3764163F0E70BD05BB939A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609638, "uuid": "ffa0e9f3-92c1-489f-afe8-624bb1c7dd93", "value": "189fcb3cc81a9771ead68c0464a642d8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609638, "uuid": "b42c925b-1cde-4964-a27a-1c873a219fa0", "value": "3072:tnx0FXihOFwdE8AoeCrO9RgdKPT2Wp2q+Yg2ZNCAx5zI:r0AIwW8AYdIPl2qbjZNCAfz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689609638, "uuid": "9fbf1125-6caf-4a99-941b-2634278e5c39", "value": 254976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689609638, "uuid": "4f66219f-8d6d-41ae-a18e-a8b70d685a81", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609638, "uuid": "3ce93bfd-fa9a-41a7-a032-ddcfc06ae670", "value": "8e2fd66ea89d07cc85488c177aefc733", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf0bd838-2469-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689574735, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574735, "uuid": "a3ad68ce-4cca-4481-9d71-a13d96dbf85d", "comment": "Malware payload (AgentTesla)", "value": "03b52383fdbc16cce0d0321df47f8cb8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574735, "uuid": "5d442969-b503-43a1-aca2-2eb41f336d72", "comment": "Malware payload (AgentTesla)", "value": "5be83ffe52e6517112f47fbda458f69711f7817f64520810b4254f467b0b6fcd", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574735, "uuid": "13b51309-b43e-43db-a5ba-7bc23f492ca3", "comment": "Malware payload (AgentTesla)", "value": "5fa1735dcdb616d3f0c7adec5c6d69e12e300492", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574735, "uuid": "94c0c955-63c2-4ae8-a0bb-ea9436ae1e92", "comment": "Malware payload (AgentTesla)", "value": "51158755d3e0e22ff838688f7b4a05a9884667b0c2a729fddb314c7316517cee2d27c0e24c6060756e264eaf9ad850d7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574735, "uuid": "b76f2cc3-4d54-4105-8537-fd4e8d39c785", "value": "T137C423A1280F15A89B679EE1C723548FDC17BF806B31F1279C80DA55FABC9B806517B3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574735, "uuid": "81ee9731-17ff-49f8-a7c6-0c424fca2dbc", "value": "12288:syLztH25YdfxOcWGjUk0ZvGwU4M6iSgfEhUmmVdwtDwJam9h:syLRW5Yt4cWMwli3fSUmxtD8f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689574735, "uuid": "27bca434-8688-4837-aaf8-f99bdc6e1e15", "value": 581312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689574735, "uuid": "7c220ad7-b592-4e63-906f-2c7923be032b", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574735, "uuid": "78e1e97e-14e3-40d5-a88c-bf59578e9ab2", "value": "PURCHASE ORDER.pdf.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4b7a7b69-245a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689568072, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568072, "uuid": "00bc0283-93e9-4e1d-9496-822fc792a30c", "comment": "Malware payload", "value": "01415eec4f4b8a3164d2ae1608d8872a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568072, "uuid": "2ab3a0a9-0379-47e8-ae12-6ed88030f5b2", "comment": "Malware payload", "value": "5cd6a707f12450e3effde9db7b4e4d764dd907522995ae9e9964a064d1d9eff2", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568072, "uuid": "82efbcfd-50a8-4a03-9fed-a0d46cac5958", "comment": "Malware payload", "value": "59af6aa4bf2dc572f7303a9a3bf3ab3437abe95d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568072, "uuid": "736490c5-0fa7-4605-8820-bdc5bb237348", "comment": "Malware payload", "value": "64bd5b8df394a8becf31fb63ab0134c78307c8b0537a1cc614cbdc7a6947aa9706fcc552f240f668f0086b890b47baec", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568072, "uuid": "6014ded3-ae0e-4a96-85fd-ef4893e5317d", "value": "T19C326C7EE24B02E6DF7E0ABF11CF685D0D356231031814E3C79744095E91EE6BA32A83", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568072, "uuid": "79f04824-3723-4622-9abb-08fb9f86bd53", "value": "7fd46a7f56c0e23d5f7b090d08198d6d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568072, "uuid": "3dcf0020-5987-41b0-9a64-a20221c689cc", "value": "192:qIZ7O78X3nmVE8X3pETtXiA3KkMv6EiHTZreQcLsjNk:qK7uL28ETtBkuTZreNLsj2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689568072, "uuid": "24632688-5e79-43f4-9a4e-093fe76141dc", "value": 11776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689568072, "uuid": "7e21dd5f-7300-4bc0-bef3-c18f50905df0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568072, "uuid": "6945a900-678d-44c2-908f-0b07b613afff", "value": "SecuriteInfo.com.Win32.InjectorX-gen.24751.32575", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c10e12a-24b1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689605520, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689605520, "uuid": "5ed57cc5-59e7-4193-9b22-bf0ce266e67e", "comment": "Malware payload (AgentTesla)", "value": "2c7053b3f38ce4121cfd3a203360455c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689605520, "uuid": "3ab3245c-4e6e-488b-a2c8-a736617a86c9", "comment": "Malware payload (AgentTesla)", "value": "5fcef5ddef0a34f70e1e879e60868a8bec88ccd0071a9895961172f3a9c6601f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689605520, "uuid": "287da2d8-0450-4e69-95da-da872059c902", "comment": "Malware payload (AgentTesla)", "value": "d802f87aff8fafdf99e2d01ac3a6b2e6c9623747", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689605520, "uuid": "a144b000-d83b-4bc3-9cfb-80a2d133f8c0", "comment": "Malware payload (AgentTesla)", "value": "9cf075de9282043bc49b239b907bbdc42228a11d59586a84cc4917b83e06901667970e9898e6c21f19eb47ab3e54a207", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689605520, "uuid": "240e2544-0c6e-43be-9d0d-48f763463d3c", "value": "T14DF3386992C94CD1D73C4074D7B1116ACEB2B143A657E75D0EA0A8FA3F0A7C3362AC67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689605520, "uuid": "7b164ba5-7196-494c-a034-8452f8d58491", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689605520, "uuid": "9435362c-8f81-42a3-bc38-79dd3f22b97c", "value": "3072:2a7D+pjw0DWX53V1P3vntaKLjPJT+ZlXHr/H57KHEYSnP6pIao:T0iX5XfvnfrJq3r/B8ERP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689605520, "uuid": "340eaf1d-ab2a-4209-a780-e8b8f0432bfc", "value": 168448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689605520, "uuid": "934a996d-b5a3-4ab2-9b3c-5053799c484f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689605520, "uuid": "5e17fe6f-ce17-4256-9eba-ab8d0a45ba2f", "value": "16896055185d3e506c634c6c0aea410769092152676d42fea8e0c2bbb05b2b8dc482ab7555894.dat-decoded", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "560c2686-24bb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689609751, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609751, "uuid": "18df2979-5bc0-4773-acea-c890fa988fa7", "comment": "Malware payload (AgentTesla)", "value": "df8bf1421a9a81e46261a0497e1633a6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609751, "uuid": "aea2fc41-44b0-43ca-9647-74da8bc9767f", "comment": "Malware payload (AgentTesla)", "value": "6043022180880a41f1a49a0c9eeb4a81b151d14705d14409a96711ee65f40e24", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609751, "uuid": "355bc232-39e1-4c42-ab99-bbb66f8001e9", "comment": "Malware payload (AgentTesla)", "value": "c0f0b8fa4b4a88dae1ad731fd230fd76730e8f64", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609751, "uuid": "56779419-1894-4e44-b05f-f6ec70d8f537", "comment": "Malware payload (AgentTesla)", "value": "b74ec4b74eb6d5e6c691d131be277b3cef8d46a2be3b549bd9ad30e363b0d4ed947c9d70e716a0d4c080c2a75b54dae9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609751, "uuid": "89d660f2-cbe6-4b77-8ffa-dcb9988dfa02", "value": "T13DC4DF39503C87AFEB43CBB6E435255222F013925AF693DCCCBA215F3E79638A0545B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609751, "uuid": "76c36f4f-7048-4dcc-9e7b-4f8f195d504a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609751, "uuid": "9e87f95a-cdf8-4636-bf85-b20388a29a51", "value": "12288:/qTrQaSejL8ZJ9Bvlew2Dp29MetNvavPg4tmHhWDBhePZJeTbyEx6Ad/m5nvB:/qTrQaSejL8ZJ9BvUVFerCvI4MhWTeB9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689609751, "uuid": "52220b47-a6b5-4e50-a523-614e678eb4ec", "value": 579584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689609751, "uuid": "252669b4-f67e-4c46-9efc-9a3401dcb3fb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609751, "uuid": "ce46e8e3-2db4-41b5-90a3-d54ea53b1b1f", "value": "Shipping document.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bbc01375-24c7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689615076, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689615076, "uuid": "e2d5860e-100d-4cfc-b695-a30b00f69dbd", "comment": "Malware payload (AgentTesla)", "value": "7e6a2a64c4c0a4fd519f3e6a1850108c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689615076, "uuid": "582d6167-aa28-45ed-b6bf-0e1729eba97b", "comment": "Malware payload (AgentTesla)", "value": "604c52301a76a47042112a3a7fca37f1c6c205a0888a6e28c5555406c55b2279", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689615076, "uuid": "1ecd0b80-f325-4916-a38e-f905bea0022e", "comment": "Malware payload (AgentTesla)", "value": "6ceee9756402f74d4a89d45f2393c5595f4e6f48", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689615076, "uuid": "92b97605-a332-4188-99bd-f495c6b85dcf", "comment": "Malware payload (AgentTesla)", "value": "612c977f97b0cc1ccdaeddca6897f361ef9254bcbb80d7187ce0f326fcbbefcd31d7f66ea753291defd1d26c34f55ccc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689615076, "uuid": "034ed216-8883-4b65-aada-887af8ea82b0", "value": "T10B05BF15B58C6BF0E43BAB35942445940BE3AC539A9BD34D3ED939FCC9F1B80A928713", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689615076, "uuid": "bb36068c-fc3e-4eff-bcd8-732c82b402ef", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689615076, "uuid": "679eb03e-b197-45b0-aa1e-debfbffdb995", "value": "12288:avAzg9S6SolylSx1XqBvTEP93SqMLVEbBh+YHI5wvRXJc90oR55KFe:qLuvoP9i/4hfI5oVJcOoR5E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689615076, "uuid": "8cf7d2f0-8a4d-4ef4-acda-e3985abe236b", "value": 817664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689615076, "uuid": "d77de425-2d79-4b24-b49b-123260b042af", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689615076, "uuid": "fe735d5b-c9d2-4fac-b822-fcb7501f5132", "value": "SecuriteInfo.com.Trojan.GenericKD.61612882.11957.6007", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cafa67b3-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689594915, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594915, "uuid": "99896f3c-26dc-4bc8-a38e-b792e2e3db66", "comment": "Malware payload (AgentTesla)", "value": "f3b8cbd27526148e619ca2df09b1a169", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594915, "uuid": "60bb3c6f-11f5-48f9-bbe4-004db9a52489", "comment": "Malware payload (AgentTesla)", "value": "611590ea7b864cd75ccd593f6316da229de530f3bd32b6bcd8f7a31f1f7c6cda", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594915, "uuid": "f6ca5a74-9a6a-4791-9f9a-deb30b5231ec", "comment": "Malware payload (AgentTesla)", "value": "fee86052cbe9342fa8295f170499fa6c666b1134", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594915, "uuid": "7a336a0b-6ff2-4758-b4c7-ad864d71cade", "comment": "Malware payload (AgentTesla)", "value": "aba28a710d5ed35cdc17685ddf81abb912f4722087a3efc4cc3c4090576c3aadd9430a102e7024b0afd4819a12f6f6f4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594915, "uuid": "03269ea9-6196-4e1e-8a5e-3ed63ae1c69c", "value": "T1D945010077F84F16E0BB8BF29620123047F67AC77973E2056DC675DA4BA5B804A26F67", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594915, "uuid": "92506846-32c3-429b-afb7-705573920a4b", "value": "12288:L7y3YPOJZPe+5/XzaD/qxhM4cEaDb93OdB6XfvKsEEv+by+k8rkPz:q3ze+5/XWbhT31ABMfvKVE2bm8Sz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594915, "uuid": "c3650322-78cb-4eed-8012-34a50780f33a", "value": 1245184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594915, "uuid": "92045448-9105-4036-94e2-244a20cd1a9a", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594915, "uuid": "6b69ab62-f4be-428c-b86d-0db917ab8480", "value": "2363104503_4202741358 - Tri_H20_1.img", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2136cef7-246a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689574873, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574873, "uuid": "0a6bc81c-732e-4aaa-a484-aed0815750f5", "comment": "Malware payload (Formbook)", "value": "b8ddf34d07ec30907ca475fbedc53d82", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574873, "uuid": "680470d3-c01d-4f30-86be-c820a81bf656", "comment": "Malware payload (Formbook)", "value": "611bbfe30cd9bdf137637839792be1792e8514c5612c699c92b52660bd9b31f0", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574873, "uuid": "8c566cce-aded-436a-b9e8-a94a50bcda3e", "comment": "Malware payload (Formbook)", "value": "51705fead0b2e22ae1a07e20c9fc765c88eb200a", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574873, "uuid": "31ff1778-0181-49c4-9009-606dd0a1b131", "comment": "Malware payload (Formbook)", "value": "34ef4c8be9136e53fe8ea32bc33fdbff67f37147dffb1bf4c1e38321571c837a7252cb65575276eb12206680f6d06d0d", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574873, "uuid": "1a6c94d8-b1e7-482c-90a6-02483eecefc5", "value": "T1DF44237CFCEFDD5D79698D1C86086D6A8227D2D312C5DAEE3B9B00E2B46628D0B25D00", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574873, "uuid": "0bbd2c01-f8a5-4cd4-918e-67682cb4c240", "value": "6144:vIA/+2uRNGCMdAul9mkEWrVUW30fJCUwc0KUaXN3hq+Mr+:NmfMyBkzV/kfJRdUaXNxq+Mr+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689574873, "uuid": "032c0c9c-69fb-434e-8f89-3058d9758805", "value": 270943, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689574873, "uuid": "4a27393a-e277-4940-8355-0bc4f3a7960a", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574873, "uuid": "101fc572-b59a-4ecc-8ac7-1d0cb9a43a30", "value": "TT payment.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5837ec7-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689594933, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594933, "uuid": "34dd2ef1-c1b8-4ee5-8c02-649f1ba8962e", "comment": "Malware payload (AgentTesla)", "value": "8747dc98a1944c84ab40d7d20cb98a65", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594933, "uuid": "ef2e78b2-bb53-4739-97b4-031c1e6be57d", "comment": "Malware payload (AgentTesla)", "value": "6122fad51c6e4606af416e88b5ba408e85b5979d0020bb3f2b430d5f7795fcde", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594933, "uuid": "1580a563-31bd-458f-bef5-8b6b2de99a77", "comment": "Malware payload (AgentTesla)", "value": "3c6f10e44ad8e8c3a01d8541864e06d5b6f15f27", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594933, "uuid": "dba74734-bfe8-441c-abe7-e847bd815746", "comment": "Malware payload (AgentTesla)", "value": "c27114a533b6cc3d7aed9626657a0caa4da12bb6461eee4579c9e9901cca7ade423fa52a51ac6d211803b102b6937b43", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594933, "uuid": "f58ffaae-ad3d-4116-b422-ebf5f4b2e653", "value": "T1CEC423163F527F58807ACB042ED28436B4CDB3BF2BA0497792AD0DC8D15D1C73D965AA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594933, "uuid": "1e06c71f-45d8-40a0-b14c-9774db09f4b1", "value": "12288:9jtolfsRDGKO7fJEnlN1pTxwwCGjFWT3VSTJXFX+vvI2xvC2vq0j:XosRST7fgH1rCWFEVSfXaBxvCaj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594933, "uuid": "c7bb4419-ee6e-4b86-9c8d-96e9dc1ef14b", "value": 555777, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594933, "uuid": "cdeff165-e701-44ab-90c3-bbfb6fdd029b", "value": "application/gzip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594933, "uuid": "bf677ae8-7bdf-42e1-91c8-1daf7cf29b9c", "value": "DHL Express - AWB 656071303_1.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b69c990-24f7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689635530, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635530, "uuid": "83a9d46c-8e42-4002-bad7-ed2b0a98cc48", "comment": "Malware payload (Mirai)", "value": "d8e64189bd75d8bcc4320bd06aefc666", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635530, "uuid": "3695b43c-11e5-47aa-abd4-cb5d8552843d", "comment": "Malware payload (Mirai)", "value": "647bca8f348fa4e1a47065e459ec4baa1e2bca87da77e98d9a3ff877f7fc986b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635530, "uuid": "176d7a30-ecec-4a0f-abb6-d9823fcf59d5", "comment": "Malware payload (Mirai)", "value": "07e16a04bc9bee58a59bb2fbf9f1d3b463474c6e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635530, "uuid": "7abe7861-ade5-4e01-8e70-7123c9cd6c04", "comment": "Malware payload (Mirai)", "value": "2bce93fa827ef4c7ebb4f9a4a6150bbc015860613c4ed5d7ab7b1d9e70364ec94e32bba40d6d411390bab034348cabac", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635530, "uuid": "27896d00-a92e-48d0-b7ee-6e676df9c4c5", "value": "T186732A26B97A1E26C0D4B57E60FB8B11F6E1278E26B4C50A7D720E5EEF147006502EF7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635530, "uuid": "aee9665f-e4f2-494a-bd15-f569ffbfa693", "value": "1536:hD/B6f6UD5hAS7mo0DCCAXpSKV6v3G78nN9Wl:927jqCt8v3GI/K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689635530, "uuid": "0ffd656b-a51e-428d-9b10-cd0046dbd760", "value": 74752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689635530, "uuid": "53dcecb5-60c1-4d00-9517-3a8d32a31137", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635530, "uuid": "a8707fa0-2356-4109-ac9e-cf3c975bb440", "value": "d8e64189bd75d8bcc4320bd06aefc666", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "466a5832-24f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689634206, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689634206, "uuid": "5a83a3db-882f-4485-8219-8b5ab35a17fb", "comment": "Malware payload (Mirai)", "value": "edb6f46b89912f5d13cabd498c4e042e", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689634206, "uuid": "75f0e6a4-9c84-41f4-b282-c14127af6fad", "comment": "Malware payload (Mirai)", "value": "66bfc448509420208736b3949bff2a4fc5d58130132a33cd245d0611a497768e", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689634206, "uuid": "08a4cb29-6582-42f3-81d6-9a74aae38139", "comment": "Malware payload (Mirai)", "value": "5e28ef94b4e60c078784e3200bb1fccbd1d849ee", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689634206, "uuid": "601d3e44-341f-4187-91bd-943456a0a107", "comment": "Malware payload (Mirai)", "value": "d913fa6fd3ef2e4199db1e19be10ffeac2252daed18cce609f94aac696a1517f835ef35218e5c4cb24e53e68374a90b2", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689634206, "uuid": "3a8231cf-fd73-4b34-93f8-b6a3d80d3be2", "value": "T11BC2E0695228D472A0B44836FDBF01036735CEF8DAEF362622144734E487D2696B4B4B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689634206, "uuid": "17d6acd6-13d7-447c-9e77-c367b7dc067e", "value": "384:KBH2HEdV7UQDoYQHXxcjllK5+AWaFmK0MF9lz7X6AGexXVzonBY6plNFrhymdGUX:byNUQUfhQllxlaH0MFjlOnGsfs3Uoz8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689634206, "uuid": "65fc6e1b-27ff-4831-a655-a1c0cddb7f24", "value": 27344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689634206, "uuid": "735eef01-ae34-4f80-830d-b48f3d7216c4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689634206, "uuid": "42bd6806-e2d2-42ee-9446-3de71eebd37a", "value": "sora.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "adb23be4-24f6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689635238, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635238, "uuid": "94884497-5db9-4e06-8fab-f4512e1f995c", "comment": "Malware payload (Mirai)", "value": "e8c66f8a00c24169c44890fd22a42544", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635238, "uuid": "66b6cbbd-a0aa-45f1-ba33-c3e4e8536878", "comment": "Malware payload (Mirai)", "value": "66d5d612cdc584176eedcbc13e430f11237ee53d1b5bd7b038d8137426d8c2fe", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635238, "uuid": "a0e9ef57-05c4-4bd7-9ff3-d94532f05a65", "comment": "Malware payload (Mirai)", "value": "8a52052b7f157e4426f83fa38bb19ffbf4562f2e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635238, "uuid": "2a5d4b96-a918-47e9-b628-01fea1130c65", "comment": "Malware payload (Mirai)", "value": "38a5a03039bc1b06b3cbf2fb31dfd25b2b917ff170571de33c197c8c76ce9a8106e0b11d9e808b78b9c7e6a92ea59310", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635238, "uuid": "e64cbe78-7db9-4c9b-a621-e54a3a447209", "value": "T198C2E150D1B62DC6F7366E502B79C1C177B00E9FF777CC922958AF0404A721B4705AC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635238, "uuid": "db09df4b-70fa-4e35-9834-a4a7e32628bc", "value": "768:AG959yM0HWubJsWDYcGTQo/4uVcqgw09S06:OM0HRJswYcGH/4u+qgw09S06", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689635238, "uuid": "282bd777-f4c3-45cf-b403-748db3885ff8", "value": 26232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689635238, "uuid": "9d5c0f43-7708-49c1-ae6b-b26a4f1bba73", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635238, "uuid": "f36067a3-02f6-4050-884d-db48542cb379", "value": "e8c66f8a00c24169c44890fd22a42544", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "528f0260-2484-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1689586123, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586123, "uuid": "b47379a8-3383-467d-952d-d6f2bfefe824", "comment": "Malware payload (Rhadamanthys)", "value": "2ee4b1df29fe85c016c84d5855b0ec9f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586123, "uuid": "0229458e-ff72-4517-bdc3-c392a6513415", "comment": "Malware payload (Rhadamanthys)", "value": "686f9d8e29ba0fd3e4285ecd2f85716bea5be6c3b6571c955c9f6ea9274dc9cf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586123, "uuid": "5ca32f63-e722-4bb0-992f-86723e174b0a", "comment": "Malware payload (Rhadamanthys)", "value": "3062e6dab48c12c1b66c63813f20a0fc86c79966", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586123, "uuid": "d34400f9-0fa3-4ded-8c64-9c9c6b2dc8a5", "comment": "Malware payload (Rhadamanthys)", "value": "7eb5c4ecfbc9d2c47a8e10f55f51f102dfda623c7e659547a9420266e530b9dd4931961ede68c4b6e4ef0e9a3d093459", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586123, "uuid": "97357674-2cbe-48ad-965a-dc41782d41c3", "value": "T19A259D52399B85B6DAE120BD06DC652C084DFFF0036290DB65ADCADEC2207F51E36ED6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586123, "uuid": "c5148eb8-e672-41a5-bdce-f791454baf47", "value": "1bc1c4b914e9ea42a3ab5d27158f0056", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586123, "uuid": "3cd8f0be-85a7-458f-9036-2010f96ec0ca", "value": "12288:aExUboCrf3E1zPXkbaEGJmtNjVu2q8OqdCB5GDdSUHrCAZWgAYhaoa6Wn4jfHh1:a3skbXG+NlOqFeA/BO6W4jp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689586123, "uuid": "4c88c04c-c888-43d1-ae64-2fe0ed247e60", "value": 1040384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689586123, "uuid": "6595abc1-36e4-4c84-997d-47a13a02e94d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586123, "uuid": "fda4c793-3251-4545-aeca-9f12d2198759", "value": "2ee4b1df29fe85c016c84d5855b0ec9f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd9324b5-248e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Gh0stRAT)", "timestamp": 1689590705, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689590705, "uuid": "e3dc2222-20d5-40ed-8d3f-99f27e050b12", "comment": "Malware payload (Gh0stRAT)", "value": "15657565db569d1aa879e194dc00de93", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689590705, "uuid": "34174952-50b6-4662-87e4-57a99ecd0398", "comment": "Malware payload (Gh0stRAT)", "value": "689a0efe9b555bb7af55921445265076008b6f5e400587b2d40268220bb6cef6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689590705, "uuid": "9d16da12-6de3-4e18-a08c-313c916914f0", "comment": "Malware payload (Gh0stRAT)", "value": "9014d598e0e2d6567bb33e8cd23b9cdcf520ed35", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689590705, "uuid": "5ac58117-c15e-4b73-b289-3c8f380af33d", "comment": "Malware payload (Gh0stRAT)", "value": "71c8e87f8bef6a8a8d29e98fa1a458750aecaf67a2bfb571b743f833419ed1412000795ecd624f669c75fce410449caa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689590705, "uuid": "c41ea3a4-97ed-4d93-8678-133db7307396", "value": "T1FBF5B51181611825CE33203A585F5B78133F5C5DA6A311AE6BB97BB06FFD3829B63DC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689590705, "uuid": "bc259c4d-7bd2-49d5-9e05-28622402934e", "value": "7cec22948b172152d065f754eacb7288", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689590705, "uuid": "fc0fec72-bf25-4403-92b3-3e2fe500e733", "value": "49152:qsmmparkOxyvT+yzUJ6Ya+AvTLaa6n57WA8J5:3kxtx/aR65T8J5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689590705, "uuid": "3f77cd7a-fed7-4041-9b09-f4880cacec2b", "value": 3561472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689590705, "uuid": "66f17fc2-95c6-4480-bbfb-a71e4b61f194", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689590705, "uuid": "0911f2f9-7c87-47e2-ab01-347c3084767d", "value": "\u62db\u80588000~10000\u6025\u62db\uff01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dcd39fb4-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (HawkEye)", "timestamp": 1689594945, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594945, "uuid": "e914909e-6344-4936-8b8c-9ddb19bb05cd", "comment": "Malware payload (HawkEye)", "value": "d040f34bdaa915f32fbcf590294342ae", "object_relation": "md5", "Tag": [ { "name": "HawkEye", "colour": "#E7159A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594945, "uuid": "1ac1850c-8dd3-4431-a707-b7b1e2d87a1d", "comment": "Malware payload (HawkEye)", "value": "6ab07615a85e25ea9cf1213fcc0c55f7e93928b87b31399dfda4331ebdb205e6", "object_relation": "sha256", "Tag": [ { "name": "HawkEye", "colour": "#E7159A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594945, "uuid": "4a30d156-1612-4410-a796-335b6aeb21ea", "comment": "Malware payload (HawkEye)", "value": "f25d82e2fe30a0bfede04eb9a8879e48c5af3edf", "object_relation": "sha1", "Tag": [ { "name": "HawkEye", "colour": "#E7159A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594945, "uuid": "beca7d9f-bc4c-4c3b-80d8-c742728de29a", "comment": "Malware payload (HawkEye)", "value": "2898f2864376061b8e4ef9982eb02c094fb066a072741483b527d96307733a6c5c4881200c7693ff10dcfe1542a55d91", "object_relation": "sha3-384", "Tag": [ { "name": "HawkEye", "colour": "#E7159A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594945, "uuid": "42ea945a-fe54-4f18-86ab-45fcc71d36da", "value": "T1D3153311BC6B26343236C91F5BFF4F1E6D295A5FB59324800F2418E1FA2B97254B278E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594945, "uuid": "2a2a962f-88a4-4e96-a0b1-25d35baa0a59", "value": "24576:36XZEBfv0bYC8uqeVSFZ4SUk+ES3w/GVL0uz4AO:gE9v0bYCRzkFD4L0uz4R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594945, "uuid": "06d4671d-c845-46a2-b87a-501d88a9f1c7", "value": 906085, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594945, "uuid": "227b5f1a-c545-46da-916a-c40e2bd44323", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594945, "uuid": "37829294-ccb7-419b-a246-6c13f0b2dd19", "value": "LPO -Comfirmaton Order Pdf_1.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71a5d339-24d6-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689621394, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621394, "uuid": "7a319d24-191c-46db-a9a8-205b38be6453", "comment": "Malware payload", "value": "8463584120defd7d30724e6fa5ac3c5f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621394, "uuid": "9421c263-5347-4088-b46d-b92a7ec07a69", "comment": "Malware payload", "value": "6b8687e4a9ec832619d1e0477cc54e1709e25251c79571e697f6b43c4785fc29", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621394, "uuid": "095de8f5-2199-4ac9-b5a6-ace3881edeb3", "comment": "Malware payload", "value": "82a7b4f679df09adc6779417887892f863a34619", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621394, "uuid": "ef8eb436-99fd-4b9a-88ea-b520b237cd2e", "comment": "Malware payload", "value": "366e1fde6ecf7f41c66e326c7f567632d3815c35a1f26d4a0e7b447a47a375d376a48402aca1561b55a164b36b742f9d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621394, "uuid": "1d68a1dd-3b49-4a6d-ae78-12c8646810d2", "value": "T1C9E2F9387BD72C72D27B9EB545F79186B936B8223A254C4E68CF33848D73792AC4144E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621394, "uuid": "24d5e357-e8e1-49d3-8ef0-652a75954ce9", "value": "021d5e7849e90fdf4c65d3045c109483", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621394, "uuid": "9e3cef62-8427-458e-b47c-7e909f3a14b7", "value": "384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfLg9P9KvT:bgX4zYcgTEu6QOaryfjqDzg9P9M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689621394, "uuid": "98c34d69-5908-4fad-92b4-6e103bfc3098", "value": 31880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689621394, "uuid": "78bd44bf-50b2-403d-87e1-0792fffa466d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621394, "uuid": "0ab88677-37d1-4c3a-995b-270c1d41569f", "value": "D5CD8B7D.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c9da3b1b-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689594913, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594913, "uuid": "0bbe6362-c51f-4c0f-bd49-b39ff7bd8c10", "comment": "Malware payload (RemcosRAT)", "value": "57d964f56ac783726209f5f55358f56a", "object_relation": "md5", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594913, "uuid": "9533d846-52b6-46d3-840a-8b5baa7a68e7", "comment": "Malware payload (RemcosRAT)", "value": "6d4f5114d2eb2f55956cd301c9313aa143942d7bb5e2b1dbba80461886be5e24", "object_relation": "sha256", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594913, "uuid": "d286c024-d664-4023-976d-5288df85a27d", "comment": "Malware payload (RemcosRAT)", "value": "140ef4061726738946668399909ad02baa2f2e8a", "object_relation": "sha1", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594913, "uuid": "bb8a4844-ec3b-4866-af1a-24dc3e2490de", "comment": "Malware payload (RemcosRAT)", "value": "5c14555709a9473985eb0e1be4ae3c973d8a94a24b8fe9431cf0a41aabb99c5ce0703deb0da16bd80242aaf835b7581f", "object_relation": "sha3-384", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594913, "uuid": "5fdf1727-be7f-4138-8bb0-92a1b3e7d09e", "value": "T1C6A4230EDAAC3CECD020B5B7285B48ED8D3358596E71D0CEE46214453ECE5D66CA4B9F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594913, "uuid": "4e0ad859-7f6a-4058-aa10-a0a93d74fe3d", "value": "12288:AUYY7lBFiV7scSVAJBJbu4RnL6BdlJLT9a/O21AxH:A27lLiFs3VAMw+Xd2O2KF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594913, "uuid": "d09bf50d-e4ed-4843-a614-c09ba8eb28cb", "value": 474870, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594913, "uuid": "2a84c261-27cd-4cad-86de-958fad00ab16", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594913, "uuid": "edcd5475-d493-4dda-98f3-e8f9cd355fd8", "value": "2023-17-07 PDF 30127783946000762.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "457c4635-24f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689634205, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689634205, "uuid": "b601ec9e-38f8-4d00-b3f3-a4acf52ac5f4", "comment": "Malware payload (Mirai)", "value": "61ed532101dc9323f37a47c5edbb4a65", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689634205, "uuid": "b82b6a98-06e1-4a9b-a75a-850cabd2dbc2", "comment": "Malware payload (Mirai)", "value": "6e0c3b190759f39628dcfb4217d9928490d0ef9f436d78d1533c4bbc5c8dfe8b", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689634205, "uuid": "a09fba4b-3572-41ea-b399-19ce9a4ed45a", "comment": "Malware payload (Mirai)", "value": "85a7aaf221f0744b04b55d4d09132bbb391cc3fc", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689634205, "uuid": "f49df72f-8687-49dc-b1d5-d36aea2b5910", "comment": "Malware payload (Mirai)", "value": "ec391e80f8f96586eb4cb718fec954dfcc85a618057867360ee452d48e25632a1f8ee7ad874e9c3e26e1aa5afe581930", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689634205, "uuid": "716aa8a2-b9d9-44f6-b814-c02b58ff4d62", "value": "T13233F1B6529B9D72C67052BB1129949D64062738E3F6F00357614470EACB2F39AFE7C3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689634205, "uuid": "ebac9842-1a24-478d-80bf-38d3fb032127", "value": "1536:3CoqsGR4eB3g0Vmh1IxIpC8JNL9VE8amFZP7R3T:Soqs2Twh6P8JNLJ9ZP7R3T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689634205, "uuid": "7011bf90-e10e-4aeb-9de3-98aa1e8c0f3f", "value": 51444, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689634205, "uuid": "39e5e843-c180-4882-a73d-02380ebf7448", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689634205, "uuid": "733ffe20-f1a2-4e87-8a70-baceff384e34", "value": "sora.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5147a77-24ba-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689609562, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609562, "uuid": "97d9ab2e-f4b1-442f-beb9-276bed32ecb1", "comment": "Malware payload (AgentTesla)", "value": "26d9abb5e3dc3445cc1529e05ebfa548", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609562, "uuid": "9eafd201-f468-49ac-a358-4b0af00eec44", "comment": "Malware payload (AgentTesla)", "value": "6ec18d3df48468e9f95e818dca6b93f9b04f9786646670f6bdc721ab182860e3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609562, "uuid": "9e6d8509-f769-4e3e-bb6f-ced29f3f0b39", "comment": "Malware payload (AgentTesla)", "value": "801c8672a0c6aca96442662a40fe3b28cd32a379", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609562, "uuid": "ace7243c-32cd-4ffd-bd98-b6d1a843e7a1", "comment": "Malware payload (AgentTesla)", "value": "2b217b29924d3c18ff5f9b8fe9b12705d18d50f0a6271d5b904a523e829cf054079b6be48f458c2e22dbc118ea0b1565", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609562, "uuid": "0b8daa9c-2b48-4865-a9cd-3d064ba33903", "value": "T1C7D1B60077E48B32EAF20B71ECA387416379FB955982DF6F3C88560B6D427840A627B5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609562, "uuid": "fe0148b4-3b46-4e9f-be11-6e9dd4ff9a9a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609562, "uuid": "f9823267-4da8-4282-b1c2-7e2bb9d22234", "value": "96:sqFkTIQZt1p/Nh+dBFj4tBlvjPGWf7ANtduzNt:6zHp/H+d34tBRtjANno", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689609562, "uuid": "59a9d50a-4aeb-4ce5-953f-cdde9cba3946", "value": 6656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689609562, "uuid": "0b714425-cd8d-4d6c-acae-f60b3e6e9c03", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609562, "uuid": "46043fce-8290-49ac-9e5a-cf1402fd44b0", "value": "Purchase Order. 17-07-2023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b19df0dd-249d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689597020, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689597020, "uuid": "cebfd67c-895c-41cf-9a60-994756b60652", "comment": "Malware payload", "value": "2c859c544780a60d19cfccf0d8c00e51", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689597020, "uuid": "e0ae0350-2094-48a3-b4df-1d7ed35b37c5", "comment": "Malware payload", "value": "6f548d36bbe741338d296ab96d5838f95d6b23ed0b79dccbb4d4e188b19371ce", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689597020, "uuid": "c0f4b3ba-041d-469f-b6b0-60cc614201d7", "comment": "Malware payload", "value": "d2d6094615905f579b69c7ed67c12648de69cd71", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689597020, "uuid": "1b68f5dd-bbb2-469d-88b4-b160637da743", "comment": "Malware payload", "value": "6f1a614cd66eb5ff53362dabb81063d8fe8c956216bacf36876a3b21cea73d6a7c794cd099059d0aba3d8ff7cb0637a9", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689597020, "uuid": "61a2bfbf-c920-4824-9aff-0f8c57231075", "value": "T1F5528EBEA1CE65A1EA7B0BFA168F200D56257271035849F7668305094FC0FF6F922BC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689597020, "uuid": "dbaffb57-b4a9-43a6-b1d6-22e452eb31dd", "value": "7fd46a7f56c0e23d5f7b090d08198d6d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689597020, "uuid": "01a8608c-1315-4561-a672-d10e893ac93a", "value": "384:dK72tu8/TtJLQb5z8T5abu6KaeCOOJhDyS+/LH4w:RnTtVQ98lfiOsDyS+/l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689597020, "uuid": "909ca141-7f54-410d-a070-434813c565c0", "value": 13824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689597020, "uuid": "50367518-dba6-43b0-85c0-423622892473", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689597020, "uuid": "41ec963a-cfd6-4982-bc87-59562f5d7ac6", "value": "SecuriteInfo.com.Win32.InjectorX-gen.1547.30832", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1fd6aa48-24bd-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689610519, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610519, "uuid": "05bf4f55-ea8e-4551-82b3-0cfecb1c37cc", "comment": "Malware payload", "value": "e07dc3ac68e7bfb5386fdfa2b1b4d4fc", "object_relation": "md5", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610519, "uuid": "3cad1591-eb5f-46d6-8cae-366ae364120f", "comment": "Malware payload", "value": "6f6408184ce239352d2600c9ef0d7d093997f7a6fb62266263b6cd687bc2b9c0", "object_relation": "sha256", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610519, "uuid": "dbe49bf9-a49d-481f-9b33-e470ab672e19", "comment": "Malware payload", "value": "876c3029e672d80b034d872bd12f2caa702ecbb0", "object_relation": "sha1", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610519, "uuid": "162d758b-5d38-42f2-8e14-3d7d6b7d0ce9", "comment": "Malware payload", "value": "6e6f1ab8e4bb606ac3bd283c7b6a88b7b0d38b2983339f7607a2155ca8d135807fffb63aaa4d7eb9dfdff1132f895d88", "object_relation": "sha3-384", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610519, "uuid": "01103fa4-8b81-4ed1-83c8-ef76e57b1143", "value": "T1C871E7101ADF694EE9D61117BD3EA8460E3C0FA64BD93C00BAF597B06487824E17BB5E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610519, "uuid": "24800926-3a89-4c12-a24e-f8c96744c227", "value": "96:1gOOMM3vvOmIecj16pBakHkyN0lgwA0lxm:bS/vOkcj16pjEDdV6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689610519, "uuid": "ec4a6b5e-501a-437d-9742-ad74378e90c6", "value": 3581, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689610519, "uuid": "11980bdc-6988-4b27-859c-701e11383fe4", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610519, "uuid": "2300d15b-38ea-4370-bb56-169e3855ed48", "value": "run.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a949b71-2476-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689580231, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580231, "uuid": "6784d822-ff68-4350-bc43-332691cdbaa7", "comment": "Malware payload (AgentTesla)", "value": "38d09df667df0e7a16b89d00e5c0b323", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580231, "uuid": "f40db7e1-44a2-4223-b688-9c24e3fa64dc", "comment": "Malware payload (AgentTesla)", "value": "6fb64f7e90516c0003e7cd104a2370a22c5949871bc653067d0100229f8f9717", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580231, "uuid": "86043c0c-d910-4c0f-a37a-82a476dd7e05", "comment": "Malware payload (AgentTesla)", "value": "be4bd4a39e8efad5260933b95976c631436fec06", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580231, "uuid": "f3080383-23e0-47d6-88b2-251c26562999", "comment": "Malware payload (AgentTesla)", "value": "4200a3c3dc9e848250a72568f03eb1e44ddd8ba527ae4579416e5b5fdaf34fa93ac4caa9c77a360c00ee5510e5c4570e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580231, "uuid": "2b68b37d-b104-4dee-aa94-1cb9c2f554bf", "value": "T1B9D44D1B39D0295BE42E427E147C6A6CEAEEE61D427FD528342CC293B2F664C0D5D70B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580231, "uuid": "85febcb0-ac5e-47b6-8179-c2878307bd2f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580231, "uuid": "6dc6ec4e-54f2-4dfb-9d51-8b658ae0eb32", "value": "12288:sDEGQIut7DyYbjzhen6RG30YTv2i62AzIp0WmBj:Tz7mYbjzsTK2Az+0r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689580231, "uuid": "e30107ba-4c91-4133-89ad-00d064c82dd0", "value": 645632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689580231, "uuid": "178e4376-4788-4d5f-8e64-9103db2bdd9d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580231, "uuid": "8a77434d-b277-4ec3-b6c4-538862ab5b3b", "value": "SOA FREIGHT SLIP.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4fa7ade3-245a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689568079, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568079, "uuid": "b65330c6-b5e2-4091-bdda-f9b17935d28a", "comment": "Malware payload (AgentTesla)", "value": "944a177f8fd5c556a6f4f1bd689a01ee", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568079, "uuid": "d6a683eb-0328-4b9d-b18a-4cd82005d59f", "comment": "Malware payload (AgentTesla)", "value": "6ffc1ae20840871c7ab6129cbe4f0c6a72b13abb27b9b76a0fa4bae366ea1beb", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568079, "uuid": "0d1da861-2a67-4580-9f3e-de0eff57dd84", "comment": "Malware payload (AgentTesla)", "value": "45ada97c364924ea7b0865e8afc7e74491a0050c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568079, "uuid": "edc044fa-ac2c-4c0f-8909-af069a14d93c", "comment": "Malware payload (AgentTesla)", "value": "3353441d6245b79cbbe1216b280d1f9c9aa6299da912c1e926d934eb2c89e2496c81695a63ee28ef5f959fc03c8f9dfc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568079, "uuid": "d4ee3f68-db41-443c-a573-305de03da0ec", "value": "T14A936C0475241F97C7FE65F7859A344337F2419E200AE7E1DED4EAEE05F2B89A287A04", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568079, "uuid": "7c2c4750-4e8b-4c4d-8c18-e5a23cf15359", "value": "1536:JGy04MfRLM86fLSQQcAhVJPwHeiSnm+MP4JvEWxpTrhNevQl2s029igsMb31jPtW:Ay04M5LM86fLSQQccVZ7DEWN8QlB02ly", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689568079, "uuid": "2689b8d1-b634-4da5-b3ee-a912dd21cddc", "value": 90624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689568079, "uuid": "8007b2b6-0f78-4d83-adae-81f75fd0d03e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568079, "uuid": "d861dbbe-7bcd-482e-8833-93d5904151c3", "value": "SecuriteInfo.com.Trojan-Downloader.MSIL.Agent.27151.16316", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4b94c92d-2484-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689586111, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586111, "uuid": "9db061ca-fb1f-4f95-80b3-e64367c071b4", "comment": "Malware payload (SnakeKeylogger)", "value": "54a8e746d0c7a62598a60ace6dd2f2e0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586111, "uuid": "f825e1ff-d0ab-4c11-9069-561e72bcd412", "comment": "Malware payload (SnakeKeylogger)", "value": "71a0f6429f7199e64b3c6d852696a9a8721e6f95598e279f276cfdf22db4e5b5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586111, "uuid": "7e1fe50b-8358-434b-9e88-5824aab70cee", "comment": "Malware payload (SnakeKeylogger)", "value": "4e279782428f8fd4d059a78cd54aa64aabbdf57d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586111, "uuid": "3f95b47c-d098-45d6-98f9-e6a5251149d7", "comment": "Malware payload (SnakeKeylogger)", "value": "c947ae19a069f3546f316adfcc21b696df770f80005e453ca3bd14e2b2369d2933a8aaf39fe292cc2536112433b334d0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586111, "uuid": "21895ada-aea5-423f-b81c-c6e0fecde486", "value": "T140052DE1A1748ADFE95B46F1AC3A643011E26E9D54F4810C5DAE771F3AB3311309EE2E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586111, "uuid": "8c0eef53-11f0-4162-9c4e-70358f211d65", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586111, "uuid": "1252c955-198f-45c5-96b6-5e9d66bc0703", "value": "12288:2K+soT32dyPriP8/KVAfIPifqTrQaSejL8Zlp:2DDPDjqTrQaSejL8Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689586111, "uuid": "bbb5563c-dc45-45c4-b5b3-e5270e048ea0", "value": 826880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689586111, "uuid": "bc68eca7-f26e-4e90-89df-50299b5f4a0b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586111, "uuid": "712f607b-5dff-434b-9f11-6d64320cc757", "value": "FOTO\u011eRAF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94ac71c2-2468-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689574208, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574208, "uuid": "7fa16a3a-aee3-4ac0-af5a-ae65dada8b72", "comment": "Malware payload (RedLineStealer)", "value": "e168038ddb8d3f31511af2dc0d5c4f04", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574208, "uuid": "9b7ab4de-74a6-46a9-9ca6-315ea0bc254c", "comment": "Malware payload (RedLineStealer)", "value": "71cf66848d25787a84b362dd72318cf0b0b8061cdab732d3f19b6ea2770c94e4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574208, "uuid": "9b440b0f-85c4-4dd6-be30-9856488e5d75", "comment": "Malware payload (RedLineStealer)", "value": "5e4610235436e8b4320f1756b2562a317a03d85a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574208, "uuid": "cddfdaae-7b8d-49f6-94fe-65cb886c137b", "comment": "Malware payload (RedLineStealer)", "value": "02ddc995167776464af648408594a652710229618e1e8802d829f710ca650fefb846403bc385995691bd34780bf4319c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574208, "uuid": "670e226c-301a-4b93-a6ca-821d27e68ee3", "value": "T1EF9523127A80D1B3E8669A3884C6C3F95A7A38390365D1DBB7DD1BB67F052D0A3351CE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574208, "uuid": "3883bf64-d9b5-4741-8a8a-7d45c7cb76d2", "value": "bf5a4aa99e5b160f8521cadd6bfe73b8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574208, "uuid": "04fd3a71-3d3b-4e5c-b3f3-7acb099e2d41", "value": "49152:qkQTA8u/Fk2shGEna9j8iPYujGuiQf4vC18ZURyR46BziFfX:qaD/kkEa9j/Z5f4GcURyR46hiFv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689574208, "uuid": "24d03ee8-fab9-4016-b825-100befb0739f", "value": 2011784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689574208, "uuid": "113892de-4d64-4c53-a6e3-e7a42b12ca87", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574208, "uuid": "d9a1cc38-3827-456b-8504-3c606536af00", "value": "e168038ddb8d3f31511af2dc0d5c4f04.bin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86ce9a30-24a0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689598237, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598237, "uuid": "8e06aa85-64f4-4509-a1e7-ee2d4655660f", "comment": "Malware payload (Mirai)", "value": "3a70d7ed46d0ff27d93c639eea8cddab", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598237, "uuid": "b14fc51f-504a-43ea-84ac-2ace8a12584f", "comment": "Malware payload (Mirai)", "value": "723f2511d825f38d156f753fae912b7b7726a4d1ffd9cdcb17ac31cbfbd62ae6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598237, "uuid": "9bd14482-5d5b-44b0-8038-93ad45235f44", "comment": "Malware payload (Mirai)", "value": "61907454957eb8bc4dde870542c5d92ed240ecb7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598237, "uuid": "6fce1c83-8d07-4d62-bea3-46ff5480e5f3", "comment": "Malware payload (Mirai)", "value": "e776dd723ca2f2d6c4371a76e579bc34fe2d172f396db08d277b578aa8abfae06a50c68d815dff834d022dc9a65ebf8d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598237, "uuid": "c1cc7ba6-14f3-40fd-846c-dd0a7ee7ea53", "value": "T14C43F1FAD4133E51F63B3535D5198A053EA623F889BCA4F11E118F258D9A30BEBB0572", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598237, "uuid": "1fa8c0ee-c981-4451-97b4-b819efe92872", "value": "768:iQzYEUv2ho1/ugHUvL1yDAQ+IFQYQ/p2K66YinJs1Qgq3UI+RzLgYFUM/zzE6I5r:iQzYErhcILi0j/sKfs1Q3+d9+6I5MHK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689598237, "uuid": "fb838f01-997e-4aed-9749-2f739c8ef4fd", "value": 58220, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689598237, "uuid": "d24e2124-0403-41db-9a18-6d887d14a27f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598237, "uuid": "4a19fd64-15e6-412b-b0cf-69cb03f47c78", "value": "3a70d7ed46d0ff27d93c639eea8cddab", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "901f6326-2467-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689573771, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573771, "uuid": "12ef496a-973d-4075-9722-d48743309cd5", "comment": "Malware payload (Formbook)", "value": "cb1ce7ce2df04c4950998641c7ff95bf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573771, "uuid": "4040ba3f-ac8f-4d73-899f-eb025c07c428", "comment": "Malware payload (Formbook)", "value": "72780219bde6ac864dbd2061ad619bb798671df92d04725dcdff5d1899291988", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573771, "uuid": "e996a48f-e7f6-4aa5-ba93-ae9bc4058992", "comment": "Malware payload (Formbook)", "value": "42015ba621104954345d870611ec89bd6e03ce33", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573771, "uuid": "e20576ee-69b3-4b41-9a10-0a13df7c022a", "comment": "Malware payload (Formbook)", "value": "fdccbf6ca0c46f21e78e2686bdbab9bb5396ff8d4e99dffe589c52553994313730c2208b6c5994d518bffe42e0006ab7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573771, "uuid": "42bac18f-d8d9-4069-a291-afdd7b2527df", "value": "T148C4120872E89BC5E56B9734C538A5A38CB0BAFC7D13D35D59A5CE9CDC637E08802762", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573771, "uuid": "74e22fa2-5637-485e-9e0f-824113e9ccbc", "value": "12288:SnDOteXM/Sdo4VnE8SkX9Hgbd5pEd5oe+qznJyG3dVEFBlOgM0F927E:SnqtlsoywQ+woe+unJfdIaL0r2w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573771, "uuid": "a2406515-7b23-4b60-99c1-fd6aaf64ea48", "value": 558080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573771, "uuid": "8a413180-ea1a-432c-9758-1331b98cc312", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573771, "uuid": "f5229437-bd62-4c80-9953-c2e14fa52e4c", "value": "Product Specifications.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "abcf7208-24bc-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689610325, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610325, "uuid": "e0491128-3558-4d97-ab65-f3bceceb7aa5", "comment": "Malware payload", "value": "7d93b142ab6fca16c0be4c3720a50833", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610325, "uuid": "02f78c7a-f037-4b8b-b72d-15944cc80783", "comment": "Malware payload", "value": "72793db7dff167110244048663cae9d74ff6d7bf994648bc000af55a50888338", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610325, "uuid": "6f752306-25c3-4412-beae-aa7f89f9954e", "comment": "Malware payload", "value": "e8ecf8722d1d877cd0bd48b3fd25d2b0f80e6f04", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610325, "uuid": "5936d9cc-6e44-492a-8512-a74500f95a4c", "comment": "Malware payload", "value": "cf2f250695db3519ae4267405087ff30f411958282b29940a93364c82aa20fd0fbf03daec81c51d774ffc2054572d405", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610325, "uuid": "bec7e4a1-a574-47f5-bb22-a075729ecefb", "value": "T184355BC16846DA60E4699837C14055B9C42D6F2CAB8ECC93D5EC3CF476222BF3B85EE5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610325, "uuid": "10c0fe2f-5219-493b-8107-181eed31bcaf", "value": "d0d2cec49edbe0f9dd61f9aa1716e111", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610325, "uuid": "3b0d2c5f-786b-4b9e-ae06-a518177dd7ce", "value": "24576:4WLmMlBlhbt63P0rXAtUNyEAQRZ8dOW8sSeEuG22Q:4WLmU8MrTQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689610325, "uuid": "76f32eb5-544d-492a-98e8-d5d6cb5639c4", "value": 1117184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689610325, "uuid": "a967b98e-7a99-4c9f-838b-4471916c18d2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610325, "uuid": "10e12018-fae9-4c96-981d-75cd0183cee3", "value": "Factura1007.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c2a83d2-245a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689568073, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568073, "uuid": "3bb93605-bef7-4193-9e71-5520442c4910", "comment": "Malware payload", "value": "d7322712083028c72e93d79fe0eef58b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568073, "uuid": "2d85ae35-1b4e-42b8-b749-c37ed4b41607", "comment": "Malware payload", "value": "731ae5fedaff27e521e176a752f8917ca4c475a1a424b85f344c189fbf8dd8b5", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568073, "uuid": "c6b9f93a-68dc-45fe-868a-48be23e389f6", "comment": "Malware payload", "value": "ab359e5420a9ed0c7da1dbf8ac45c81a15e094eb", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568073, "uuid": "cd3736a6-6aa6-4b7a-997b-3e8a1de44625", "comment": "Malware payload", "value": "aaef61ddd385c8ecde27db14358ca916881673bd85521ea0562e90d18fd490a94fbc96af3697c54a2a7b0529a694ae4e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568073, "uuid": "74857184-48b4-4b42-bbc7-f2aeb7463b35", "value": "T147639D5676D1C471DABB073554BD8F22267E7E625EF044833FAA1A8E8E702C06E35783", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568073, "uuid": "d619dd1c-3fd7-495a-b81d-babd59973ab1", "value": "b64ce983d84fce30f9137da1f913d5f7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568073, "uuid": "52f94a72-0168-4f5b-a7cf-1a154cbd1f1a", "value": "1536:HidFEak1f1SMqXkSb4sUJ42rF2xTtBda5:H+eaQSbUsUJ1rFG/g5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689568073, "uuid": "8b7bb1d4-1b9a-4d7c-9b61-071cfa93f254", "value": 69632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689568073, "uuid": "ea68d57c-310c-4118-a046-884bb57d4b0a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568073, "uuid": "87f6584a-beb0-436c-aac4-2f7dd25e4055", "value": "SecuriteInfo.com.Generic.Dacic.666DAB24.A.6C390C3D.30544.30213", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3278ed30-2486-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689586928, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586928, "uuid": "4646293f-9a36-439b-818b-fbb0c449a766", "comment": "Malware payload (Formbook)", "value": "2bdd38681778a2be9d40177c6f8a3319", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586928, "uuid": "025d8d10-a77b-4129-86f7-82bb8afa4e73", "comment": "Malware payload (Formbook)", "value": "741d19e0d36879bfe434d667669315cf244fc0b31813a6f81deba7c6bb3d6fb7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586928, "uuid": "ade1c2df-3d5c-4d36-852b-000826f1c797", "comment": "Malware payload (Formbook)", "value": "af19e478cb32a12d777d7f25ad28868d14c5ec88", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586928, "uuid": "137cc1c8-f040-4c5f-bd03-2264d707a549", "comment": "Malware payload (Formbook)", "value": "8bfa4ea845e1b968f584897e5843ee1d05b7274fcd556f94d2367770d75bac16a41a1b3a211ea93486e83a0919c34661", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586928, "uuid": "f696f9c5-a8a3-4359-83a1-67fbbb2553bd", "value": "T1B84413246BE0DA1FE8977A71593AC53B6EDDC5041868038307A16EDC7D60141BB1FBBB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586928, "uuid": "453bec59-f6df-4d8b-b8da-e1b99cf63928", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586928, "uuid": "fa538d0d-9084-43cf-93ad-654eb56797dd", "value": "6144:/Ya6QtzV5BwDpWGUFvSu9wVrpAW+3qgqiMPn2KaAbjQqFQa/oEI:/YGth8QzmVrpAW8nqn21az/o3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689586928, "uuid": "033b3c4c-098b-4c7a-ba2d-a06ecc49e6e7", "value": 260772, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689586928, "uuid": "ba83d6a2-f4bb-428e-8e7c-716287002c5e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586928, "uuid": "ae40ee1f-5cca-4e1b-80a3-47fc13d8be23", "value": "2bdd38681778a2be9d40177c6f8a3319", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "229d2ba6-2483-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689585613, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585613, "uuid": "533370fa-0e92-4c3e-9542-f221e17b612d", "comment": "Malware payload (AgentTesla)", "value": "b5c7654a0c143cb8e17b84639d364046", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585613, "uuid": "ab67beea-2dc3-4eb4-a4b3-1ce4d9b88a18", "comment": "Malware payload (AgentTesla)", "value": "746d35cac9831c89eeeca49e3ea9ac53bb8d3dab1b3eae5c59a6fca8dc0e4596", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585613, "uuid": "3a49fffb-f9fb-4f05-8ef3-1809132bab7d", "comment": "Malware payload (AgentTesla)", "value": "19b650f411037b89ee40e819c4aba6a500840d45", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585613, "uuid": "ccc5170d-66e2-4362-b52c-893d893a1229", "comment": "Malware payload (AgentTesla)", "value": "b6ba105a818f6e784eb6ec95c5a6ca51acfe0fc9855cf853a39b12f0e74614ebe3dde27151daada7ea2b992730cfe605", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585613, "uuid": "b7615323-1cd6-4737-977d-03aa72570244", "value": "T1F0C423C97E01C02E2726B9784B254355CFE1214C99E74A38DB98C2F697E29E337BD8C5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585613, "uuid": "1b26ce84-61fc-4f5d-b1d2-cdf7a8223d87", "value": "12288:Lt7Sm+mgoggLOjtni+eB1ECi23vVu9CwCqTtOXVx5+Y5/vn:5SQPBqCVziwVx5p/vn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689585613, "uuid": "2434ec7d-2718-4a43-b6db-1c300baa11d6", "value": 559260, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689585613, "uuid": "edb086bc-3ed0-4ef6-aeb6-81cd5c479408", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585613, "uuid": "a87697e9-19f2-4427-bc91-d19cb15300f4", "value": "Remittance_Advice_120723.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3483d0a0-2468-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689574047, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574047, "uuid": "88f6cf0c-5ebb-4f80-a47f-0fb56d53feab", "comment": "Malware payload (GuLoader)", "value": "571ee58005b14af0965178929079625b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574047, "uuid": "d2fb14d7-5fda-4c0e-a8ec-6db286fa6e6e", "comment": "Malware payload (GuLoader)", "value": "7501179eedf19e9b094ed763b880f4673998ecef6d8b4732985d04ee0ef1ea1e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574047, "uuid": "d93435c8-fbc2-408c-ac5c-5abb859d2e27", "comment": "Malware payload (GuLoader)", "value": "c8df9921cfa7fde32269c058f1361c4f5f117935", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574047, "uuid": "2703a1fd-7047-4e22-9d75-a71e23b94951", "comment": "Malware payload (GuLoader)", "value": "3cd9038ac7bc828bdc3f1f8935242d41ed7601e802d29f63ed1dc0a705880dea949f35534f93dc8000a27756c146253d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574047, "uuid": "60eb02f7-7bcf-449e-8fb9-34698350964f", "value": "T1DBF302565192CD63C3A227B006B697A29BE2EE0610B323479B90DF9B7D171C2DF1D383", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574047, "uuid": "c2260889-450f-422d-a658-9bf442f5a86d", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574047, "uuid": "9b333237-b961-4d3d-93dc-1751c29578fb", "value": "3072:+NzPHk9MpcQbhvCa7XgwLrn0f3Inmq0vd8LI2eTTn99Gddwkqu8DfHrCj:+hRFhvt7XvLrna3Movd6eTCDzqRvrCj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689574047, "uuid": "d771053d-9285-4aef-b9f6-16cd61ead7eb", "value": 158611, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689574047, "uuid": "7b4f9fd6-dce7-4618-af7f-f0bc9b2e1599", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574047, "uuid": "910c8151-3da5-424a-8f09-0c70f958e219", "value": "Dekont#17.07.2023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5e021ce1-24f7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689635534, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635534, "uuid": "02afd7ab-8007-4f0e-95e2-a99114a5d838", "comment": "Malware payload (Mirai)", "value": "42d5e34f7d3f79d9a744133d93cc38b8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635534, "uuid": "c6274630-9455-4db6-8a0b-fa2289586270", "comment": "Malware payload (Mirai)", "value": "752a9a0deefbd6a52a1cd019001b526b07fdca89ac4f18b94da9efcaa690507e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635534, "uuid": "6464c8ee-4aea-474a-844e-69123a361d29", "comment": "Malware payload (Mirai)", "value": "e2ba63c7b499ed60064d9cf5912ff69d42acbaec", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635534, "uuid": "2a1470bc-9556-45f8-ab5f-242c269597fe", "comment": "Malware payload (Mirai)", "value": "aa20b8b9481181e6d1aa76ba0f5d631588fa991627335796f4aca5ccad2fd7f5475b7db118b18eb228238c6a8558df41", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635534, "uuid": "8987261e-972c-4e7e-aa9a-8010abd225a5", "value": "T180E2F111652AC47AEB308431E0F58586777A1FBD6AFFB1B25462060DDCC2942A3F1ADF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635534, "uuid": "fcca0ec2-d6c9-450f-b25a-7a4451c4a845", "value": "768:wEKkUgXAnURCr6HmDFStmYtYM9q3UELdB:IkEn7uHEem/VLf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689635534, "uuid": "d2d5e896-62d3-4662-ae29-439b402d37cf", "value": 31872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689635534, "uuid": "42d8da8a-8aaf-4139-a460-37566765fe26", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635534, "uuid": "a28cceeb-7abd-4873-b352-8e4eac24261d", "value": "42d5e34f7d3f79d9a744133d93cc38b8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3466c54c-2468-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689574046, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574046, "uuid": "e60e6e69-d321-4ec4-8cbf-28f4fe054be9", "comment": "Malware payload (AgentTesla)", "value": "0169065e2bbba4302f7e8e0e90fa9997", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574046, "uuid": "92f6e8b6-8fd6-4ed4-9401-30dfd085fede", "comment": "Malware payload (AgentTesla)", "value": "753f757a18d5a167080be80a7691abfdf6ee123dc9e96a3afcbb35ab1dbc2a42", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574046, "uuid": "bd2a8914-9983-4984-95d6-da98a1e588a6", "comment": "Malware payload (AgentTesla)", "value": "6438cf27133be7bfbd666df4345272fae9e9d33c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574046, "uuid": "07894d96-7cde-483d-81be-de37666eb63b", "comment": "Malware payload (AgentTesla)", "value": "07211d6a77e279be8ce3449f811a1f448d92ca7439f0daf632646d599765a32a2a02edcbc3e8857e317fadf2e2bf08c3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574046, "uuid": "92c88e40-ddff-42d1-8d31-340ac7d0c883", "value": "T161D433E12A981FA4718B138C52F0F4F6B946C17FA30F16944E92AE7B0ECF1A35752947", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574046, "uuid": "11e6a590-9afd-461a-81c6-b9803d942fb7", "value": "12288:fPJ+hMwVJiDWTP5i6piMZ3TZJMalQuifopeoUc0udnH2Lrr5KOg2w:fiJ+UJpXZDbMyQ9IManW3Pbw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689574046, "uuid": "5a02beba-832b-44e9-883f-264be5841b3e", "value": 641867, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689574046, "uuid": "de2527a6-687b-4019-b08a-ee4f35bafba9", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574046, "uuid": "4adef7e7-f86f-495e-9a08-af5dec7c16c5", "value": "SHIPPING DOCUMENT.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "39630034-2486-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689586940, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586940, "uuid": "f818a683-0316-489b-8e54-8f207124486a", "comment": "Malware payload (RedLineStealer)", "value": "9b06361b484531e8d71b64fbb32534d9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586940, "uuid": "3b0a99e1-cc6b-4f32-b249-272fa1fd57d0", "comment": "Malware payload (RedLineStealer)", "value": "753fbc1dfa05d6007c5dfa534a7d019cbb24d07224b67ae9d48c9772039c63cd", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586940, "uuid": "1c5916e1-a78c-4267-b25a-e56bef84eb3a", "comment": "Malware payload (RedLineStealer)", "value": "6c47e8bfaf1b82c57c861312f1fe130cc5e21c96", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586940, "uuid": "99142386-afd1-4335-b266-de51f730caa7", "comment": "Malware payload (RedLineStealer)", "value": "9531f85d2a9b9798713ff984c58bbbdbd68d9d974c5906ef47fdfcc6b952fa8a769eba792a4b8f1e23f0370540b5d39e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586940, "uuid": "3d8bb3ae-9ac2-4f31-ab30-cceebbf07845", "value": "T1EBB533F3F5A022C3C5DB3AB49F568E449DD5E83C8CC2670F76EE7209DA261710A8949D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586940, "uuid": "b65d9ac5-d110-4633-9814-4294906b1662", "value": "4328f7206db519cd4e82283211d98e83", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586940, "uuid": "c0943afb-437f-4117-99d9-d32cf4e00039", "value": "49152:SgUFBrKkyuD7ug6e1NsUfgvig28JUU1y4unHZ1IxLRoV:eJK1umgBUU+n28uUMxHXIh6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689586940, "uuid": "c2d89f96-44e2-4471-8de4-aa49220dc7f6", "value": 2433712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689586940, "uuid": "f3ad1ff8-567d-4a60-9e55-6c242dc211ee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586940, "uuid": "d6adf3da-59d5-4c4a-9f59-588d3940f09a", "value": "9b06361b484531e8d71b64fbb32534d9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ccf74a52-24b6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689607803, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607803, "uuid": "c723bc35-003a-47d2-835c-97b2f0614647", "comment": "Malware payload (AgentTesla)", "value": "5dcbac100b2372bed9b27d9cace952c7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607803, "uuid": "03b0d35b-15be-435b-a8c2-5eba833a6d9d", "comment": "Malware payload (AgentTesla)", "value": "75d2a038f6df4f6d45079eda07f440e91fc54fd2ddc3dc36a36363e1ca89972f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607803, "uuid": "624cde6a-6531-4f02-a01f-f05b1650d385", "comment": "Malware payload (AgentTesla)", "value": "bade53f0d06cf261acf4857ae4de43ea8b2f362b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607803, "uuid": "7552f37e-c83e-44f4-90d3-3d4beebe800b", "comment": "Malware payload (AgentTesla)", "value": "ff304a17912de7e0352d7a699a5c0b14e50884ef0d3cf4d56924e4717024a860b9a7f11fa9ba7aad526c9ac4789869e7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607803, "uuid": "f6bf3778-d9fe-42ec-ab3a-7c7e7a820f7e", "value": "T16394234E5B016EC4F9399E51E2C987F7DC97CA894413EE2FB00482CA57EE8A009DDAD5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607803, "uuid": "76326377-34de-4751-b735-9faa81b1ce54", "value": "12288:DN0pF4/ddv/w+P54oiiGT0vfEMaJMKsaRRa7:h0iv/w+PeZi9XEMsMKnq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689607803, "uuid": "5dae2179-0d4f-4993-87fb-e013dfd7b9c4", "value": 421853, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689607803, "uuid": "da488ff6-b728-4099-80cc-d03f36ef1757", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607803, "uuid": "9bd16096-42b6-4af5-8d86-30cbc3d4d25a", "value": "ORDER 0707-23.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98439935-24a6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689600843, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689600843, "uuid": "468e8e06-d585-4f80-bfe3-ff8a20625d0c", "comment": "Malware payload (GuLoader)", "value": "369002fc700dd6d0b49bc835c78aa1e8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689600843, "uuid": "ae073395-d87e-4ce6-a731-369b28057783", "comment": "Malware payload (GuLoader)", "value": "78085d64adb7c4678a78495b0d7fb868ef914bff242c5a66997c45acc999adad", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689600843, "uuid": "17bb7c4d-989e-41aa-ab9c-c7afa7504136", "comment": "Malware payload (GuLoader)", "value": "5062c3911320e7f88131a5f1e3bf0c21e5ea7446", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689600843, "uuid": "7c96377a-b636-4f99-988e-4ad0ea363c2c", "comment": "Malware payload (GuLoader)", "value": "f0fc60c9ea2647829a5b8ab75c1a7662e9bbe889e2dcab6df107c69c65887e860c2d29901bb53f9046d03cd66d4452d6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689600843, "uuid": "1eb0c898-a950-4767-92d8-444e5b546ab8", "value": "T13A847C49F363ECE9FE660279257119263F419C1EA1D9285D228DFB263C36213509BCFB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689600843, "uuid": "454314be-9635-46f5-9fae-8565ca81e8f0", "value": "4ea4df5d94204fc550be1874e1b77ea7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689600843, "uuid": "c3155622-4aeb-4612-8be4-23bda295bf99", "value": "6144:Hwq3NpAucUKhDfG+BspAEOxvQONKO4j9eBlnOCx:HzMpthbJ/3XKNax", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689600843, "uuid": "89342fe7-5ce1-4f13-916b-8f07a5a5b5ba", "value": 381069, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689600843, "uuid": "a7f45a21-839f-46b7-a4da-37483328d911", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689600843, "uuid": "58182330-34ba-45bd-988d-14a1d6ff16b8", "value": "rSHERPASPECIFICATION.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de9d6b9c-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (HawkEye)", "timestamp": 1689594948, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594948, "uuid": "e60b10df-6b61-4339-9969-5535a9a57326", "comment": "Malware payload (HawkEye)", "value": "81f9de1413f35585e3eda567859d6327", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HawkEye", "colour": "#E7159A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594948, "uuid": "916aca72-5132-4910-9bea-6cb0b0ef3fe2", "comment": "Malware payload (HawkEye)", "value": "7a30f11aee32cb6b96651c34349d1d290413c01e3c48e056bc833ca97856730c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HawkEye", "colour": "#E7159A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594948, "uuid": "df36b9ce-12a4-436a-96da-ea647ef56e75", "comment": "Malware payload (HawkEye)", "value": "b033df120cb75bfbecfe0f5d75b6d3c74cf26bf7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HawkEye", "colour": "#E7159A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594948, "uuid": "9d9e63b9-01d8-4d7d-a12f-a9aa7b7b5b43", "comment": "Malware payload (HawkEye)", "value": "919870866f4ed37e2f041c7aacc1390f951ada4b83850410d4d6541fe856779f39ad31126af6d20db62ae366cc6a3a12", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HawkEye", "colour": "#E7159A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594948, "uuid": "5e6e261b-66d5-438a-8b41-4aeb5a7dd712", "value": "T114458D477980295BE42A067E003C5E6CA6EFAE1D917FE41C346CF663B2F3249185DB4B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594948, "uuid": "3fe3b2d7-6016-48a3-876f-bf5654504f84", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594948, "uuid": "e3e96001-6c43-49bc-a078-6e56483e60eb", "value": "24576:3UXKCz7PPJENPvGbYAgcGel2vZ400k+eq3iXWVhcK0C:3Yz7JE1vGbYA5zYvv0hc5C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594948, "uuid": "e2f8142b-7128-461e-ae03-eeeef0616e61", "value": 1250304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594948, "uuid": "76096b44-1505-47aa-996a-e32fc6d706d4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594948, "uuid": "27eb0e18-01cb-4056-888e-867fd4decc66", "value": "LPO -Comfirmaton Order Pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "043ad749-2484-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689585992, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585992, "uuid": "73280cc0-f816-4d17-a8f0-bb4a6046a7d1", "comment": "Malware payload (Formbook)", "value": "55c4cf769f3513225b79add920390d81", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585992, "uuid": "4a7d3c65-c630-43bb-ad90-90a46bac847e", "comment": "Malware payload (Formbook)", "value": "7b0395878d9ea2154174caa722386625daf0d83f5e281fdf0d0b09a61b1c7d62", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585992, "uuid": "795b6f63-562d-44f1-b729-9d9365d75885", "comment": "Malware payload (Formbook)", "value": "0152a095635d544614bbeb5f87e5900ce4829947", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585992, "uuid": "b90d83b2-77f3-4c00-9644-efda562405ff", "comment": "Malware payload (Formbook)", "value": "19f23b099620c898ba5d76ef2eca1315ae5cf18b2282aaaa8b89cff5bf04966c8def268c1f6aa8ddd4bfa9c2a639ab05", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585992, "uuid": "67a72e7c-fac4-442e-8e6e-4738b6707684", "value": "T18D45E003D8049B83D40D83F47E530EE90F0A6F19E899BDEB10577F8B3A71A72595A61E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585992, "uuid": "de842e8f-6709-4a64-b75a-dd085d4fbe81", "value": "24576:BTu9V1ZyFw6VfAZyKw6VRQpbFcwTA5S8cNfnw/x:BTu396Vfy+6VcFjTBNfnc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689585992, "uuid": "bc3999b6-a7e6-43f8-863f-1351439c6528", "value": 1211392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689585992, "uuid": "d6d431d0-0c3a-4a8a-af5d-9f06ce73482e", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585992, "uuid": "8f973cf1-7d8b-4240-b776-2be6a19d9001", "value": "specifiche.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f7f064fe-24ba-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689609593, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609593, "uuid": "ecec593c-ca48-4ea0-95ca-a7cdc50c226f", "comment": "Malware payload (AgentTesla)", "value": "311c305a60f9ec602f6e772a26c9b533", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609593, "uuid": "7bec3d7c-ec5a-4606-8c59-edaca9ae108a", "comment": "Malware payload (AgentTesla)", "value": "7b53084fd46b89ffc9c41b0fcaaecc3e55579eef25037e68f1aee62d86528b61", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609593, "uuid": "a5786d2f-be9f-49f6-a29e-2bdb49458de2", "comment": "Malware payload (AgentTesla)", "value": "446d93684d28d62090ed3229462bd84e8a53deac", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609593, "uuid": "c47a966a-6b42-42a2-a25d-c4833c7d9ec8", "comment": "Malware payload (AgentTesla)", "value": "ad417f1d03b6d807e2462337fa5a28456b80a5fd87c1106ac4f3fbfaa01db4cdd209e2cd8886063b58af9d4aea3505c3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609593, "uuid": "d59b1523-7692-4788-9675-d30abe85179e", "value": "T18CE45D0739D12947D62E427E903C6A6CEAEEA61D117FD629302CC3D3B1F660C6A4D71B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609593, "uuid": "b26ee5f3-3c39-448d-b683-89bf536dff42", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609593, "uuid": "c849163c-13f5-4129-8258-fca028f1d390", "value": "12288:D/EIGQIut7DmWmojAfpLVXiR8SVjX3kzs:D/EIz7KrCAfpLVG8Sh3m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689609593, "uuid": "6814b44b-3c73-4b53-962f-828f096389b5", "value": 699904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689609593, "uuid": "71d1a27a-a3f7-40a4-9c5f-77978ee64b22", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609593, "uuid": "3d6cf5b8-04d1-44ef-9fb3-3a93e713aaea", "value": "SOA FREIGHT SLIP.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "495ef42e-2484-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689586108, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586108, "uuid": "92e33b2a-4960-4db6-bea2-df70cfc4cbab", "comment": "Malware payload (SnakeKeylogger)", "value": "20cd45eee7da9626a471c5c1f3d17d14", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586108, "uuid": "4c824496-e931-4d3d-b6cc-28e06e2eb68f", "comment": "Malware payload (SnakeKeylogger)", "value": "7bf021754d5ad2b4bb1573eaa984eb7fd752a3594b759caa79cae4bb602dc05f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586108, "uuid": "2b895b84-39f4-4e3e-9072-3a651db4a607", "comment": "Malware payload (SnakeKeylogger)", "value": "b149977550794163f21483a1d6562c4dd5a8f8f6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586108, "uuid": "ae090929-16c5-46df-828d-4e868c5aba6b", "comment": "Malware payload (SnakeKeylogger)", "value": "4719fde37059bc07bc1085e6a735a0a03652465ae9b23b9c3f0464faca770ba702e5e3a89b2a29f4094a389ba9615d74", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586108, "uuid": "35305859-15f4-4184-a76b-c6357972ecc9", "value": "T12FB4BF39503C87AFEB57CBB6E434255213F013A62AF6D38C8CBA259F3E75724A1405B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586108, "uuid": "22fcec96-fcc8-4ec7-9651-7bd3414aa241", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586108, "uuid": "52b57c2f-5bd6-4fd3-abf6-949b5970b880", "value": "12288:pXon0dZLgw4nOk84WtzaM8I+G0EmXqvCbUBmqTrQaSejL8Z:5g3nObjtX8I+G0E8DqmqTrQaSejL8Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689586108, "uuid": "288a94b6-ff8b-453f-844f-0e8950abd17f", "value": 529920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689586108, "uuid": "9836307c-796e-4937-a749-629d29ebad85", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586108, "uuid": "e005d0f6-8ac8-471e-b314-a9913ca5b1b8", "value": "SKM-42552700.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4beaddf0-24a2-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689598997, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598997, "uuid": "481f13df-eab7-4e55-823b-f8a06f3c589b", "comment": "Malware payload", "value": "cbda8cb8fd16a2172972e8fa81cc11a8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598997, "uuid": "4cc53ce0-4af3-46ab-9ae0-723518b96127", "comment": "Malware payload", "value": "7cadda6850c04813046afddaea278ff58b38dc49bc8e10f121560580c9eae27a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598997, "uuid": "791fdcf2-908d-473a-91c6-0188905186e8", "comment": "Malware payload", "value": "9fbe855f5a322c4848ed6f0d02a0b7e7be3d52dd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598997, "uuid": "1d14c61e-f221-4935-9bb9-f84e0bc4065d", "comment": "Malware payload", "value": "b82d8a7745dd192d635899cce1c2ed36a0eea01d31d64cb405d23a8d5e08c2a7c8835b6c1fb78e9c0ec59a18c3483fe0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598997, "uuid": "5d919368-7bf8-41d6-95e8-fbef43b27200", "value": "T184739E1077245FDFC66F023790AA20926372D36BE015DBC0EEE4BAEE25D3795B217690", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598997, "uuid": "179c5241-c355-4792-a891-dea8f4b08ec1", "value": "1536:N5wInQOcC+rhr+KoYlU88VGzm2v9cbpAQlTlBcUu1Vm1fR4:PwRrA88VGl9YpAQlTlBAC1fR4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689598997, "uuid": "8433280d-d1ec-436d-a8a1-75b0d0819132", "value": 78848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689598997, "uuid": "ad9b782b-8e7e-43d3-b370-039d80b9965d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598997, "uuid": "d921a46b-2503-428e-b1b9-8d24da0b2cb5", "value": "QUOTATION_JUL7FIBA00541\u00b7PDF.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "225b4c32-24e9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689629421, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689629421, "uuid": "8de9d640-7f11-4ca7-9430-27132e0b1c4c", "comment": "Malware payload", "value": "f4d1f7751869971d4d67ae5d603513e5", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689629421, "uuid": "636b23d9-3f21-4ca2-9e33-b26cda81c8f1", "comment": "Malware payload", "value": "7cbe11f2afbfa1f0531894a4220601907cd12d18754388825744435cc8e01e6a", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689629421, "uuid": "553f30e3-e02d-4f0e-8b31-ead4719cb490", "comment": "Malware payload", "value": "ec037f3e233fda597eb48ad001298e7b28b1e398", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689629421, "uuid": "61a44dc8-7be1-4916-bc88-4224117d6669", "comment": "Malware payload", "value": "529d6f76927542c80eea49b1900e94a5d409d4ed9f3ffea21a45a8174df0f4dc30777f8f5213705bf21396263249a450", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689629421, "uuid": "70e72093-a087-478a-ac11-552e1a956fbc", "value": "T1AD424C7E92470266EF7E0DFE12FF6C9E46386236432915D38345C4095F51AF2F932992", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689629421, "uuid": "d32b4d59-4661-47a4-82d9-3ca99e8d84ef", "value": "8576330f9aeb41bf60082dc9f971f9a0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689629421, "uuid": "1eebac40-d1a4-4551-9117-d392d0170514", "value": "192:F7IZ7OlFs8TtXiA3yj3t6BV+r55E1Ic2cUbNM:F7K7X8TtBRVK81FLUbu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689629421, "uuid": "0c75e8be-73d2-4b53-8f8e-a02fd5bc4cd1", "value": 12800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689629421, "uuid": "633da710-f8a8-48ea-ac07-648d1bf800cc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689629421, "uuid": "f0524e17-805b-4a9f-9cd2-ee76de93730b", "value": "SecuriteInfo.com.Variant.Zusy.477464.256.18047", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "189bc2e0-24a4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689599770, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689599770, "uuid": "c739c92d-ebc9-4d89-82fd-b7e6160cf7bc", "comment": "Malware payload (AgentTesla)", "value": "2be4c5b685a160b2ada04297a60ccc9f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689599770, "uuid": "3a01f4e4-bad7-4809-b556-ffef4b30bf62", "comment": "Malware payload (AgentTesla)", "value": "7f8a95173e17256698324886bb138b7936b9e8c5b9ab8fffbfe01080f02f286c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689599770, "uuid": "50e9b4f2-fa14-4ef8-ae55-a74666bae7e2", "comment": "Malware payload (AgentTesla)", "value": "b724253ddfe986d6f5636136308f0a2bf38d3f65", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689599770, "uuid": "9cc7d996-c3fc-4fa1-9c29-1035e03ddd62", "comment": "Malware payload (AgentTesla)", "value": "7ad9b375dc480b70d5139d2e3f48f394d2e30f2d93b9d5c8d7914c0d54123d7e8558c0440fbe5f90fc6f87d38cbd90b2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689599770, "uuid": "c9d7aab6-f625-495a-a406-390e54d1d2a4", "value": "T11CE423AA3B649863C295FF38CBB5D55673B8B53B7119E6680F39106E8E053C10F612CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689599770, "uuid": "144113fd-83dd-480f-a0cc-7e4dd76aed47", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689599770, "uuid": "8de66070-5075-49e5-932c-1c3b9ec76fda", "value": "12288:rBqD3ZxjJE8ERFtwuSpTj9fl/jAcRfR6pAYZZrnjg9LehcugGE4:roLZxj6XFtiH9fl/jytdMpLG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689599770, "uuid": "2c42e0ef-12cb-47ad-933c-bd7c8ff214cc", "value": 658432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689599770, "uuid": "fc6efcc8-d2ef-4d60-8c8b-8cb8f71222b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689599770, "uuid": "0b1b8037-71b0-4cce-88b8-dd45dfbab7cf", "value": "z1RFQ856W8H.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af655b93-2469-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689574682, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574682, "uuid": "940abcf0-b5ab-4134-803a-11faa6d767bc", "comment": "Malware payload (AgentTesla)", "value": "a741f94e781a247f7414c8ea32f32532", "object_relation": "md5", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574682, "uuid": "6d65d783-2fd3-4145-ac90-358c6051a6c7", "comment": "Malware payload (AgentTesla)", "value": "7fc3cd20f99389fe5c49664160ff5aed09f20f0f194a31767dcd3db39e90bf34", "object_relation": "sha256", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574682, "uuid": "455ef200-f6a5-4ac6-86b9-94047ad3b2fa", "comment": "Malware payload (AgentTesla)", "value": "bb316c3f56fa22a33943267a9776ad4c339c906d", "object_relation": "sha1", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574682, "uuid": "e805e6dc-cce3-4a05-a355-6a252c2b9c22", "comment": "Malware payload (AgentTesla)", "value": "8125e8eb2d3c3f5ece5b46f514a1c1a13af9183cc69544f5acfbf74f5a16415659b06b18e9a5ced7798b6bc56cdb4a7b", "object_relation": "sha3-384", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574682, "uuid": "5494256c-347e-4bfa-90a4-cca2133c91b0", "value": "T12BE423B0BC6E0EC4FECB917A55A3A68CE78F74BE9C7E8900DC817559C14284A4FD5760", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574682, "uuid": "14a28a7c-aa36-4e4b-9434-3986555a54d3", "value": "12288:gGXDNP2d3E1P4ggSgtJdvk9BSKRyFS1tM7PXZTRGA1+ory0c:gGXDNPa3E1Zdm38Nl1tYvZTIW+ory0c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689574682, "uuid": "0a0260b5-064d-4826-a111-ae1508664568", "value": 658358, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689574682, "uuid": "20aab59d-1125-4ffd-97bd-a5d9c1d14291", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574682, "uuid": "dd079797-eb94-48dd-83a1-fedac71a9612", "value": "Invoice AR20230714N.7z.001", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2971d761-24f1-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689632869, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632869, "uuid": "1faef027-98ee-4d4a-b30e-355083ab581d", "comment": "Malware payload", "value": "cbe3962f3e098ca346d970726605cd09", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632869, "uuid": "0eefe896-144c-48c6-ba80-1cf6388b8def", "comment": "Malware payload", "value": "8069af27e2a6a5feba92026018511c8f49c2d35f1b6fb668c662100db181e6df", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632869, "uuid": "d6b46a3d-f947-491e-afad-b23f292405f9", "comment": "Malware payload", "value": "65658714bbf1aeb7b8681ded01dcf8720f126ff2", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632869, "uuid": "1ca92a7c-b0af-415b-841f-43120d802547", "comment": "Malware payload", "value": "bf23a59bb2586be8600350ddaf12d8ebc7fef537fa481d36ea45795921bbd77d75bf54d79f047078dae971616311dfd8", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632869, "uuid": "de1b3b04-55f5-4f6b-b455-84f02af19569", "value": "T1C2E36C08A5CBC0AFF259E8FD2C0E4B54BE7425B4978828A5F27D854CFE4F5C35A582C9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632869, "uuid": "6cb603d6-9ce9-4d3d-a355-f4bf4c88af12", "value": "3072:DuxIWpfO4Z+vyrM6uOaK1uYXnwixbuB85bWRJqwuX7aRqoi/bdn10RwDn/uLEXwx:ax7WRY7d1fjGAa4GNxxVTzg+njYpizeA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689632869, "uuid": "ac8c31b9-da79-4184-9f0d-b565b88aa922", "value": 147952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689632869, "uuid": "95c377b4-8837-4797-8c7e-5d10d738664e", "value": "application/x-sharedlib", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632869, "uuid": "6cbf1f7e-8dc3-4590-b3da-f3336219f066", "value": "SecuriteInfo.com.HEUR.Trojan.AndroidOS.Jocker.ug.2369.29626", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78b27635-2484-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689586187, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586187, "uuid": "fec44798-b97f-4de9-ba1f-27a255c9e233", "comment": "Malware payload", "value": "160e87b66c9b4893d262d4bcd4e60d35", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586187, "uuid": "9db49501-84f8-47ce-a509-1a75fdba4be9", "comment": "Malware payload", "value": "80c2b7b0087ee4cc07bf98d010cf4ed7f088e672a8d502edb4c888eb40097c97", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586187, "uuid": "5ded58b8-4e96-4b0c-a9d3-2411b0a33d96", "comment": "Malware payload", "value": "f2239f58663d51570e204e57491fdcdb6a5369d0", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586187, "uuid": "ab3e0c51-df42-49d9-8165-abf17c3e2fa8", "comment": "Malware payload", "value": "e9c4ac5f296d5780ac5dfa560673aded17f23567d234f01f85955141de690097354ca6e5bb0479b27d8551a6175de9a0", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586187, "uuid": "fc7de110-1e06-474a-89e0-c6fe65ab2173", "value": "T121B40111728CAD9DF2825BF9B8B6758E900CBD7336C5A1C3AB84B70B8835FAF5517901", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586187, "uuid": "07a6c05f-58e4-468b-be23-25a2cf9405c4", "value": "12288:iZoioWQmmme6v3QLQuE63WQmmme6v3QLQuEyBKF3kUhWfRMK1JyK96U:hWQmmav30xhWQmmav30x/BKlWt7yU6U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689586187, "uuid": "abe57d1c-d1ec-4a91-8696-ccb98801ebc4", "value": 523776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689586187, "uuid": "2f42916a-cec6-4379-a205-b997f784e7cb", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586187, "uuid": "4d9d7790-6444-4602-b84c-bb8db767c731", "value": "new order list.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2e6eb89-24ba-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689609585, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609585, "uuid": "d4258a8b-5ac8-456a-8054-c21f278df308", "comment": "Malware payload (AgentTesla)", "value": "6c099a1c1b22c8ab421cfb14d1b32909", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609585, "uuid": "65432a0c-3322-4d20-9351-07dcbab359e6", "comment": "Malware payload (AgentTesla)", "value": "81466541eacbc59b36e032c14b320f90b8717c6ef369d8a983839e851bb5c7e5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609585, "uuid": "8b867388-2676-4c26-8e84-dbd9e1cbd731", "comment": "Malware payload (AgentTesla)", "value": "32568c4d17fa6d3f807dfb0e1b0d69fb4f161316", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609585, "uuid": "5bf42e53-727d-4373-8a11-e3361e614c17", "comment": "Malware payload (AgentTesla)", "value": "500b69673a59040e46aefa6fef4600174064277c2cfda271c2ab563a323ff7bb3d116d288a3fceca470b769d76d07948", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609585, "uuid": "0d21b265-a4ae-43b2-977b-d46547747cd3", "value": "T105A4232654B7261827C8138028D704D3F89F8795C5BBB9B489FE9BDD20EAB38F4D6C45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609585, "uuid": "ed43ef70-31e9-407c-bcd3-59cfc430d631", "value": "12288:9D98ywjdqoo4IS190CzSB5nFRcOiqebkX7:Z9zw51I5nF6OiqckX7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689609585, "uuid": "0865a87e-e2c9-4119-a3b9-a0c40a36ead1", "value": 466029, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689609585, "uuid": "37dae47e-150e-4c13-8936-4226bff83a61", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609585, "uuid": "ee8267d0-3b03-49b6-a3cd-931f1bdae494", "value": "SOA FREIGHT SLIP.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c1993df-24d6-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689621331, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621331, "uuid": "cc0035a8-230e-42de-b007-2eb45b68e04d", "comment": "Malware payload", "value": "846562ffbcb10c95ecb6b04bd8d495d7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621331, "uuid": "e9bd0c8b-a716-4753-88f2-62fc24226484", "comment": "Malware payload", "value": "81539fb95214aadc076c01161cdce901fc57b6cc8d82e27bae4915c512d9baad", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621331, "uuid": "df54a87e-1fb8-4a4d-b4b2-26fefa0571fa", "comment": "Malware payload", "value": "02c56a5af1ccd3ace14ac93fc1aebb6fe90a4426", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621331, "uuid": "02e14a6b-bcc9-4582-ba83-27338c3f052a", "comment": "Malware payload", "value": "0ddc97f66d0dd26aa26dcf000f38c6fa7625a870318b5710abf12d45882c952a54bd54df76829b3d8fa58b0debeeac67", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621331, "uuid": "d1ea37e6-27b3-43a5-b7f2-3a8d9b566076", "value": "T16AB4F121B485C432E6A205354AE6EBB16D3A7C71972694C72B84777E2FB53D2E370307", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621331, "uuid": "36f6ff85-75b1-4dee-b94f-b04e9b8e631b", "value": "6dca3e9fb3928bbdb54dbce669943ec8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621331, "uuid": "1c29d66f-ec6b-4bb5-901a-304c163b86ab", "value": "12288:/U5rCOTeiDrsJ5B5P1ZQ7e4nP5YyoQ4ndkNZ:/UQOJDcBzOCC5YyocN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689621331, "uuid": "daffe22d-9513-4911-89b7-ed10f76de3e0", "value": 497664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689621331, "uuid": "e6102761-3f25-42f7-892c-169dafa21873", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621331, "uuid": "751c4966-a548-4ca9-92eb-e59ae5d405ad", "value": "2A6FBC0F.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e8dc13c-249a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689595646, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689595646, "uuid": "aa98b9a6-afc5-4825-8e5d-b59d120dbcb9", "comment": "Malware payload", "value": "cd950077c7ac33bd118b8d00c25828b7", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689595646, "uuid": "b77ff672-7be8-49f4-8bc3-67f4fee28b80", "comment": "Malware payload", "value": "826895ff9141633c144d1520fba79dbf618eed4180f26559cea76010f63b2f36", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689595646, "uuid": "628f0d21-c553-43b4-b116-789c2aacc672", "comment": "Malware payload", "value": "c5a4dfea3c065bcfbe1d4629ce50d1fde22d9de3", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689595646, "uuid": "00c5144a-b981-441d-b8f0-0b73e037e2ba", "comment": "Malware payload", "value": "a60511f7bd1adb2d065e805f010f9a332d125807fdcc2c9b4182b8d6dd663c167ff4a171fe71464699631f38bd68cb98", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689595646, "uuid": "91b4f828-c61a-4173-8ade-7ed1c37a3e27", "value": "T10A515596E129D023CDDABAB09CCA6403567F81CE14F4E7D056DA1010B49538183FBACA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689595646, "uuid": "0b1e6fa2-1401-4c4d-a54f-b9aa008871c7", "value": "48:8KkxwZpIFOLJPGGZa0nE4lpiHwf4tvrti6fV:bkCjIFOVOGZLE4lcwf4Bt9V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689595646, "uuid": "5b88b23b-8d7a-4ee0-99ba-3440b5eb4651", "value": 2448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689595646, "uuid": "e3417e66-4075-4e93-9f55-f2d4fbb14ffe", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689595646, "uuid": "6de0e9ea-fd10-424a-a5c8-40a5c289fa46", "value": "test2.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38702d59-246d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689576201, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689576201, "uuid": "4826178c-8468-4151-92ef-645231996872", "comment": "Malware payload (AgentTesla)", "value": "11d85e1c4d331d9da2019fbf2aa7ba02", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689576201, "uuid": "3f3d60d2-f6e1-4aac-a94b-4f86a6762387", "comment": "Malware payload (AgentTesla)", "value": "82a1ec742e9cb0e555b0f21f7fcec120deac27326d0efba234b20b63e372a093", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689576201, "uuid": "a14a5df1-82e3-4a94-892e-0606668aec56", "comment": "Malware payload (AgentTesla)", "value": "75bace3a93379a526fa0ac99e77fff054764c379", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689576201, "uuid": "984fd0e9-7ea3-473a-9a4b-2bfec6780cee", "comment": "Malware payload (AgentTesla)", "value": "31e5c01013d54e63249bc0fb92f7b3188abf484af173e8270d80f23b5fe8e83377260281aa1f361dff7d264c07ea1d34", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689576201, "uuid": "4f3a3456-c9d1-431e-89fa-da6036bb19df", "value": "T1E7D42328874BC1DD497BBA3192317CDAFAC3DB8B9101D0DCD09DBBB6F89A1C5D549242", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689576201, "uuid": "176077f3-9db8-439a-9217-7323dc7308ea", "value": "12288:rqhWtqCDQMfbO4+7qPv0hh7l0wVJhlauwwsYJmPZy+xnC+91e:rqItBNDO4+7qPv0b50Sa44hB5C+9k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689576201, "uuid": "1b0a4bae-74fe-4d67-9842-8da8bebe2170", "value": 640096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689576201, "uuid": "ddc19afe-fec4-4f0a-be5d-49c27e767afe", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689576201, "uuid": "922df7d2-c82c-445c-9bd6-bc5dc28b42eb", "value": "PURCHSASE ORDER.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "164eda01-247e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689583445, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583445, "uuid": "95eac60a-4d99-46e1-b4a2-956c235250b3", "comment": "Malware payload", "value": "b1aaf3910686d9c7d955080c8c9782c0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583445, "uuid": "5eec572f-caa8-4dd4-8740-5dbd3ab6fdfa", "comment": "Malware payload", "value": "833ade8ecde03240d9d930ce9581b9af5bc3e30340bb5bab24b8a36b639629d2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583445, "uuid": "4cc3abf4-1e5e-4d0b-b9b0-12ba7b7fc6ec", "comment": "Malware payload", "value": "255b82d6a9f7ee85ecea422ef29bfd1dac494363", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583445, "uuid": "0528b30a-2ad2-4347-ad53-e9061826b990", "comment": "Malware payload", "value": "b86e4c14156ff8811edd4f2f93eea8cc26fa381cce7c56c7e70aff4cf744a7ef69f97b530d24fe76388833dabc38ff28", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583445, "uuid": "d32b3925-dba3-4d8b-a046-ec7070b8768d", "value": "T129868D43F85465A8C6EDD2308A758212BB31BC881B3577D32B61F6B92B73BD45BB9340", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583445, "uuid": "31ff2bad-e9f1-44f6-81bc-f124fb033440", "value": "f0ea7b7844bbc5bfa9bb32efdcea957c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583445, "uuid": "1b795988-1b57-4bf2-9f75-e73e3cf31761", "value": "98304:e3CrN97ff09qMvxEBnwJX6J/ogiGtCZ4fq8udcZiTdWz:WcC9qNxwIJ/oXeq8IAMWz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689583445, "uuid": "ab2efd91-a257-42db-9ed6-554542076c17", "value": 8297984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689583445, "uuid": "fbd83e85-9612-486a-ae19-faa3addaaffa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583445, "uuid": "a7260177-3d02-476a-80c4-df73c7f36495", "value": "Hooka.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35174733-2483-11ee-a6f9-42010a9c0055", "comment": "Malware payload (STRRAT)", "timestamp": 1689585644, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585644, "uuid": "5ac33b05-4c91-44df-aaf3-81bf37f0c399", "comment": "Malware payload (STRRAT)", "value": "58704e4d3d978c50c2e3d82e7d7e59b3", "object_relation": "md5", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585644, "uuid": "614de8f5-b5c9-4c9e-a3f7-b37eac18fe08", "comment": "Malware payload (STRRAT)", "value": "85bc90275de0b66100fd58e7b38729908b3ef117dd3e787840dd39ac428a88c9", "object_relation": "sha256", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585644, "uuid": "188ebed1-1486-47be-9dec-2b6b46dda76f", "comment": "Malware payload (STRRAT)", "value": "7f299f1c2834e07ea6d8b77389b62c6f478cfae7", "object_relation": "sha1", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585644, "uuid": "06e0ef18-7268-4ffd-945d-810873d89075", "comment": "Malware payload (STRRAT)", "value": "2b5bd5b2cd97d861d13f11ba0376ad51dc545e18554c78d65a9d5137bae61ae53218f5c1fdbcef6e96c1dd50ae098782", "object_relation": "sha3-384", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585644, "uuid": "fc16ce85-02cb-4ad5-9d4d-1bfdcee17b92", "value": "T139658DD52EE815064BE3FAB5EB21E212AD7CFA1229C631C67D843D4E7E37C141DA5A30", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585644, "uuid": "b3439099-90b3-4130-b612-ab9e59355566", "value": "6144:Jpgq7kr5ATDhFd9Ueo/4Cnt0vMMEqrcup9bg+l3SYgbWZiUPcQFlwu+/5iW6w8se:X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689585644, "uuid": "d19e47f5-510d-489b-ac70-f602d295ef6c", "value": 1419966, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689585644, "uuid": "8e921c4e-0960-48da-bb17-795cda01f298", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585644, "uuid": "fb9c1fee-be95-4e54-ace1-a8ef198e15a7", "value": "new order.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5109b58b-2484-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689586120, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586120, "uuid": "a9667ebd-4099-411e-b831-a5756ec268c8", "comment": "Malware payload", "value": "1537d9ef91f09925f66ee5b25bcc0152", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586120, "uuid": "bd214358-b824-4ab5-892a-5affde05be02", "comment": "Malware payload", "value": "85be91d3013ec4d160165dd1d099641f3fb1945c32738939115be67b2d628ae2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586120, "uuid": "83002af1-a09a-4c75-9727-24963c5a5ff5", "comment": "Malware payload", "value": "97d8e8b8d1636486835347eda1fed00e23473632", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586120, "uuid": "2653dc06-94e4-48e7-bbc6-6e3cb169259a", "comment": "Malware payload", "value": "c85569e36cacad7f4e16950ea17b872a5f83cd62a02823ed9cc49393b969cc6a7e50e5dde80e7609de29ec6b68e98505", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586120, "uuid": "44d61752-4c3f-44bf-9425-91d6d87f6ca0", "value": "T191D2940A635CCE72D452B2B49C5B66B2372CDD71DA517F6B1FF0AE262CB16C808E1134", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586120, "uuid": "ba74231a-15b9-4c99-94ca-22a1bc98e3ea", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586120, "uuid": "6cb39c21-6319-42af-b4aa-9cf0b121d3d6", "value": "192:xhW4NO0p+I+N4guVvMiPD10se9eae3e3eae8ehezlTSBPxSq2u3SDz91s4gY2wff:xhrx+I+Gg8Mu1g8PxlZCDhm4+Q2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689586120, "uuid": "9f026441-b48e-405c-a1ea-83bb8ea5e5a1", "value": 28672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689586120, "uuid": "abac8012-6fe3-47fa-85ea-cc5250cbe5a6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586120, "uuid": "f8fb5c37-8de9-4935-9c39-e7714c7e6211", "value": "Ufppbdzzor.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b118ff0d-24f6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689635244, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635244, "uuid": "78d407e0-96a3-4985-b184-12170c391318", "comment": "Malware payload (Mirai)", "value": "0499f92c755c85ff002e7d8a7c9d8ffd", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635244, "uuid": "56327750-f34e-4151-982d-c5db41907207", "comment": "Malware payload (Mirai)", "value": "87e52e4edf5d4b1b237710eed548af343e23dc46bc3016a52433d88843820128", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635244, "uuid": "300ecc7c-002b-46b7-9134-65686d8ef3ce", "comment": "Malware payload (Mirai)", "value": "2b39d3632ad9fd7d2ac64eb764f94d6d56796ca8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635244, "uuid": "e4cd01b6-93f3-4c1e-bf17-13c332f0632b", "comment": "Malware payload (Mirai)", "value": "baaec22ee2ee5bf95ed275f7b9881c5443e1e17edf21f1e5cc6fac372b0097ad092edb64c6046075ecd68a9c2ee0b838", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635244, "uuid": "41d2a100-e72f-4c8f-a93e-6a606e73cce2", "value": "T100D2D0ADE5B542CAFD4D5C3E808C3BA10E19E581231BDB9267218C495B36C56F1BE4B8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635244, "uuid": "291657ba-a9bd-4bc4-a93f-2d45db19bd0c", "value": "384:d8pVWtmRsLYEpB6V8S628FuRUuNJG9whQ3Cfbo6w+K95orjJpmjRWGVCz0Nv9:aMYHb62x4ahQ3CfdwLj8CWI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689635244, "uuid": "0d072b84-5dab-4d2f-ac4f-166a71e14438", "value": 29952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689635244, "uuid": "59ae4c10-ec43-47a5-a716-9de62fead027", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635244, "uuid": "c800384e-f51d-4151-a7b4-2049361dd166", "value": "0499f92c755c85ff002e7d8a7c9d8ffd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d9ca445f-24c1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689612549, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689612549, "uuid": "d796d29f-9370-4020-ab2b-f2f1c38419b5", "comment": "Malware payload (RedLineStealer)", "value": "623bca798c05a1e5dc5a26ff57329459", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689612549, "uuid": "f76ee483-9eee-4100-9ca4-baa379b0b01e", "comment": "Malware payload (RedLineStealer)", "value": "8b11bff6246c53c7a2488b7375ce50a193a3e7a01e1f9bd4856bc55d90fb9e7c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689612549, "uuid": "c68351b2-49da-46c4-89a2-55c3b931d2f0", "comment": "Malware payload (RedLineStealer)", "value": "5d3db9376a7581fad4db73b87bcf6ce555e6138b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689612549, "uuid": "fc5a8df3-0a44-4a61-b3ba-7f70b45f5c98", "comment": "Malware payload (RedLineStealer)", "value": "3411b73a035409740a2af6cdb1990d58af864cbe2d9942f25da58988088333722cfb60d8aae65b0581d531781cd9939f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689612549, "uuid": "0118f9a5-73c8-454b-acd5-c6e82d0377fc", "value": "T1E0B533C77D18D84CCAE724F4E57B5374A9F5E93DA8C4235CF9A52708AA226F2600F253", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689612549, "uuid": "5efed1b3-650e-4cb5-aa7b-ecd7982b0b4c", "value": "4328f7206db519cd4e82283211d98e83", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689612549, "uuid": "1b006d7d-88a6-4f4c-baca-c681b952b805", "value": "49152:magq7j1kTKNpT+1OzKamfw3Fryxqu4m/YjsqV51RoipOm5FGWCmP9:Zgq7STKNUA7mfEO4cYjsq1RoinZCml", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689612549, "uuid": "29af240f-5aff-4e3b-9641-cd231368cc6c", "value": 2457728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689612549, "uuid": "4d507957-755f-4bfb-bc55-01e89db7842a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689612549, "uuid": "c7701487-260c-4aa5-a485-052619de02cc", "value": "623bca798c05a1e5dc5a26ff57329459", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97205ddb-24a0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689598264, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598264, "uuid": "a99dcdaf-740a-440f-905b-8955c3de2b37", "comment": "Malware payload (Formbook)", "value": "a147b043c9bf220c3f7c30e5fab35414", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598264, "uuid": "8b7ce999-707e-49ad-b714-9621e3a7d7ec", "comment": "Malware payload (Formbook)", "value": "8bb4dbfeb12ea6c27f6a4bf9ba8188cc231208519e0d7c42bb48c1d75062c76d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598264, "uuid": "20cede56-a4f2-4934-88c8-4ccc3b987bc1", "comment": "Malware payload (Formbook)", "value": "385651a4313fc4d8fa4369887f3d8ae99291057d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598264, "uuid": "99add6dc-3b5b-43d7-89de-2d681d52bbc6", "comment": "Malware payload (Formbook)", "value": "3d7035e5da09c3077932e2217f0ad05f6bc6f38ac8e87c4f01c61e187628d94de234db55e142462e3b3547be3699621b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598264, "uuid": "50f736fb-b563-4cac-87cd-cf3903f6d5f5", "value": "T1FDD4CF78503C87AFE767CBBAE424155323F013626AF2D38C8CB625AF3D75724A1549B2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598264, "uuid": "f95a28ac-93cc-46f1-ab2b-7c5668f0ca7c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598264, "uuid": "d7becf93-4cf4-41e5-b5a3-01724f6fe0a9", "value": "12288:VyL9Vhs97dycOswymWm4bdJJFKeSDNjKkqTrQaSejL8Z:Iri7dLl1/bT7KeSDbqTrQaSejL8Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689598264, "uuid": "dccad6aa-032e-49da-af31-f3e966df68dc", "value": 603136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689598264, "uuid": "34a6b2f1-1fa0-4a7c-851b-19ac7e12edaf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598264, "uuid": "1be0db28-7de4-4348-a45f-3d15d5082e77", "value": "a147b043c9bf220c3f7c30e5fab35414", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae97e3a6-246b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689575540, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575540, "uuid": "de5a5a7e-acec-4558-b5c9-d476c602ed75", "comment": "Malware payload", "value": "fe1bd88dd9ed142cb6f9f7619fb76a6c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575540, "uuid": "2f78d44f-de3f-427a-92b3-736e58d71128", "comment": "Malware payload", "value": "8c4e62acb77ded37df700d9fdb0a759b44e547961e8cc31b1d557f65074afa73", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575540, "uuid": "79ad33ae-70ef-4c8d-bed0-19446d62f88f", "comment": "Malware payload", "value": "aeb2084d810bcbfbd4fca49bcdada4e2029ad2a0", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575540, "uuid": "1378b13b-73a8-449d-9617-a2252c99e989", "comment": "Malware payload", "value": "53f3ddac12352eaf691f7b8b983b0476ee35604464c55dd665b9f71bdda0825e6fadede25ebb0bf84fb6b74c04e26f3e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575540, "uuid": "f76aa309-9863-4cc1-9db8-2c31587f4de8", "value": "T141644B51B7E88E2BD1EE077DB872411587F5F202A562D30F49A4E2991CE3B448E627F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575540, "uuid": "7a0f0adc-8f62-4469-9efa-e451130d38f4", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575540, "uuid": "71d9f1c2-2db6-4b0b-bb53-fdc436e685a7", "value": "6144:DQbfsGAUwqBMRe9cnBFY0bw8TL0HOLt9kncbRpmYtIo:DBUwPvi0bwQH599b3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689575540, "uuid": "b26f3a7c-a555-4518-924f-7681d8a1259d", "value": 330240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689575540, "uuid": "bbbccde3-571c-44ff-b3c0-a3ab637bbe9b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575540, "uuid": "eb74ba04-45c4-444d-a9db-4c19f560275f", "value": "SecuriteInfo.com.Trojan.Generic.34030449.12922.22943", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "184bdd1e-2466-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AsyncRAT)", "timestamp": 1689573140, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573140, "uuid": "d955aa8b-88dc-4ff5-8388-3482ff5493f2", "comment": "Malware payload (AsyncRAT)", "value": "c66ec2c36b8a47ae1b81ea9576519478", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573140, "uuid": "9f451445-cc7c-4887-bde7-adf31d060c0e", "comment": "Malware payload (AsyncRAT)", "value": "8c744c2fea8dd76541d447997554d108d543261805d8f413b9a1b1293a65fb08", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573140, "uuid": "1d325184-692b-4e24-983d-00ecd2b6585f", "comment": "Malware payload (AsyncRAT)", "value": "bdf71840898705a68e49b6ce683e4c2d53bcc105", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573140, "uuid": "8595ac00-3640-4e92-a62a-bcb8f9eb3314", "comment": "Malware payload (AsyncRAT)", "value": "794851c19c8a2ad0812dfdd1558c919596bba831207e45687a33b38da9a313fa6f8dd5ac37bfb3723566e307f37b9d18", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573140, "uuid": "21571d91-2148-40b1-922e-57783279f3dd", "value": "T1C9D6338646C139A6E833A37F48118913C973BC360768C79F0578A15B6F6B6E05DBEF42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573140, "uuid": "39c5b34e-7533-4760-ae2c-fd95987c459c", "value": "0b5552dccd9d0a834cea55c0c8fc05be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573140, "uuid": "bfd86589-32dd-4305-bff5-604ab3ab8195", "value": "196608:0f0sKYu/PaQVBlibzgFDkC2CsXDjDyfmdJolpPgToa10/+jNxEbPxFOnJSgbtDlj:KQVBl80xkbCEDLJ83a10KYDxsEgbtRG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573140, "uuid": "871d1caa-33df-4d4a-b6cb-dd1de3d19425", "value": 12916295, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573140, "uuid": "77c2b28a-c06b-4b72-8a8d-7127924b7709", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573140, "uuid": "e5a4a5d8-1c20-4613-9002-1e115b074732", "value": "c66ec2c36b8a47ae1b81ea9576519478.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd16729e-2491-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1689591912, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689591912, "uuid": "6ac1016b-a4b3-40ac-b316-fc77686204db", "comment": "Malware payload (AZORult)", "value": "cb74747c79c7c6b79711dd8c66c776df", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689591912, "uuid": "b67a8fae-8bc5-4ec2-af16-d020b81d44d3", "comment": "Malware payload (AZORult)", "value": "8cfd52086a003a044c83a4c5467084b96fcfb25a042ad34f0f4176fcadcee6f9", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689591912, "uuid": "8e1a08c4-8e42-489f-addb-84b73fb2f0b3", "comment": "Malware payload (AZORult)", "value": "e41b1f61044a93ccc24296de55fc7af696f585f3", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689591912, "uuid": "8ecd5eec-709a-46b5-947f-4aed89274f26", "comment": "Malware payload (AZORult)", "value": "921ece787cb7c58a52f8fa59ef11f4a34fba939afce8100e3e7a13525d786885fb61134e5276daf06bb3cfa1f610b2aa", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689591912, "uuid": "fb349920-bf15-48fd-aab6-9c06495a4755", "value": "T165F3019629E1D4F7CB130A7142721A57FBEBD90A5212025F2F805FABBA322C3951F5D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689591912, "uuid": "9c4c7b9a-0655-4b95-980c-99aebc2a7b30", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689591912, "uuid": "fb2e3868-837e-459b-ad35-b10f781752f7", "value": "3072:+NzPHk9MpcQbInQY13uwwYJ0e3VlR/3GiDuSnzfIa+wPUlDXGKhGeiO:+hRFIn73VB/2mzfBI5iO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689591912, "uuid": "3be718c7-340e-40b7-b74b-a30ce7ebbaf7", "value": 167905, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689591912, "uuid": "3eb90fc9-d368-4a07-bb48-395ea8906aad", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689591912, "uuid": "c5a601df-2fe1-423c-b6cf-7e7816168797", "value": "BS707771.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6ab1a58-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689594961, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594961, "uuid": "28c7eb79-da58-40a5-b6c6-c67d4d62c390", "comment": "Malware payload (AgentTesla)", "value": "5bf18f8eb67f4af1190e1920189843e2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594961, "uuid": "8343ed4a-5908-41c6-8fa3-f94e98604403", "comment": "Malware payload (AgentTesla)", "value": "8dce15749402eeaeca7a56fb5630043dd04c65f340005c847ad0005d4efb7905", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594961, "uuid": "d1d5b645-52ee-469e-867f-7da2249b12d3", "comment": "Malware payload (AgentTesla)", "value": "5cbce2c512c8ef1bae1cf88b9608a49d56e941ba", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594961, "uuid": "3082f555-e6a6-4632-baef-d45569136e71", "comment": "Malware payload (AgentTesla)", "value": "4fadb639f5cb6de27782d10c7c6be765ff55c3cc681e39665bd1b4bff4eec85c95351a29c87026cab30952c690807af6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594961, "uuid": "02f4a9ad-bd0f-4e5a-bb69-0fe01b2c09ee", "value": "T1BEC4CF39503C87AFEB57CBB6E434145223F013661AF6D39C8CBA64AF3E79724A140676", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594961, "uuid": "ac007615-0e26-48ec-ba98-1b93f3218e69", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594961, "uuid": "0ca32355-f2af-47b7-8b85-ffe637c81af0", "value": "12288:EqFOQxpI0z6mFtyic4wHG3zMQeax8yWJ5ka0i2qTrQaSejL8Z:EqFOQxquiiDEt/I8N51GqTrQaSejL8Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594961, "uuid": "bac4f69e-0b91-4d7c-8f4f-4e549706d001", "value": 571904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594961, "uuid": "dd77bd6f-75cd-4504-a870-b2b444c7095c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594961, "uuid": "2dfc0397-4615-484d-be4d-38b5d1f46d2e", "value": "SOA -- 17 JULY 2023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7054838-243b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689554938, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689554938, "uuid": "9a47592c-9c27-4847-9c10-157e9703958f", "comment": "Malware payload", "value": "e1ee81ead98210fb1644591b4d1efa6f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689554938, "uuid": "40ee8aba-88b9-48ab-b7a2-2665341a9c51", "comment": "Malware payload", "value": "8fd9050296da3ac104206c8dd545bd630e4485f3e6a3ebb5c2aaa5a11ec0e3d3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689554938, "uuid": "398b3c55-5242-4c99-bd1d-bbbfe3090e4b", "comment": "Malware payload", "value": "c560718a03781c65200ac7ae4b93c125eaca22c1", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689554938, "uuid": "c7899beb-48fa-479d-b70c-02a1f06179d5", "comment": "Malware payload", "value": "3c5f1b6418e01f53bc8391709cd2c9f68af833ea3d8f4dd887a65432862f80a9aa4a31571059c73df5a112ba40495067", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689554938, "uuid": "2db499cd-3ee7-482f-8536-97f8b142c52b", "value": "T18394134CB2ECC91BCBBF99FEBCB0A3438BB6F55A7A42F3CA454C55A548153022546363", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689554938, "uuid": "8ab708b3-e723-4456-8378-1aa4c3553738", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689554938, "uuid": "b290a7c8-56dc-4168-902c-3d549ee94d31", "value": "12288:6PoR1GytQQu0bnCPhghKdueXr2Xt+p69LNA:6PoGyO22JqeXrSt+p69L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689554938, "uuid": "75371af3-4a66-4a68-97a7-2a76d66c5832", "value": 419328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689554938, "uuid": "73393433-a7c8-4d2b-80ad-217f4de4a4f5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689554938, "uuid": "c22101cc-daa8-4c78-96ca-902e5ac01ca1", "value": "8fd9050296da3ac104206c8dd545bd630e4485f3e6a3ebb5c2aaa5a11ec0e3d3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ba5a5fe-24a0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1689598271, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598271, "uuid": "9e6a2ca4-8d72-4f2b-bbb0-8129e1004fe6", "comment": "Malware payload (Tofsee)", "value": "ea52e99dab7858a56013dee583594271", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598271, "uuid": "795fc64a-a2d2-4200-b0cb-223df14ae4d4", "comment": "Malware payload (Tofsee)", "value": "900ff59c3ff33613e4623dc923c05d655a1c536ed37f896ed91e38f1b3ccfd37", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598271, "uuid": "81cb1bc1-fbf6-44eb-ba92-b601860212fb", "comment": "Malware payload (Tofsee)", "value": "3a0fd95344537f77f272b1757887043718245c7f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598271, "uuid": "641f00c6-9f9b-490f-8c20-581b8950e9a4", "comment": "Malware payload (Tofsee)", "value": "17c31f0cb82bebd623c3415a83cc0342385e16374983552e8320d5cbf66697655d4eb9f5d54be2e945206363659dab4a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598271, "uuid": "2193c5ae-b3b6-407a-980d-7bdc1d3d43b7", "value": "T16344BF2137F0C071D1A769300974D6A16A7FB871ABB941DB37681A3E0E717C19AB83A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598271, "uuid": "6980620d-7023-4503-a813-8babc903a292", "value": "c1faaafeea493fa6a83d7c193e85adf1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598271, "uuid": "826d2980-92d4-4b8f-9493-639e46c2a014", "value": "3072:mZrBIZxU3a1+FzWSBY5aLY8uh6RB3HO7ewomF/ibAZ38CoqaCUPe:GI91E3rFO7ewV/iRCotC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689598271, "uuid": "6abbac70-956a-45a8-9301-01cea17a8231", "value": 256512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689598271, "uuid": "f0f06a86-4247-49a0-804e-bd8e5dc1819e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598271, "uuid": "35ddce63-4c09-4928-a03a-54075b30b7cc", "value": "ea52e99dab7858a56013dee583594271", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68f63f86-2438-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1689553519, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689553519, "uuid": "07c1ab68-cda7-43ca-a63c-31d640e05a2e", "comment": "Malware payload (AZORult)", "value": "c4c680b324f6f14a26af936b4b3ca4bc", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689553519, "uuid": "4682667f-42e3-4570-acd7-157a1b671955", "comment": "Malware payload (AZORult)", "value": "93302a0addf5fabc6e62aad8f4f1a14f75075a3a73970ad65717233a3844ab8e", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689553519, "uuid": "f843c547-7630-46bd-904f-ba3505291430", "comment": "Malware payload (AZORult)", "value": "4d9babc491959e3f0b6e56cc7254d94b37f94a12", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689553519, "uuid": "6bba1f51-6c8e-4de9-9aa0-78c0fdf1d935", "comment": "Malware payload (AZORult)", "value": "2222cd9d99302d8fd8eaa493d13c66672676b58c177f12609fa7d6d7b0e4ea772c3d546a7e83a7a6091eb4208c22d6e4", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689553519, "uuid": "fc7fae70-d8f4-48a2-9ec6-481d8ef2d954", "value": "T158E3026651E1C5BBD3BA07701E728EA6BFF12A151021234F33A46F9AF926691C84F1D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689553519, "uuid": "9fb3e4a1-0ebb-4016-9609-f9e66772d8e9", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689553519, "uuid": "2f9519a3-6a74-4ef0-97db-eadb5bf1f93d", "value": "3072:+NzPHk9MpcQbetBJldw0LkQEqWTKmdQglz9NNmeI/OhRxAWCB:+hRFPYkQESA/vNmFWCB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689553519, "uuid": "14bd489c-0698-49bd-a33a-1ddc8594501a", "value": 154217, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689553519, "uuid": "74975265-e167-4d4d-a4ee-5111ecdcc479", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689553519, "uuid": "9f199b08-0bc6-406e-a76d-e891ede37027", "value": "MS95801.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2bbcd978-24c7-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689614834, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614834, "uuid": "80bef5eb-d1e1-4aa2-9c87-b912244a44de", "comment": "Malware payload", "value": "f0fc4476912113665913ef3c446ef64d", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614834, "uuid": "5b1c34cb-572d-4039-b0b6-1ac1ad17dca1", "comment": "Malware payload", "value": "9389a00c0f655dbddcb4fa420c4690b7d0ca672e19771a0f5f2e3479f31a7232", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614834, "uuid": "d872c567-3029-4f59-bc15-b298dba72903", "comment": "Malware payload", "value": "8ffcd0ff51cab35f805dfcf5007fc7b25b187aec", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614834, "uuid": "8609cbbc-18dd-4c03-88e9-d3d96a02493a", "comment": "Malware payload", "value": "3f16cf04351657a53bce03ce1d2f1f0c193608bdedfc482f02181ac03ef262681124ef827d62c304bd8c13c74c1229f2", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689614834, "uuid": "73a1e375-5f75-4b82-9a06-5e1a0e2ece1e", "value": "T101B533677610A743C5BF21B5468CDE9FB8603C8B833378A5F28DFDE83666A505909C27", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689614834, "uuid": "03585b80-a522-4622-b1d3-0d52cde4c039", "value": "49152:OWJvjGDr3V6x90Q50PXFNLdJpuwGp3ysUJpgKBSCN3C+AektIT45iC:FIvYxOvPXFNVZJXBbXAegIsB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689614834, "uuid": "aed37b33-2394-43f4-abbc-eba31add8870", "value": 2356319, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689614834, "uuid": "31e47294-7c69-4059-81bd-e9cbe621b027", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689614834, "uuid": "c15337fe-5fad-445d-aac4-26d535cc38a9", "value": "Doc_skmbt_2023_87878.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d9748db8-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1689594939, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594939, "uuid": "d1f80a44-ffb0-4da9-a2a5-0db35fc4d997", "comment": "Malware payload (AZORult)", "value": "5944d4e0e6482407407e8ffd8f308085", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594939, "uuid": "58542547-3f89-44c2-904b-5454a0014e0f", "comment": "Malware payload (AZORult)", "value": "947905fee8889987928b80e6389b8508eee9d54484f98ccd190a0e02c60e86e9", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594939, "uuid": "16b7ce85-f0b4-43db-bc88-879554b5f171", "comment": "Malware payload (AZORult)", "value": "16d476f0db11a5b8e28b025023b9238860ad1dee", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594939, "uuid": "c4026c19-b6c1-4489-bdff-888a85c76543", "comment": "Malware payload (AZORult)", "value": "2fbad5c516d2b2fcbd864a673de74b46afe9b107d64fcd2885e700758babc5341f81428518678af81355b3aaeac3ccef", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594939, "uuid": "a388d8bb-4ff5-4dcc-a8ca-7f5bcc44c617", "value": "T15BF3125E74FB9F1D434AC058A85B3845F6A6469D0ED7CA450388F83EA39062839FC27E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594939, "uuid": "2ede6600-203e-4500-845f-12d467b9631f", "value": "3072:CtDbrYjP3YHVd2tJpwWHXME/I391sByIiX8t40tW71Df2qgYyFnqQSuexL:cbrAGet/X5yqlW752XVkNx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594939, "uuid": "d3899e74-c0c7-43b8-9a7a-4008af04581e", "value": 164214, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594939, "uuid": "407a5d43-3db8-49c0-a72e-2d8f83e90cb3", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594939, "uuid": "2b033713-3db3-4b8b-8552-ce5992e90aea", "value": "FATURA.pdf_1.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "380fee55-2468-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689574053, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574053, "uuid": "a46988b8-fca9-41ed-87ee-341661992eeb", "comment": "Malware payload (GuLoader)", "value": "714d9c7f37a201c713f13be51e79b69f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574053, "uuid": "3afb9ed3-4110-486f-95d4-724625324658", "comment": "Malware payload (GuLoader)", "value": "992f3f674ce6a165ef8aa64d52920eafb0466d40ad2e1081b813f3e55ae1305e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574053, "uuid": "9fd02ba2-d0f4-4ba1-8cd0-cf2c08f2843f", "comment": "Malware payload (GuLoader)", "value": "c221c4bc55baa692d082718a50207239e8e92a7d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574053, "uuid": "d4e6db03-cd67-45a6-8683-6694aff00872", "comment": "Malware payload (GuLoader)", "value": "a8267275d9efeed8d343e28bf36cedad6c264e0cb2c7e310fd002604ca67d877f63f838c1cf70f6e489a2dab7a9b679f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574053, "uuid": "85acbbd8-e895-4710-a28c-577ae23af463", "value": "T19FF3027662A1D4FBC3E713704F399EABBBE9824A0051030B1B955FDA74AB192E50F242", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574053, "uuid": "5f6056d9-57ae-4a05-b44e-95ebab1b8323", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574053, "uuid": "14a2622c-9fb8-44cd-b9c7-2183af3cb24e", "value": "3072:+NzPHk9MpcQb1bTM9j/YNp4t3w5zJtb8YnZJ/nIe296C7nMLqI5Slb9DVcEmXd8:+hRF1PMmNWtA5zJtoIh296enMLQdVcEl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689574053, "uuid": "8b8770e9-5dc9-452f-8474-2a1e4231d71d", "value": 167883, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689574053, "uuid": "d059f75a-a66c-484a-8db9-4df6ddd7f7ad", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574053, "uuid": "c713b3d8-ed45-4ac1-b828-f1b8acf36057", "value": "E-dekont.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81f1b2e8-245a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689568164, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568164, "uuid": "79200078-81ef-4f57-8317-d963f3d72993", "comment": "Malware payload", "value": "7b1ea0843371303bab7511d1ca8f17c7", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568164, "uuid": "eec65230-b7b4-41ba-b39c-855e5449eaf1", "comment": "Malware payload", "value": "99c4eb328519c3f7ca8111d32a75856e48e9bb13c7b882610a81f85f69670c2a", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568164, "uuid": "de14fafa-2235-46f4-9317-73d49eebe84b", "comment": "Malware payload", "value": "681b2178a554f9c5790e62aa88d6f451abb3dde4", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568164, "uuid": "a2a5b975-9502-4298-aad2-42742dc5df88", "comment": "Malware payload", "value": "081cff5af04cdd78eab061072f2a310f520d6dd8f0f3575df2e4d55e342146a5e92e403cd3166b754eedb32107a47ebb", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568164, "uuid": "e8b50d1d-c6e5-435e-9cb2-a47061196cd9", "value": "T1641412A406149683BC5ECFFA391149A182BDC46D51F44AA3FFB06C8A40E047B5ADEF5E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568164, "uuid": "d158628e-9bd3-42bb-b0f3-5e1c035cee54", "value": "3072:kIWYTjg/+asiu+iR/CKUUf6pKFkBClBJqpLb/tTb6Yss83IiKmGVFpBxyaW0JtV:kqT0/+kARYAWClB2LPp833KmGVBxyaD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689568164, "uuid": "b0bf75af-848b-432d-be52-92cf50c7893e", "value": 206375, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689568164, "uuid": "276e398b-50d3-4756-969f-f2a21425a8a5", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568164, "uuid": "f4e6c3d5-07b0-4ab0-a5f1-036374c0e6dc", "value": "ZagreuS Builder.bin.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aed2dd9c-24c2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689612907, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689612907, "uuid": "48aec349-7903-468c-b5b1-805b478893d6", "comment": "Malware payload (Amadey)", "value": "62b76e26b616a21f40d7347155b5f2c8", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689612907, "uuid": "70050be5-d3f4-4210-aa15-cb09dc700b1a", "comment": "Malware payload (Amadey)", "value": "9c81f1841b55eca02b791b9c057bacd80ec69de29988ff03dcf56af431d35173", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689612907, "uuid": "fb8d474f-9203-47cd-8ac2-4c829bc2f2ef", "comment": "Malware payload (Amadey)", "value": "34ee8623e83f6dad8e9d382c61c266b7535c5dcb", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689612907, "uuid": "bb0070f3-625d-4762-a887-8249100a7eb1", "comment": "Malware payload (Amadey)", "value": "9ae6d90ec113eb1fb2415cd892af18875cdb12c021a5f56547c77d9059a94c82b60ef77750f3d96020138f23d29ba844", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689612907, "uuid": "1de76725-7285-4f9d-ae3f-82ea0c63c5a4", "value": "T14844BE2273E1C0B2D1A795305A70C7A21A7FB872177586CF33642A2E1EB07D06F7539A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689612907, "uuid": "d11b8195-780b-467a-b15a-403499192933", "value": "189fcb3cc81a9771ead68c0464a642d8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689612907, "uuid": "f66b643b-a8ae-4c00-a9cc-7fcd21189f13", "value": "3072:YmxJteO1SO5E5trTBeCrehWJWkyHZlcjEVF9E8TudGEyku:HJ3cAELrThe0K9VnPTbq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689612907, "uuid": "200ee30c-a0c7-4e91-b00b-bb6c8497653e", "value": 256000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689612907, "uuid": "a6fac268-16b9-47a6-8f0e-4750ba9847f0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689612907, "uuid": "3cf56f85-2347-482d-a7a3-b02ad3affba2", "value": "62b76e26b616a21f40d7347155b5f2c8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b865fdc-24f1-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689632873, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632873, "uuid": "fca729c1-8d5c-4e92-97ee-f53f367479eb", "comment": "Malware payload", "value": "c62142b1a536dc7ba602cfd899197042", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632873, "uuid": "fc54c66c-9f81-4d32-b60a-b8a4f04a3f57", "comment": "Malware payload", "value": "9cb8edd706d1d26ded1de7cbae5aedae9bd0c331487e97b7fc9f65fff8024f68", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632873, "uuid": "d6cf56e5-44f8-4d9d-8b24-e890c7145156", "comment": "Malware payload", "value": "97dbd7b1ff4afb97591568a0afcbe3b54c97884e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632873, "uuid": "89213d22-3297-486b-947e-ea8d5e457c3c", "comment": "Malware payload", "value": "8e49cb1518353cbad3c4bd775106056500ec35f1243a6490fb0e0fcb2b537fb91b317f30ef091b1307fe501b6ad99e56", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632873, "uuid": "476d99d8-0a14-4234-a05e-de2429a90d87", "value": "T1A6527DBA819A4142FEB74BFE16FF251F82253261137819D39386550D5FD0BB3E831AC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632873, "uuid": "43ebbff4-11ba-4990-b7ab-4c8733c16171", "value": "8576330f9aeb41bf60082dc9f971f9a0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632873, "uuid": "d82a52a2-5313-4b13-aff9-4a85260d090e", "value": "384:F+K7n3TtJLQb5z8T5abu6QaxCOuOGeMeN:1TtVQ98lhTOuOGeHN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689632873, "uuid": "b11c6df0-649f-4709-8bef-f9e2f434f358", "value": 14336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689632873, "uuid": "b7c22e9e-01a7-4b1c-be27-cde8df6713f6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632873, "uuid": "86ddc526-143f-43f1-be6b-70027ad4cb42", "value": "SecuriteInfo.com.Variant.Zusy.477464.22933.3880", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "112d60b5-24c7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689614790, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614790, "uuid": "3aacc7dd-4225-42b5-91a9-1c35bcfa789e", "comment": "Malware payload (AgentTesla)", "value": "19a0805074265b51db6a28d6ecd57346", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614790, "uuid": "b42799a4-5e0b-481b-9d10-48c64af7ddd8", "comment": "Malware payload (AgentTesla)", "value": "9fff204a4983837694b2de4ee936abda53aa87c6eada4c329d367c5d1ba59b7f", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614790, "uuid": "8e271fcc-47e8-4fc4-850a-24c036957d4e", "comment": "Malware payload (AgentTesla)", "value": "208f87138d560adf81cf63cae831e3800b67e325", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614790, "uuid": "8635f1d0-c0a3-4f91-b2e8-b093be629483", "comment": "Malware payload (AgentTesla)", "value": "a5247b3ab48a2d932b3e52ee766a294fa3be0584b81009ffe8386dc2d461773a6f666353942976075024816403a5cb05", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689614790, "uuid": "7a48a1f7-5f2e-4092-bdf3-2283e8e804b4", "value": "T1A1616C7B40035BD0252A0FBFDB1BE2481D5C1A4B6811CAB2BB7B49EE3F64AC431D4039", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689614790, "uuid": "ed3a73c9-157a-4a08-a2b3-a3bae89899a5", "value": "96:ZSmMSa5EThjTvw237MaAuQURW+NzoqY8BOPU2MLtj:XceFjb17MaA9URPoqYSiMBj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689614790, "uuid": "ce74d1ec-8fbe-4502-a981-42819498818c", "value": 3191, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689614790, "uuid": "169dd6c2-fa23-4106-9af8-4c4b8ecf27bf", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689614790, "uuid": "943e322e-695f-4d44-b722-01bee8bff939", "value": "OneDrive-Document-Order-52257.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8f9d272-24ba-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689609461, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609461, "uuid": "7bf5c3bc-939c-4bb2-ad22-4e3f5ee469f4", "comment": "Malware payload (Formbook)", "value": "ef8e7da383b8604b3341909a02d937f9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609461, "uuid": "d8a19261-283c-454b-8e59-16e142d7801a", "comment": "Malware payload (Formbook)", "value": "a164652a4336afd460b41b4b744547c5f7999e35ae5b8ccf1abbc6bb2d2c5a32", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609461, "uuid": "1a1fe7fd-8ebf-41d1-a072-d14810d656b8", "comment": "Malware payload (Formbook)", "value": "645b8308c99bbfa5da61478ed17f6b143ea8d94a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609461, "uuid": "3cb1ffac-91ee-4993-9504-803f103bb0d1", "comment": "Malware payload (Formbook)", "value": "9f8729f2cfff2684d065914eccbe88078c484571317bacbe57a0e29fada1306eb790140ea04b9f6a04d1630e6173d216", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609461, "uuid": "e2404b16-47c0-46dc-a359-6fb2d4e7bf14", "value": "T103441246B9E4D05BDCA242B2AF7F1B6A97A5A91725240B0333019FD97976393880F733", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609461, "uuid": "42a96833-f18f-44ee-bd2c-27209efe7e34", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609461, "uuid": "64b2d360-57cd-4698-bb91-7a7dbbf15450", "value": "6144:/Ya6kT8WJCaOSkjhW2vPk2Lz+w4oGDVP8RMX8pnmJTyT:/YiT8LvSkjh9LLoumXUmJa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689609461, "uuid": "b0d232ec-0192-473f-bf3f-7b30465fd725", "value": 260267, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689609461, "uuid": "56555bf8-a6c6-44a2-bd08-08b89405da0d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609461, "uuid": "b3801282-89bb-4d90-91a5-ed7f8dbea3d8", "value": "Proforma Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "37671ddf-2483-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689585648, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585648, "uuid": "8f9a8f15-a9c9-4601-a9d3-81b4de0e06ef", "comment": "Malware payload (AgentTesla)", "value": "cc13d5cbd0ccfac69ac540279904ffe4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585648, "uuid": "42e9242e-7446-4972-ada9-d828edfaa04f", "comment": "Malware payload (AgentTesla)", "value": "a2693d124cf3f74ed8b8a9baa33c58df489ea77d7af5001b87a39d06e0108eb1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585648, "uuid": "bfd28945-9bc1-4db8-9b40-99984b80cbaf", "comment": "Malware payload (AgentTesla)", "value": "a076db67601bf35c9b6155789e288bc74a48ad74", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585648, "uuid": "9c40e89c-7653-4393-9b06-daae0f5e69bb", "comment": "Malware payload (AgentTesla)", "value": "47887c56a98f4b66e18341e12198f6ef2561196583645b1875ef14844361a9c2a01c2952dc85d75fba46d7840e24e04a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585648, "uuid": "bfb9712c-4f64-4e12-8355-11e1eada3dca", "value": "T1A0D43B0B39D02A57E42E427E007C6A6CEBEDE61D427FD928342DC293B2F664C195D74B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585648, "uuid": "83357f16-2252-4455-911a-b053164d0afb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585648, "uuid": "861d9a98-5955-4517-9a4b-349e95d1100b", "value": "6144:cbdYEGjslqRISR++NEtfzzP6DMMLnbKxS+VBxGnTSQHcYGLzwEZbXrDbaMfpEgCq:cPGQIut7DTWmemQ8YGL0CGKEgCUcwuF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689585648, "uuid": "2839c410-c137-44c9-bed7-caafbdfbc373", "value": 635904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689585648, "uuid": "4b5b15b3-e3fe-4448-9d59-87040d179218", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585648, "uuid": "6b525a9a-bd6b-4526-8abd-b2bfaa211d5d", "value": "Invoice AR20230714N.7z.001.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "abfb1310-247b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689582407, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689582407, "uuid": "0a999846-4372-4f85-aac9-4cfdd6027546", "comment": "Malware payload (AgentTesla)", "value": "60cb49225b3b8c0869de33813e5d2aca", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689582407, "uuid": "9c0de7c6-b62d-417a-8407-f49126365793", "comment": "Malware payload (AgentTesla)", "value": "a2a3ba795cdc0e3bc207cbe9984811d332a484e5d982900e53d60c84f29c271f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689582407, "uuid": "d3be083d-fe35-4677-908d-2024b87fb398", "comment": "Malware payload (AgentTesla)", "value": "317172369568cfce604ff0cf438dc12abf40070f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689582407, "uuid": "5981da53-925c-4bc4-b859-8b09be6e67b2", "comment": "Malware payload (AgentTesla)", "value": "1d662636bdf19e811a46f3fa67ebc1bee11ba295c4162b42b4d49aeafa9141e9cdc9c2c6db44c41b4dd69d3bf29fd51c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689582407, "uuid": "968131b0-7a0e-465c-a417-7fed3ba1b367", "value": "T18DD43B0B39D02A57E42E427E007C6A6CEBEDE61D427FD928342DC293B2F664C195D74B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689582407, "uuid": "ef37facd-9f17-4721-b3cf-27fa9c7a7bd9", "value": "6144:sbdYEGjslqRISR++NEtfzzP6DMMLnbKxS+VBxGnTSQHcYGLzwEZbXrDbaMfpEgCq:sPGQIut7DTWmemQ8YGL0CGKEgCUcwuF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689582407, "uuid": "7d2f8dbd-78c4-4b33-b9d7-bdc8f3580b95", "value": 637440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689582407, "uuid": "9256025a-44b2-45e3-a83c-a4e0f4a7a35f", "value": "application/x-tar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689582407, "uuid": "34a01c2e-9b96-4fe0-b4df-5c5aa83c8ef9", "value": "Img20230526_09173020.tar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29592fe6-24bb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689609676, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609676, "uuid": "bc93601e-798b-4d1e-b5fa-798e3a069ba2", "comment": "Malware payload (DarkCloud)", "value": "bc43848fb7dadbbcf35d6c71245e349d", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609676, "uuid": "922221d5-28dd-471b-a82a-bd198986cde3", "comment": "Malware payload (DarkCloud)", "value": "a345d0b822b2ef2baffe88fc7084aa72e4bc90444337cd5bf7b828a94dbe805e", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609676, "uuid": "bb84b911-2353-411d-a215-e05d8bb36f0f", "comment": "Malware payload (DarkCloud)", "value": "1a7b482f8a43456515188bfa5da676285bd40f83", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609676, "uuid": "7f499ea9-b7bc-4ac4-9118-8f3960cfee59", "comment": "Malware payload (DarkCloud)", "value": "a4a3fb14370d23ceee3bdd32ed5d099f79a3938c31b7576ab354a9450c4aa3765f7452bebac0f080c0f40e193b0cf0d3", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609676, "uuid": "b1b7164a-3773-41f6-8ef0-131f5eccc99a", "value": "T11F9423B516A2E1D3CBE24E3F6F2D08F75EA9950A145C431B1B106B98BE13CD2D68F321", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609676, "uuid": "b04468bb-f1ff-48db-87d1-5a7e081a05b5", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609676, "uuid": "e86672d0-d5ee-4006-b6f7-cc101d61d261", "value": "6144:/Ya6kCDm2IdQW1OFA0nn36ISxdv2L8uwgKrvBkdsbSjQ5q8HUM+ciX:/Y6CKVd9Ui6n36TgKrvBcCSj0HgciX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689609676, "uuid": "353b36d1-d650-4b19-9bff-9af39665c217", "value": 445237, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689609676, "uuid": "96536ccb-4754-4b68-957f-95e17c01e965", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609676, "uuid": "8f5524df-ddb0-4563-b340-efac527a465f", "value": "REMITTANCE ADVICE - TT231407ZA9893989.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "794e096d-24a0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689598214, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598214, "uuid": "226b63f7-b27d-42b6-bd0a-aa505e9f3edb", "comment": "Malware payload (Mirai)", "value": "84c4a6311cf0bd4d3c72748d7bea21d6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598214, "uuid": "55ffaa07-a20f-4ca1-927c-76423e21125d", "comment": "Malware payload (Mirai)", "value": "a38eb2726f102d08d16cdfc23557944af42232e835b83d3e67c8da53abf099bd", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598214, "uuid": "2afbb654-1537-442b-b76d-12aed2fc0616", "comment": "Malware payload (Mirai)", "value": "82cf3ceaed25eedaf99a516941926b7a70e92fc2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598214, "uuid": "6c23d9c7-82ab-453e-9caa-5ec57924a7c5", "comment": "Malware payload (Mirai)", "value": "1868dc3de199892b8e3398d53a4a2c943b8fce698fadbc721deeb3d472a8b1727353f9ab5eba3ec260fa16ae844e37ce", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598214, "uuid": "35abce47-b3be-45e5-87dc-1c3a40a4f018", "value": "T170E2F1E1E18A78E5EEF728B924D8B3E223F0CAD61372DEF157641B417550AB38055AC1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598214, "uuid": "33fdb374-da4c-44e2-a4f3-1a4efbf166fe", "value": "768:ffLk45MXf3r1L92VRem/pggliXfNN4uVcqgw0RTWX6:4KafDdmhggMXD4u+qgw01WX6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689598214, "uuid": "6d9846ca-fef8-428c-96ce-cb3b18141784", "value": 32344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689598214, "uuid": "c19424b6-d0bd-4315-b8f7-05beacdadc31", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598214, "uuid": "8b6748f7-85f3-407b-b068-ddb6ab463166", "value": "84c4a6311cf0bd4d3c72748d7bea21d6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b996e818-246c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (StrelaStealer)", "timestamp": 1689575988, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575988, "uuid": "dd97f3b3-edf4-4e22-8685-5557f49987e3", "comment": "Malware payload (StrelaStealer)", "value": "749fabb97a7e64468893a0bd90663c5c", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575988, "uuid": "b947ad6c-e9b2-4d39-8343-4379ad4a4924", "comment": "Malware payload (StrelaStealer)", "value": "a72d53f4394041a283a844a8129e4bc8ebae847dc7cd90aadb93c6a5f5eae483", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575988, "uuid": "d186af22-f3d7-43cc-87bd-e1f48f39c614", "comment": "Malware payload (StrelaStealer)", "value": "a16b6b8db3bb77926d881b144144f6f5aa630471", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575988, "uuid": "e99dbd19-9f79-48e2-a33b-4df99172a945", "comment": "Malware payload (StrelaStealer)", "value": "fe6d3abceec8fa3082785a6e944c385d52589a702216a8649e7e5b4d4edbb6be696f135091aa4883d57c54831cddbc89", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575988, "uuid": "86a365d4-5c80-4011-a49e-abeb384f789d", "value": "T1474402EFD9162F88D230C47E1FCA987535AA01BF5A95AF0374773493AEC0E89742851B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575988, "uuid": "f9ed8b7d-3301-41dd-96a2-230b809119ff", "value": "6144:tTB6ZnnRVr+dLsNwUfaPIfv161xbP6YoJdrBdFJtd:t16tnRcxWwUtSbP6YoPVXd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689575988, "uuid": "28323805-45e0-4729-b2d8-fb24d72228fa", "value": 276504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689575988, "uuid": "32becb8c-b29e-49eb-b332-8632e5d374fb", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575988, "uuid": "31e4d920-5d88-4e45-8586-da25e33845d0", "value": "245801581727854.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bfae7c08-2476-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689580293, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580293, "uuid": "0bd26eb4-308a-4b99-894c-1fa6d0b7058c", "comment": "Malware payload (AgentTesla)", "value": "d5444dd6a8728449cdca0b9b3612a6bb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580293, "uuid": "ad4cf13c-d4fb-4866-aacf-65e0ab0eda05", "comment": "Malware payload (AgentTesla)", "value": "a89f1165073e55b1274abebab539f0bb7820bdd02cbdfa761f487a4220848807", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580293, "uuid": "bd2f2254-609f-4aad-992b-7be1a2368f24", "comment": "Malware payload (AgentTesla)", "value": "fe0764355338bd82ed11d500a9c5f84b3e19e781", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580293, "uuid": "50ca4fde-d8b7-484a-b652-c0fd5d23a633", "comment": "Malware payload (AgentTesla)", "value": "388676727e9bf3bc51c92c3252569b0372c47ae53d44e360cacb36b837a4afca4ca5d59c1b5d1caab58f331618ea077e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580293, "uuid": "042e4fe5-51fc-4219-829c-228b26a9d31e", "value": "T1F1A423D02F92C54AD0C8E767AB81CF74627EA149147BE2509C19393FE012BD8197BBB7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580293, "uuid": "4cc335ea-c9c9-46ae-b86c-f9f071cc609e", "value": "12288:mmks8bZ9RhvKX5aFTQCYXuh+09IuMgAM88lUgw80F/enYQIt:mmMF93vKX5aFkCIm+09IuTAt8l+80SSt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689580293, "uuid": "4cd2dd6f-e5eb-43a4-92cb-286c4e97cb17", "value": 487957, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689580293, "uuid": "a741196e-390b-44de-8c7c-5546ca30d6d0", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580293, "uuid": "afbbdaff-0212-4a5a-902c-6f6940fb1e65", "value": "Transfer copy.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d632281-2436-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689552694, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552694, "uuid": "b8e1068f-5b9c-41bb-a644-925230bab840", "comment": "Malware payload (Mirai)", "value": "952ac52fd86ef9ec3621d39e6ca1c48b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552694, "uuid": "b860aa82-9bd2-4d72-850d-5375d89e2fef", "comment": "Malware payload (Mirai)", "value": "a8fa686141a7fb93b9c9c1391c9cfa1028e8a4fc9539fadc78b66699725038c6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552694, "uuid": "817a705b-72a0-4890-aafa-b25e34669893", "comment": "Malware payload (Mirai)", "value": "2b381f3d3539f8afb3e4367ec48808cea5ff47ec", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552694, "uuid": "4e49fd0b-52cd-4e99-8395-6d2b77a9caa0", "comment": "Malware payload (Mirai)", "value": "5a22977005c50f0ba2df4da55bc1cd464e3927c618c86b7cc514a7845e6e0d04db4d3632081cb5485949863b12a1600f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552694, "uuid": "5b10e05a-7844-4508-abe5-5eac443e63cf", "value": "T172F2F13593BEA696E3BF9331A3DF3C1B1050E5688CB8C3A61EC4E4799562D60B508887", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552694, "uuid": "0985916b-7600-4e5e-99d5-5fdf9dac8c7d", "value": "768:wdrVslYPA7GV3TyGS+EY75NYTZLVJUm0IinbcuyD7UoQRj3:wdrVslYPaa+GS+xtNYTZh6m01nouy8o4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689552694, "uuid": "81f4d8be-6de1-4159-a463-f0dca7b35de4", "value": 36160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689552694, "uuid": "bb37ee7c-b352-4c38-ba40-8b289b2f342d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552694, "uuid": "38022a0c-257c-4928-9e56-5433db16f637", "value": "952ac52fd86ef9ec3621d39e6ca1c48b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ad07d4d-245a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689568071, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568071, "uuid": "7d938d6b-f4f9-4e57-b010-25f04773ce36", "comment": "Malware payload", "value": "7a7a7562125ef427fe751c0d3550fb53", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568071, "uuid": "013f10a7-fd4d-4870-b408-db1ce99f159f", "comment": "Malware payload", "value": "a8fd761db25faaee2124256f16e9d5c7fd7ed67936111523dffd5b1af07b00dc", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568071, "uuid": "effcb91f-381d-4041-a139-ea904ac634ad", "comment": "Malware payload", "value": "d04d38cb35da3ce122de80ca418b9ab6bf141356", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568071, "uuid": "5f71579f-5d18-45fa-b3a5-c61ac7ccebc8", "comment": "Malware payload", "value": "5b595f26168379298913ae93f79eb11aa7e546f4c08c2b9dc35347c36000a4f212c550ccc065eb6512ec2cedb7af3a47", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568071, "uuid": "f913caaf-ea3d-471f-a68c-f725329558f4", "value": "T11F527CAEE28A57D5D9B71A7E1A9F201D46185372835805F317864D0A4EC0BF7FA32EC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568071, "uuid": "e3ca8bdf-c6d6-49c0-88ed-2ab2c0c68366", "value": "7fd46a7f56c0e23d5f7b090d08198d6d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568071, "uuid": "a9602ac2-2147-4bdd-a92c-979ec0be6bbe", "value": "384:IK7vPN8/TtJLQb5z8T5abu6Ha3TCOHts17BbME:xcTtVQ98li0OOHeX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689568071, "uuid": "88d9a7cd-7c43-4dd5-9a2f-9a95c1552822", "value": 13824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689568071, "uuid": "32013ce5-ddf4-48e3-88ea-298218435952", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568071, "uuid": "0c256f2c-dc4a-422e-b529-7228b97282f8", "value": "SecuriteInfo.com.Win32.InjectorX-gen.7999.843", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36fac5a3-2466-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689573192, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573192, "uuid": "9e32b4a7-aec5-402e-8437-b6c5518cc661", "comment": "Malware payload (RemcosRAT)", "value": "96f5fd156f0ebdb65baf34ddb24d6c18", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573192, "uuid": "5419bb88-b01e-45b4-b166-849d4f1b0f2c", "comment": "Malware payload (RemcosRAT)", "value": "a9e97eccd4c69c03313c425a6713103bbe256c4d888b02f6d4b2a46d090504b7", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573192, "uuid": "843e38db-38ea-475e-90ee-a2dc3928c698", "comment": "Malware payload (RemcosRAT)", "value": "d6b2905f8b4417a288850d818e7606ec0429b0ee", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573192, "uuid": "dd14e96c-8212-4e5a-8273-2531082c6ff3", "comment": "Malware payload (RemcosRAT)", "value": "3e66d564aad03b1b17e2c274fc8e60cf05aead8bd5c452ba150e559861d8981ecd3c38940ab2139bc19af4a788380313", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573192, "uuid": "47f1c5cb-1982-4cc6-b1c1-c1c349edd625", "value": "T11513F65AE78F12A48F550372571B1E899ABDB23DB35094B2346C933033EDC3D46666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573192, "uuid": "361772ce-3cba-46b6-90fe-57366086a8a6", "value": "768:vFx0XaIsnPRIa4fwJMmeTx7cXuzhqZv0yzOno9y2:vf0Xvx3EMlou8ZvwGy2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573192, "uuid": "e8bbfc17-205b-4105-a971-a9c1038e39cf", "value": 41469, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573192, "uuid": "1dcd2a6c-4e06-4d94-a4a6-1a4d5c9cf71d", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573192, "uuid": "3ad2daf9-5639-4fb9-9949-85b9685da635", "value": "Company Profile.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "efaea48f-24b6-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689607861, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607861, "uuid": "f87f76b4-bb70-4eb8-bd2c-04286d742d7c", "comment": "Malware payload", "value": "5bcd4cf46723970eda2d960fe80ae23a", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607861, "uuid": "94d175f2-eba6-4f57-bf9b-b874a8211be8", "comment": "Malware payload", "value": "aa3462b05c8fe0d8521bc192715449e61780d523f097b5306e1d007daf93872c", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607861, "uuid": "bf486554-9d41-4fd2-8693-513c533225a5", "comment": "Malware payload", "value": "c75bd1e6775d4adb199d1ec73d959ec9bd472e21", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607861, "uuid": "4c77162c-817f-438c-aaca-afa72d53b95c", "comment": "Malware payload", "value": "1b010a7949c44bfaf1a3b431a122825f2364c8fc73765cbe9ff740c4d3d4af0f0eea6df99c7b817cc4b8e4b018b4bb82", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607861, "uuid": "ede28121-41bd-4477-8f16-018155772400", "value": "T1EAD6D0BED8D738EB5518D7C0507238644871733589AFCDA966F5E8A8008EAB72D931F3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607861, "uuid": "181d9e73-9b00-4745-b8c9-24301978e7a8", "value": "49152:XckOdJwhSbg27pqLcj5Zu3mU8TsI/YmCmUyFN/2qvpmFKmz9UOTa5crSLRgDFjm7:m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689607861, "uuid": "a473c369-63e7-4a6a-a750-c807602f8b4b", "value": 13456684, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689607861, "uuid": "88eebdd6-1c45-453d-8db6-a213682cc211", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607861, "uuid": "428b0e75-50d6-4bf6-b319-4b7faa3ac351", "value": "Anthraxa.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e01d98fb-2443-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689558443, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689558443, "uuid": "ad3ef7dc-93e7-4955-a5ff-d1a0166ce3ec", "comment": "Malware payload (Mirai)", "value": "1eea5cb57fd9bab63a2b246f241f9dd2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689558443, "uuid": "d6e5b0ed-4c61-4631-bd19-6d17cb741d89", "comment": "Malware payload (Mirai)", "value": "aad77f6c7c9afee07e3b102f4729ea08c0c477828617f4c33cec83fcfb697d14", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689558443, "uuid": "0157c41b-55f0-4514-823f-2782a63f5d12", "comment": "Malware payload (Mirai)", "value": "8f515c0ce6cd9da8e66f4d432dc47030714bef62", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689558443, "uuid": "c4215f1a-0872-48b3-a238-0e2453a148df", "comment": "Malware payload (Mirai)", "value": "55bf1d57970256ea42503d6b83362e3e32204b4250ee3706f1adbaeb2541e5203c09740902eb173e9bfd1dc8cccfbbca", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689558443, "uuid": "f2ee0449-1b2a-4e92-aee1-6c8fa77cd1be", "value": "T1CEB37C325DB62E66C1C5617B12B70335F0EA578E35B8CA2E7DB10D0CEF586603227A79", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689558443, "uuid": "98b81bb2-ae61-4ca4-936c-76a64ddee121", "value": "1536:ivjIID1qEW516+R3KUEAODKbLhP02az0bQ4X0igcL/ZA:ajIID1GR3gAfbRQ4Py", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689558443, "uuid": "6f13b055-897d-4ab3-ab1d-9da027550a2d", "value": 109712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689558443, "uuid": "4ec0aa73-b85c-4104-a2df-c47ffbd81a29", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689558443, "uuid": "db0aa1a3-1a5b-4b8f-9a72-8a48fb363be9", "value": "1eea5cb57fd9bab63a2b246f241f9dd2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "486e3446-24a2-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689598991, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598991, "uuid": "03207ac5-edc2-4438-95c6-f3e48ab30275", "comment": "Malware payload", "value": "8d0de5854156eea2f7bc481da2c7a801", "object_relation": "md5", "Tag": [ { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598991, "uuid": "29eee3fb-c0e7-489b-a1f9-e3749ea49fe2", "comment": "Malware payload", "value": "aad945bf41ee807787d75871578f6c08d5fd6138210f6bb6737830091280c70e", "object_relation": "sha256", "Tag": [ { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598991, "uuid": "90f91428-b570-4ebe-8738-88296774b897", "comment": "Malware payload", "value": "77a535ebcd41434037be5236c9d5d0cb25aadd90", "object_relation": "sha1", "Tag": [ { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598991, "uuid": "213f6950-8a2d-41e3-9c65-85a8fea1cd67", "comment": "Malware payload", "value": "c5312c6ebd600077c5f69f84cb23dab103edc17d31420f05aedd8114438710b9a02f884c0a760d23ec94eef6d437e0f8", "object_relation": "sha3-384", "Tag": [ { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598991, "uuid": "bbe48995-eeb6-4a2a-a0bf-3cc97daca261", "value": "T1FCE2F1005C2979ECCCA1AEC66DE5F12730C6491F817E27972E1DEC1038E7C26E8A0F99", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598991, "uuid": "d583f408-88b0-4ea4-84cb-7e911b772dc2", "value": "768:RUSHab2zuW5bOwnrO5th4yeOy/kaH3WpIMiexFRH0/ce5ILf:uSy2/5Swyv4yukBpeEh0O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689598991, "uuid": "8fdf571d-20f3-4e9c-bbd8-db9dfbe6a993", "value": 33770, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689598991, "uuid": "85b8f227-a5ec-4ee3-a5e7-0cb3f66b0e9c", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598991, "uuid": "43d29c52-6f68-4d7c-90c3-0678b28c1d86", "value": "PROPOSTA ORDINE.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9670a4ff-2476-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689580224, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580224, "uuid": "41f3ed8d-ae12-4a0c-9121-825f8abd237e", "comment": "Malware payload (AgentTesla)", "value": "2d1734382db4af4677c7c3a35635e750", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580224, "uuid": "6cf0b6dd-3d76-4338-a098-4665e95565ff", "comment": "Malware payload (AgentTesla)", "value": "ac1105960cf8c5fa7855e5568751ed483e429d72ad8a272bc5ef8f1e38631b1c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580224, "uuid": "de62095d-bf0a-4415-a162-e588969ae766", "comment": "Malware payload (AgentTesla)", "value": "e219ccc86159adb4d10e423d9caa07bb0a6b26b4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580224, "uuid": "e6127615-ebc4-4916-b3de-74e26d41a497", "comment": "Malware payload (AgentTesla)", "value": "fd76667a165f1ff78798a07dd1284e35e90ba487355cb3ea31359b2624e442375807c4989d746f0f93cf33a1c3c97a6d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580224, "uuid": "d35e3fda-b002-41b1-9a2f-27dc038c143b", "value": "T1E1A423600235E4877B998757CE44323CC2BA81911A3F166E7EBF4AECA90C71A1CDD6F5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580224, "uuid": "e80d78a4-9d59-42d9-bbec-376840356547", "value": "12288:7NLng3EUG37IRjR/gJv6dkGsKKBRXEImuWB8BDo401nix:WO3kZR/yvpXBhEEWBZY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689580224, "uuid": "a15582e1-87ab-487c-9294-6a4e6433ddad", "value": 453453, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689580224, "uuid": "2090211c-768f-43e9-898d-d98213bc7b43", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580224, "uuid": "e7daa96d-4d55-43fc-9f12-4321047cadad", "value": "SOA FREIGHT SLIP.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b57056c4-24f6-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689635251, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635251, "uuid": "7fae3cfe-33d4-4d0e-b113-072e090708e1", "comment": "Malware payload", "value": "91ace0ccb2caccf44f8c6f2b9a8336e5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635251, "uuid": "3ef65c37-1532-4f19-a925-1cece9d90b03", "comment": "Malware payload", "value": "ac42e231cfec280db00b6a26375a1ea5a89a6e1569fc1206415ba018676578f6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635251, "uuid": "d78765fe-e8e9-423b-8f20-c27ee3651e72", "comment": "Malware payload", "value": "4db98d5e347fcc8391e560dbc4eff2992bf174cc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635251, "uuid": "e89b6628-460f-475e-a950-21cd2d936aaf", "comment": "Malware payload", "value": "13d9e7744afe1d08e6f8749e5ea1f358d7fe060f7d396c6c21bb61ca97f412124c87336ce2e149f6d693d2f192cd5e93", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635251, "uuid": "890f2e81-12ab-4f30-8256-b638d8412905", "value": "T1EE840112B7EC8073D9B5277059FB03C31B327CA1ADB8837B26965C5E1972A80A535737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635251, "uuid": "85399714-2b19-417b-82cb-58bf0fa16657", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635251, "uuid": "d730f7e9-da4d-4fb7-80b5-c42e713875dd", "value": "6144:Kpy+bnr+Kp0yN90QEXXibF8ftu6/uDmrbdbNtcejyFlsRwD355SvxiGBr:XMrqy90ZyhyFHZbLcejyFl7p5LI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689635251, "uuid": "ea8515ea-9664-4170-9a1a-10ad526b739f", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689635251, "uuid": "29695d54-bc26-473c-b3c6-3830817fac69", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635251, "uuid": "142a5c7f-e68e-458c-b67e-560cd5cfc1a4", "value": "91ace0ccb2caccf44f8c6f2b9a8336e5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a93f54ad-24f6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689635231, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635231, "uuid": "2b0f3bc4-a31c-411a-93cb-6329cdd97961", "comment": "Malware payload (Mirai)", "value": "6bbcb1c3f0f60e7b11e7bc61739a4fe5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635231, "uuid": "63eca8c9-d79e-4cde-8c11-f54c4b3fb2bc", "comment": "Malware payload (Mirai)", "value": "ac5f37cecaad2a4dc5ea37fbf081735d0cccd7ec71b4f91fc8be05fe4d16d508", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635231, "uuid": "f239d2e2-e669-4963-8827-114cba474c80", "comment": "Malware payload (Mirai)", "value": "9861e75733aa48cb35956b49fe2b639e39da0806", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635231, "uuid": "0a0d3237-4e90-40ec-985c-d77e8ec627c4", "comment": "Malware payload (Mirai)", "value": "5a86ebb1349f3d64fd7578ca4319c3e46d4be3c05536b5d8af7956b4025a12f0acc8097f8800d3e5767893fd347b89ec", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635231, "uuid": "8611c1fe-cd44-4f70-874e-584d12cd50b8", "value": "T1BFB2E1B1A1863E72DB70313AB97CCA00576B57F8A4E772712124B6AC4BD2D4764B810F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635231, "uuid": "e78c2e48-54b4-436e-92f6-b64bdd67bbc0", "value": "384:5ZUX11S49enZh57fYONQ/yQVQbFxD+ckPvDxqSwPzMvd1FQhymdGUop5hKx:UX1De9kONQG5xD+jHMDzunQs3UozYx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689635231, "uuid": "dcc46d73-a239-4945-a5c9-a9d51bf5421e", "value": 23732, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689635231, "uuid": "854cb71c-e1a9-4c1a-82a9-fe04314b97ef", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635231, "uuid": "a43d6b95-e5c7-4e51-b50d-eca9450ee2bf", "value": "6bbcb1c3f0f60e7b11e7bc61739a4fe5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d5fc33f-24f1-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689632876, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632876, "uuid": "94f484cc-c4cf-4068-91cd-47acada017c2", "comment": "Malware payload", "value": "00367d2aabad97af449691858d9748a3", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632876, "uuid": "bdb9c20e-3a56-4fac-8c7e-16d1326ae3da", "comment": "Malware payload", "value": "ac9587051fccdc4a6f7d582d543e7a6b1c8be2a1e3a228694edb02deb5b1175a", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632876, "uuid": "3447c7c7-bff6-4da0-bd1a-c817d9bb247c", "comment": "Malware payload", "value": "9b445ecc452d8c86c7973ffd5f8a9d2cb2854894", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632876, "uuid": "3867821b-ce5f-42ba-bdae-3e43b015e7c8", "comment": "Malware payload", "value": "c62afc0a5f7ad8a1b075a5834f46ba66016d69151a81dd7f6317273a3c90899c080ded1a7050dcb6eeb37cbdc9eccc66", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632876, "uuid": "17929f1c-5c0b-4ade-97ca-626aab6a3d35", "value": "T107957C4A855C6A10D4EDF23CFE381F76E57E44A8566CCD03C62BE9C1F65EBA243A25C0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632876, "uuid": "f6b1e854-8a9f-4729-b81d-ce70f7bd5348", "value": "24576:rUkqI5UDTWpgEnW4PWzbGUheB5vKehBijX93e91EmRF/c+70zNY:rUXI5ATWppnlrGyFb7Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689632876, "uuid": "206678df-12bf-423c-a062-bafc36bbe5cb", "value": 1901464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689632876, "uuid": "4cc4a212-7044-4d5b-9847-6a9b05fdc6dc", "value": "application/x-sharedlib", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632876, "uuid": "8e034313-94fe-4f30-b6c2-bccd2dfb7b0d", "value": "SecuriteInfo.com.HEUR.Trojan.AndroidOS.Jocker.uc.19398.31382", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ce42192-245a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689568075, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568075, "uuid": "fd63b033-982b-40c7-aaa1-44f2f9e96ade", "comment": "Malware payload", "value": "b4739b525b2cb183e73f33f1ceb49982", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568075, "uuid": "95161e77-9169-4e1f-9b5d-a1dfc02a179f", "comment": "Malware payload", "value": "ad0ac54c15d74354b5a87915c825f33db5b6f8d82da74aefc2d82f9835cbacb1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568075, "uuid": "f0421409-5bf4-43fb-a0ae-037362ce3572", "comment": "Malware payload", "value": "d76716bb19e1627ab9057a91fec9193550f3ab44", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568075, "uuid": "6bfd9ec6-cbd8-4b22-87e0-4981db589665", "comment": "Malware payload", "value": "e01b8ce9af3a4d089b04dfee79c4f46cbe750313a8ee904ad2a5a98b6b9b3e7f0820947d29c71225f7425454aea2be45", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568075, "uuid": "72d37713-58f2-423f-883e-c2001e4dc47c", "value": "T137527EFE918E8185DDB74AFE168F601E92297271435804E30BC319094EC0BF6F921FC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568075, "uuid": "3bc51e1c-3fd8-4d09-b70c-5a8e7445693a", "value": "7fd46a7f56c0e23d5f7b090d08198d6d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568075, "uuid": "abc928b7-35c8-43a8-8693-f1c501a819a0", "value": "384:dK7W2D8/TtJLQb5z8T5abu6HazCO+wrgt+g:CCTtVQ98lqZOJrgQg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689568075, "uuid": "eb88b8ad-7c12-4e5c-bb16-a15a787cd48e", "value": 14336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689568075, "uuid": "80d3466c-86b2-4b7b-b872-aa2200152178", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568075, "uuid": "1b6b8572-90b5-431b-aff8-bf30ff243608", "value": "SecuriteInfo.com.Win32.InjectorX-gen.13033.20991", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81cb13ed-24bf-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689611542, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689611542, "uuid": "e791c719-185d-4f1b-851d-fa70c6ead598", "comment": "Malware payload", "value": "f10ad28830dd963479aa88439ec339b2", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689611542, "uuid": "dce8c9aa-9c2f-42ff-9767-2af6ad72acd2", "comment": "Malware payload", "value": "b00a0e531c3d0151e1d8e71a4623917b8de03ea510b3c86a4e1c9b13ae078376", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689611542, "uuid": "b678240f-69d7-4618-8b54-9e3f7883bbd7", "comment": "Malware payload", "value": "146a1abc6b0ab6c35a0d5450b3b01598249d45d2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689611542, "uuid": "eeec89cc-84d6-4cf0-8bc3-0c7c4de65281", "comment": "Malware payload", "value": "da35bb7101b76e1158291bf8c856577467c00c1d17904166c6fb0613940d98c5b721c7f08cf6ff6fd444a1c0738a929c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689611542, "uuid": "a89c1e11-4e62-4a02-9061-ee61567d4375", "value": "T1A8426C7AD2434563EF7F19BE51FFACAD513A6221036825D38356940A8F84AE3F431AC6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689611542, "uuid": "2c6466d8-98fc-41ac-865b-22602a7fbd1c", "value": "8576330f9aeb41bf60082dc9f971f9a0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689611542, "uuid": "2b713bc6-8f34-4c8c-b173-b9192a15aa0f", "value": "192:FiHIZ7OlVFq8TtXiA30UhmG5ZsyGzdDsZEmuQC+E:FiHK7r8TtBliNd+nuQC+E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689611542, "uuid": "783072b5-51ff-4e1b-9349-96c773364b1e", "value": 12288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689611542, "uuid": "a70c326b-2890-4b9c-9e5b-58541f2f071e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689611542, "uuid": "55d6a64d-fcc5-487a-9ca9-ad2a0f32f90d", "value": "SecuriteInfo.com.Win32.PWSX-gen.32285.28146", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb18aee4-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689594969, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594969, "uuid": "0410cdd6-f9b8-46b9-965e-47170eb0b3ab", "comment": "Malware payload (Loki)", "value": "080350a9e77e14ba5daafda6becf9c03", "object_relation": "md5", "Tag": [ { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594969, "uuid": "53a4e53f-c541-4eca-b46c-0e4c520279a6", "comment": "Malware payload (Loki)", "value": "b050211bbdfd8e52860c0bd563a8a3453e074c173eda9574cfb1ebf0759e97fc", "object_relation": "sha256", "Tag": [ { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594969, "uuid": "98c24797-254b-4183-a5de-6a29c1867d39", "comment": "Malware payload (Loki)", "value": "78ec81505fcc009197bf4163f2e8ea8ecbd2f086", "object_relation": "sha1", "Tag": [ { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594969, "uuid": "a1b4c760-c240-4235-9f6f-50ea48d0f28f", "comment": "Malware payload (Loki)", "value": "6c4979b0977fffc2f52c534d64154a161a067c68bb7113beb5535cb5cf96b7075e50496a8bba587c9fb94428e34b862d", "object_relation": "sha3-384", "Tag": [ { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594969, "uuid": "6910e449-dd95-4b8c-9712-7993f818fbf8", "value": "T161A423FE2A4B085D19EB1F86BDECC5D508D8973BDB3A882D224F8B7E9524D341118D32", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594969, "uuid": "ad9600e3-e9ec-47a0-9b21-bb91585be512", "value": "6144:337u9R9MQ93p1ZQqf/YDz5HlpdGllNmwkrRxpdaWERe2p+/90k1sUd7uaF8Wxc3N:YQB3RlQlNdQoICa90kuG7P6f9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594969, "uuid": "b3c6e0d0-e410-4560-a9b7-f06ed8ff4522", "value": 475252, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594969, "uuid": "86bffca7-258f-4270-ad52-115fbc5b6f55", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594969, "uuid": "d7dccfa8-59af-4d01-b409-252dd18482ca", "value": "swift remittance.arj", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff6f13f5-246e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (StrelaStealer)", "timestamp": 1689576964, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689576964, "uuid": "23cb53d2-7e61-4117-babf-713f7cdc83fc", "comment": "Malware payload (StrelaStealer)", "value": "a6abd78c34c14579fcad38d3cdb93977", "object_relation": "md5", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "script", "colour": "#5F818D", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689576964, "uuid": "93e13e4c-0527-4b5c-a2f4-64d53f7f49a6", "comment": "Malware payload (StrelaStealer)", "value": "b21c2c7171ba5fce14d4d43be0115f81174ffe6aad29ca376dfd3f08439d8c34", "object_relation": "sha256", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "script", "colour": "#5F818D", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689576964, "uuid": "f495f89c-6805-4f8d-b397-59a2cc8672f3", "comment": "Malware payload (StrelaStealer)", "value": "3642964bdf54be6143016b9770afbaba239af3b7", "object_relation": "sha1", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "script", "colour": "#5F818D", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689576964, "uuid": "8efcf0ef-e9af-49a7-acfb-f3b7705d7ba3", "comment": "Malware payload (StrelaStealer)", "value": "5761b4c4dc90e3dd2766d93e7247284669bee37161bfb943deb2513a5605e9e148da2745648f38d7f61ce33ee159fe47", "object_relation": "sha3-384", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "script", "colour": "#5F818D", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689576964, "uuid": "e9eeb1b6-ceb2-4933-b7ec-46c3bd4662b5", "value": "T1D9153BF476D077D70F75690DB3CE40B23D54B857F0EDAD86228D0E1E928439989ABEA0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689576964, "uuid": "ff2eaaee-ab33-4b00-8b74-6a8dd85242e6", "value": "24576:KHhxCJABAMp1LFR1TAH3boV7f9LAjBMyYxn0PAehUrVA5:mt0RUU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689576964, "uuid": "b589a93d-1024-4fbf-a21e-e370e4ca9b60", "value": 951574, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689576964, "uuid": "6df22e65-3917-444c-8a31-7f996f926f7e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689576964, "uuid": "8d3f9a2d-b5ea-499e-9841-2c82ccdd5f27", "value": "pointlessyear", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b7de76b-2468-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689574058, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574058, "uuid": "3ed6e486-869c-47fe-ae34-8f60466142f9", "comment": "Malware payload (SnakeKeylogger)", "value": "16d3e426535f97290b0a54a8a62b4901", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574058, "uuid": "c75c6438-687e-4567-bec9-36fc8f8882b0", "comment": "Malware payload (SnakeKeylogger)", "value": "b224e32937c8ccecc52ac1e6d4104d50be376c7ea1a46a823b03d01e44bed70d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574058, "uuid": "7e3ee958-26d0-46ff-bf94-06fb94723a01", "comment": "Malware payload (SnakeKeylogger)", "value": "e3fd611101e662118a369e5e91b1fb4c375d60a5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574058, "uuid": "35c6557c-4a75-41ad-82bb-cc891d09f066", "comment": "Malware payload (SnakeKeylogger)", "value": "6f94fe4f0e7bb9761536bbd703787fc414ff54e93da56cb37ca60222c1adc99da7c6a4abc7f7483fd73e3861e0f5061d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574058, "uuid": "a24546b6-d1f3-4bc3-bcb7-aad0c7f3b715", "value": "T1913260C17385C5ABE2608D74ACA183D00B19BD69FD647DB738CDB72F69222C409B23E1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574058, "uuid": "6691d726-f4f1-43fb-8290-cd22489b9bde", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574058, "uuid": "607b6c17-2c85-4ad3-9822-76d0d1cbc2c2", "value": "192:G0zfp/HA4tBn3b52fprrrrrrrrrrrrrrrrrrrrelyD:G0V/HvtB3dKprrrrrrrrrrrrrrrrrrrm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689574058, "uuid": "94362a27-3879-4e15-9a9e-a2deb48d6428", "value": 11264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689574058, "uuid": "daf80319-9cb5-405c-b490-0d4c0139347e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574058, "uuid": "22327456-4eab-40c2-acf6-a9a0986d4982", "value": "Halkbank_Ekstre_20230321_080804_358439.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41b0f774-2475-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689579652, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579652, "uuid": "e14b2208-afb7-4c76-a0f7-9c9aad3317be", "comment": "Malware payload (DarkCloud)", "value": "d1284f45a34d6dc0c7c463456f8174f3", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579652, "uuid": "d943e321-3481-4394-a601-8a6dde165cf3", "comment": "Malware payload (DarkCloud)", "value": "b3517cc3453bd3de12f8aaf776f58c797394bfd3872c4c5c5fcdccfa254c04de", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579652, "uuid": "896e7ea3-1622-4399-aebc-348c9e2b0599", "comment": "Malware payload (DarkCloud)", "value": "1d301cf457790fde46694a745ef445186010fe09", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579652, "uuid": "78da1ef7-3f59-487a-bfba-b679dbd9acf5", "comment": "Malware payload (DarkCloud)", "value": "cb8b0db72d26ed66a69e0310ca1a116c087019241a95f4136d0ba2fbc1681bb937e11f3939812629ced3b4c18a6258c8", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579652, "uuid": "5e3f00ba-6139-4359-966b-d71a7c13d5f2", "value": "T1E36423A8ADE2F924DF1F32302ACC117C920F66C38FA9CA1A7F40315973B49765CBA545", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579652, "uuid": "9520ddac-68d4-426e-8b1a-707c5d32f9f0", "value": "6144:vpU8PLE/jfKcedNbP0rHXyWsFdMmvffI+QgSh0hm2x1l8:lPLqfk30eWyMAgKBgWT8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689579652, "uuid": "233a9f13-8ee2-4760-804c-61b2b80fa9b0", "value": 313614, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689579652, "uuid": "c5a2ce35-2270-40f1-8979-6ee1d743a46c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579652, "uuid": "6da01af0-7d16-411a-b1b9-d64559387e94", "value": "Invoice 222240.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "158e057c-24d2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689619521, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689619521, "uuid": "d497f5ae-3d30-4328-b717-4997e4235bdb", "comment": "Malware payload (RedLineStealer)", "value": "17d4e2d567a87f8baf017c1674234ddc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689619521, "uuid": "7b7ebdb2-d917-4c8d-8ffe-49d5f592d416", "comment": "Malware payload (RedLineStealer)", "value": "b36bbbdf644d5939f42269e82d1276cd798ad369ab5c78941b5711a3c86005b2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689619521, "uuid": "39766431-45b0-4684-a1a6-ca428da8daf3", "comment": "Malware payload (RedLineStealer)", "value": "18e7be83ad36e566b4292f40ed2ea2aa633fe949", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689619521, "uuid": "a3a8f6ee-cc92-4add-a58e-fb178e5dd68b", "comment": "Malware payload (RedLineStealer)", "value": "c4532793ade84542db34e84f3cae7d19bcad54894b980351724a7aca8912a032db01e41402cd6296f2a7808e7d063c82", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689619521, "uuid": "f1f01a69-f04a-42fc-8c7f-c22e87568f6c", "value": "T19B343970730880A6CF9591B034689E59A8FF237D695967E2753D80F3DBA9EC86F18343", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689619521, "uuid": "20a06a20-a720-451d-add7-6630a803489a", "value": "8da5973a84d0980eaf40ac16e606fbd5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689619521, "uuid": "e72b44ba-6c4a-40f0-b4f1-55a2b507758d", "value": "3072:qDE9iyrD/RWmZlUNUZXe58KJr/riZfCKVgeTB8/ufx:qDiV4N4e58KJCfCOE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689619521, "uuid": "98f71776-411a-46d6-a300-581af27f915b", "value": 237216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689619521, "uuid": "4d7d4d88-a1d4-4758-813e-56b9f03977f5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689619521, "uuid": "998fb9b7-fab0-4870-b20e-f4547bb13ddb", "value": "17d4e2d567a87f8baf017c1674234ddc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41769781-2476-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689580081, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580081, "uuid": "22286db4-465f-4f9f-acf5-de8faa8d9971", "comment": "Malware payload (Formbook)", "value": "3f19edefb0ca8c728a3e5e01d2ae73bb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580081, "uuid": "c5651724-63dc-4078-8ee5-b399bb9cfee5", "comment": "Malware payload (Formbook)", "value": "b532a96b9e9f065c4c82099e4ee5f3714110cd15290874fe7d20e453b89f6a8d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580081, "uuid": "6cf14924-42e2-4dd6-bfea-dccee4602554", "comment": "Malware payload (Formbook)", "value": "3f43b81f550689ffccd974a2bb517f3fc7d4204e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580081, "uuid": "c4d1a89a-6a1c-4065-80e7-23ce537debf6", "comment": "Malware payload (Formbook)", "value": "4243c776136164f1925545fef83d02e837f2fe08aff771e7740a96376f86de57ce9a33c6330cc7abfa53a40a9225dc5a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580081, "uuid": "de81bf21-5b8f-4ba0-8afd-980d8827b148", "value": "T1AB441218B390C453D8D707721ABB9725AFE8F16B11904F1B7BA07B0DB821642BD2F726", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580081, "uuid": "7cd180c9-a27f-40cf-abca-bde80119cf0a", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580081, "uuid": "9fcee6a2-d9e6-4e6f-8602-6c00db5b0557", "value": "6144:/Ya6TNA2tg7h/Wubw/8Glnk+0pVGXouzmmHg4LmggsZBNQ:/YBNA2t2h/7dTpeouyX4LmcvQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689580081, "uuid": "548e9adb-4754-4906-8d58-f7dc1ed3192a", "value": 261049, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689580081, "uuid": "dd5f27f2-b48b-476a-823b-b17b8ca0a09e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580081, "uuid": "468a1544-9a31-4a08-b1ed-452f8e4e599e", "value": "Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "619f00d2-24d6-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689621367, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621367, "uuid": "dd94d372-9312-4a24-94f1-1ead49e8181b", "comment": "Malware payload", "value": "839ce4207a37147508c72270629d1787", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621367, "uuid": "1ac98587-20b5-40b1-9ca1-01c0848b43fe", "comment": "Malware payload", "value": "b554bb8695c6674175bb3493f8f34c3d1d5b7f4cbb6da4c2e8431bd03acb4351", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621367, "uuid": "6988e6f8-0017-4319-bf08-ebba53dfb5bf", "comment": "Malware payload", "value": "06af3de8636ee9bc0cf22f312880b47156195d79", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621367, "uuid": "61658961-e7f5-44ac-bad3-5582f77c7ad3", "comment": "Malware payload", "value": "af07ae12ba9c5be9a9ed4907f882a92365529aa09740664e8747bcf300a59623cacf228a40373dff6e4ece7975a7cd4c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621367, "uuid": "3097fcfa-7dba-4858-9943-e9d45e76b25b", "value": "T149F2B5366AD40972E6B79BB189FB86C3B627BD663931590D50CA33014D33B42EE61D0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621367, "uuid": "d14982b3-e243-4e2f-a1ba-109da5d307a9", "value": "7ba3aa8366ce167c7a77ebd6e6fea8e5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621367, "uuid": "2e1e7a57-3542-49ac-b41a-860288cb3edd", "value": "768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBaacQsdB:X6QFElP6n+gJQMOtEvwDpjBsQo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689621367, "uuid": "b59c6bf0-bc8a-455d-92b3-6875e773a91d", "value": 37294, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689621367, "uuid": "b1e0f476-0c6c-4c95-b5bf-4351f78e523a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621367, "uuid": "2dd34a9e-dd10-427c-9a9c-290f1ecf1c71", "value": "39760557.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2ded284-2496-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689594015, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594015, "uuid": "c9025883-f611-4173-805a-6f066a47f456", "comment": "Malware payload (AgentTesla)", "value": "96d767fa4cd00e1742011ebb27fb7d31", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594015, "uuid": "99696719-f1b0-4799-b71e-3b527dca25df", "comment": "Malware payload (AgentTesla)", "value": "b5e3cf860ae17fce81028e47357db9eb1d4fd83bce5dfe676826d3caf98667d3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594015, "uuid": "87cbcbf9-db93-4aab-a056-113a6e20b30c", "comment": "Malware payload (AgentTesla)", "value": "0c74d086088a9fc5292a303fb88b4f3dd547fc34", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594015, "uuid": "4b2c5ec5-0f02-4323-98bf-43f42033ab24", "comment": "Malware payload (AgentTesla)", "value": "ff95cf01ae6905287a2eb57eddc4c8c048c46a8d74d8e38ae758e970186772a7e8e0de454b0036b8cbb397ea4fced23c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594015, "uuid": "d846de99-60d1-438c-bafc-1725c0c8626b", "value": "T18BC4BF38503C87AFE757DBBAE430219213F013662AF2E38CCCB6659F3E75624A1505B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594015, "uuid": "7e82b88a-d36a-4e55-a9d8-fedb9f9e5576", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594015, "uuid": "19623324-4108-47f9-aa04-701ecee09154", "value": "12288:nms+qR7oS3Jq8eeQENH7rV8p+DzVcFjU3LqTrQaSejL8ZX:nms+Cvq8eeQ0HnhDzVOYbqTrQaSejL8Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594015, "uuid": "a301b8d6-67cf-471a-84bd-b8264fb221fd", "value": 570368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594015, "uuid": "bc872612-6781-4e3d-ad81-c33e230eaaf7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594015, "uuid": "ae73de0b-2b7a-4e2c-a6ed-7d517328938a", "value": "SecuriteInfo.com.Win32.PWSX-gen.17303.31737", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3836b6ce-2466-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1689573194, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573194, "uuid": "e5da0f5a-d471-4c47-bec5-707aa646b701", "comment": "Malware payload (DBatLoader)", "value": "43d1618f48b3d7d8f52d163253a3f3c9", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573194, "uuid": "c9110053-a037-45d6-8788-93d24125aaf4", "comment": "Malware payload (DBatLoader)", "value": "b60dccaf97a4cb2e8dbbc565f20982e6c778878b35587d28eb47585cdc0b41a0", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573194, "uuid": "9ed414c8-dd71-4ef1-b20c-e2caa2340abb", "comment": "Malware payload (DBatLoader)", "value": "309684e1dc8d3647bf654ee1d71ad3fa60fd83fa", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573194, "uuid": "a3e0a82d-635e-4915-810b-12f94010f99d", "comment": "Malware payload (DBatLoader)", "value": "ef90c566a6edfd923294130ab14e165172d6727c6d586e39e4fa63d416686e0d50f581114fdf7e12461c25c87d785b69", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573194, "uuid": "7df4714f-f9ec-4564-909f-9c7e63389e14", "value": "T12C65F003D804DBC3D40D83F4BE530EE90F0A6F19E99A7DDB10667F8B3A71A62495A25D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573194, "uuid": "c71fcbfd-5759-42f9-a5cf-483e7483b989", "value": "24576:qfu9VNZyOw6VajZyDw6VleHBlEzp7uvR0bgcwyA5ZCcP5YwVux:qfuP+6Val/6V8hOzLgjy8P5Yz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573194, "uuid": "10130b60-ce53-4ca8-8ec6-7a9ebc8f9fb7", "value": 1436672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573194, "uuid": "4202138e-4a07-4794-8611-4afd28a39d92", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573194, "uuid": "27a8aac1-08bf-447e-be5a-d10915cfdaf7", "value": "PO-4501226854_WJO-001.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70e4a981-24bd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (TeamBot)", "timestamp": 1689610655, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610655, "uuid": "0b86338a-ceea-4e5d-982e-c151988196b8", "comment": "Malware payload (TeamBot)", "value": "9cfdf68ecc493c042aa113149fe19460", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610655, "uuid": "6734165f-fb03-4083-a352-ddff4681fcdb", "comment": "Malware payload (TeamBot)", "value": "b8d512610678f0cf5cc94deeafaa6276549cdac6db64208cb7e1aca52441fb34", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610655, "uuid": "d5a0a365-f1ea-4411-b0e3-c97f4856e0b9", "comment": "Malware payload (TeamBot)", "value": "7528714c43d890550256b3f8f75d31fcfcfcdc8b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610655, "uuid": "38859a57-4914-4c72-9383-8857972a0c01", "comment": "Malware payload (TeamBot)", "value": "269fb3c58d526bb8ee9327fc2dbc9b0c70a8f62fbdd9d8711806685c956f60a5bb765e79286faf8d328d82f9165f330c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610655, "uuid": "ce8adbd9-f4cd-4fff-ba0a-9176da0bc536", "value": "T1F144CF2233E1C0B2E1B745305970DAA22B7FB871577686EB3358167E4E717C09A743BA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610655, "uuid": "486f3d55-3a40-493f-8f34-3b25320c3695", "value": "189fcb3cc81a9771ead68c0464a642d8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610655, "uuid": "527d9971-17a0-4689-9d41-8f865782432c", "value": "3072:PmxJteO1SO5E5trPBeCrraqz1wrmfsR81XeCBbw7Pvkz4s:UJ3cAELrPhjaro1t7wA4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689610655, "uuid": "aeb85d53-a087-4526-bc44-0f767551526d", "value": 256000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689610655, "uuid": "c74edeb5-39d4-423e-b0c7-3f87804b3346", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610655, "uuid": "4bdca0bd-c4ed-44e9-ab80-b89116502adb", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e9ac05f-249b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689596048, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689596048, "uuid": "c6623453-889a-40a1-85cf-0b401d0fda6b", "comment": "Malware payload (AgentTesla)", "value": "4b53952ca3d4332a530e7a9c9e5f09f7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689596048, "uuid": "2c06a91e-360d-4ebe-97d6-3c1198084247", "comment": "Malware payload (AgentTesla)", "value": "b9795e3dcb1336ffd749e26b4bf2fc0f0b33f963cfbcd32c45d33498a037dc3c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689596048, "uuid": "29972580-ff73-4132-b985-9388101945d9", "comment": "Malware payload (AgentTesla)", "value": "e5bc4f047fba05ad26116e2208e18610fee92e96", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689596048, "uuid": "3a0ad902-6397-4955-9589-32f1de8c21a7", "comment": "Malware payload (AgentTesla)", "value": "ea33b486bb08904df534f4e9a6ceef814594e28bcb97dd723a9032e0b590a39415c30e73e47ab27be1f39f9de8da9588", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689596048, "uuid": "fc4ed010-08a3-489d-bc02-00c01294fe1c", "value": "T17ED40113B62C975ED199C7B83030667863BA1FDB2826DA127CC1FDDD1872B4D0B50AE6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689596048, "uuid": "344fd67d-3dce-47f5-be8f-7a10a98c5a90", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689596048, "uuid": "939257ce-32d9-4e8e-8c68-19a70cc4b283", "value": "12288:6P6vJZSm2meaLsgDNspjqSLYCrIw/mE1fV10+QmI3teqNo:S1aLFpY9cW5Rr63te", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689596048, "uuid": "4631acd5-9ac8-415a-bb60-23d52c33a917", "value": 637952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689596048, "uuid": "cd86205c-4642-41e8-9806-49d31a64da49", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689596048, "uuid": "c4ef6dd8-6c92-4b70-92af-73bd87c0aeee", "value": "4b53952ca3d4332a530e7a9c9e5f09f7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35be26b3-2466-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1689573190, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573190, "uuid": "54d0c348-e9d6-4b4c-a14a-425fff1f82bc", "comment": "Malware payload (DBatLoader)", "value": "89a3c23f527d57c3de50191389a88b52", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573190, "uuid": "727600fe-c8c3-42bb-81c2-ff382a37148e", "comment": "Malware payload (DBatLoader)", "value": "ba7d842e156b96709b95f308c3ee31fe5e0478d92ed714bc5a5d1322b281f579", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573190, "uuid": "87c9485a-1223-43f0-87d1-6f1fd6cde263", "comment": "Malware payload (DBatLoader)", "value": "804d6a58ed06b1823230013d7c9636be7455d285", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573190, "uuid": "00f25cbc-2349-4457-883a-3078501d765d", "comment": "Malware payload (DBatLoader)", "value": "3a2e94ebd15bcc96a0c143cf0ac2cdf1a3d3a2532ef00854a197e64716e8de80289c54bbe18a1550eeeb1308bab59d6a", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573190, "uuid": "e544db84-4e1e-4a09-98d9-ca3d1c93a12d", "value": "T1A903A05EE78F02A48F4513B6531B0E899ABDB23EB35455B138AC933433EDC3906665BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573190, "uuid": "2b52fa6e-2ff6-4b22-a765-6d75657bd682", "value": "768:XFx0XaIsnPRIa4fwJMr5YryDn6hJfqi5Qtc3TalXjC:Xf0Xvx3EMrqyD6h8iCtWTa9jC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573190, "uuid": "345efc26-0071-4b54-8406-fad994eb971e", "value": 40797, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573190, "uuid": "0ac4ce9d-da17-4ddb-bf61-5c72f85b68de", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573190, "uuid": "04de6cd2-cd0b-4854-acd5-18238faaaa8d", "value": "KBL_RFQSteris 100614800C.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed2e27ee-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1689594972, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594972, "uuid": "17275029-bdb2-4712-8dfc-a610cbc3c50c", "comment": "Malware payload (AZORult)", "value": "434bdc2a74b2d3ee69dab3297db4c097", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594972, "uuid": "b87d3168-bcd7-49b8-b66f-b74b19deb22b", "comment": "Malware payload (AZORult)", "value": "bc2ee44ba5333b341f4d497c99162cae95a7821e882f0634e60851a6086df8b2", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594972, "uuid": "49639a0c-4e4f-4cde-ac39-fbb5836e9c1b", "comment": "Malware payload (AZORult)", "value": "74e92a4ff28a093136f5e2e683d88c1d80aaf18f", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594972, "uuid": "1594c539-552c-4cfc-bd3e-f8b51ad6ae5c", "comment": "Malware payload (AZORult)", "value": "266749ba49442ce881f196a4fb4f4321806f35392b724701294ab5707b270d8e4a8f2ad660e27e29effc9b7ba5c2b00d", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594972, "uuid": "f80e4a95-631d-447d-843e-ae49bfacb6ef", "value": "T1CBE31341B7F034D898FBFC44948461B206B539E939E692AE23E1EC2CAC93B5750EDE04", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594972, "uuid": "582cd14a-f36d-4f38-af9e-30ded87a022d", "value": "3072:HBzmsNw3C2tEPiUHlw9bM42411q6UXii38QCPl7Y2pLaP3:RmhVgRH8lLIyi3LIl7Yr3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594972, "uuid": "dd19caf5-4517-4605-813c-7c57be9305c6", "value": 147238, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594972, "uuid": "7184fc87-b38e-47fd-a0c6-1e1a923b44cf", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594972, "uuid": "df4c3e59-e01f-4fdf-bf6d-bb4f7990e067", "value": "Ziraat Bankasi Swift Mesaji_1.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "acefbbbd-2465-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689572960, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689572960, "uuid": "40754458-6da1-48db-a777-85728473f106", "comment": "Malware payload (RemcosRAT)", "value": "32806f59f4e4bd444e4fd18fdaeff018", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689572960, "uuid": "cca511bd-ed15-4281-aee6-d74618204f13", "comment": "Malware payload (RemcosRAT)", "value": "be40fed3aab989152192cb8feeb5d77a880c6bd65b525af2231e53e09f650c8a", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689572960, "uuid": "68196e5a-06f6-45ca-8f49-eab37aebaa77", "comment": "Malware payload (RemcosRAT)", "value": "02c021bb3a3c36124085858390502d19e8e351e8", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689572960, "uuid": "965ae77e-9577-43a7-ad59-2412bf1e8c0c", "comment": "Malware payload (RemcosRAT)", "value": "8d1eab17d40f854c1894688729c885e52a9bb80e0e9535053b4fa6b343a49e6921cd69c0e713a431b12779e660bcb5d4", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689572960, "uuid": "ce5d992d-2123-4462-bee7-8463f1640b21", "value": "T1A00512E04AFB71B7F5DE3571362006E29631F23F82B2B2993CAAC4762FB7595CA01550", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689572960, "uuid": "cdef0d27-ffe1-4512-9897-5ac496479f88", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689572960, "uuid": "c82ad2b6-c12d-4a84-a7a9-1e04dd602b5b", "value": "24576:cSmDzn3TKzmGcxrbv7rDockkpRPRZmMB:crTA6Z8chvh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689572960, "uuid": "77617d06-5203-4068-94c9-9827c283192d", "value": 814080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689572960, "uuid": "8c778973-6f0d-440e-b72f-3a79873ca683", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689572960, "uuid": "81ac437f-35e7-4a0e-affa-6b00ca07a460", "value": "\u0646\u0633\u062e\u0629 \u0627\u0644\u062f\u0641\u0639 Banque Misr_Pdf.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "136226c0-24d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689618659, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689618659, "uuid": "0356d049-d8f3-449f-bbf9-d0898b06b4f1", "comment": "Malware payload (RemcosRAT)", "value": "abecea8506d69208ec75340ff4177375", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689618659, "uuid": "b4a16d99-2056-4530-904c-1590e04c45f8", "comment": "Malware payload (RemcosRAT)", "value": "bf373bfee0a0d9348814d70aa8cff3c8b7aedc7d21375203435e497eb9944ec3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689618659, "uuid": "1da86e50-3edf-4bb7-b359-b32bfe4d6c4f", "comment": "Malware payload (RemcosRAT)", "value": "7772968a26fb9539f30ebb2a6a21c21c733aa741", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689618659, "uuid": "b63a99c3-384e-486c-b7e4-8bf7a78febf0", "comment": "Malware payload (RemcosRAT)", "value": "12df5e0af69929306abfaa0cc62767956f970d0619cae895db360816fd74abe26bc34ba1aba6435854b9c1ebf48c8a97", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689618659, "uuid": "a37987dd-8c08-43cb-b48a-7ec37c133559", "value": "T12E25129561394F2BD43A83F955B0053043F96AAB316AE3925EC230DF5EB1B048FA6F17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689618659, "uuid": "06106658-efb2-4028-99be-d1d854eb698e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689618659, "uuid": "edb19514-98e6-4bff-b8e0-724548a2e68f", "value": "12288:OSOnDUkDPFabHtqv30kt+wjXuIVAaKFC9QTQCUNlRrgW0bx894qHUPhPS:OSOnCNsuwjXuFC9QTQCUlghq94qMx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689618659, "uuid": "6165c568-eb88-4441-a9d4-f33eeeea5d50", "value": 1039360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689618659, "uuid": "6a313767-9b39-4c1b-8cdb-c70e47cd4758", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689618659, "uuid": "5f511894-0f08-4d03-aa8c-e4792f67a0bd", "value": "plugmanzx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1816c086-246b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689575287, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575287, "uuid": "21611798-e8e2-4961-be77-382337dc60fe", "comment": "Malware payload (Formbook)", "value": "8806f0b8ec783d6bbfaf36169475768e", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575287, "uuid": "53167e53-6787-4054-8c0e-4b8c05feccfb", "comment": "Malware payload (Formbook)", "value": "c11074e9634d5ec4c891200e8e376d46c56942ba4c9861af7b168eb1bffb3ac7", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575287, "uuid": "7be2a122-a031-4b9a-bb75-2d4c510de3b5", "comment": "Malware payload (Formbook)", "value": "cb903eeafa6a0a198c9ad0d81990b43efb6df812", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689575287, "uuid": "3741f6cb-af3d-4976-9488-c2466f29f44e", "comment": "Malware payload (Formbook)", "value": "6ab2d5a92bf7b171bbf50de203fbb527d459f379d2abb946e66b3918348ffd9c690d2faa93736fa24e9e536c0aaded22", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575287, "uuid": "f5da3405-ceaf-4f89-b47f-46a3c5719243", "value": "T18244226CFCEFDD5D79298D1C86086D6B8227D2D312C5DAEF3B9B00E2B46628D4B25D00", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575287, "uuid": "ab3221f2-67e5-4b60-918d-fbf7f19b9f8e", "value": "6144:GIA/+2uRNGCMdAul9mkEWrVUW30fJCUwc0KUaXN3hq+Mrm:KmfMyBkzV/kfJRdUaXNxq+Mrm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689575287, "uuid": "7df5145b-6bc5-4a7a-983a-5341f9868eb5", "value": 271013, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689575287, "uuid": "f07fc5be-3e18-403e-9f23-91f72fee1c1b", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689575287, "uuid": "27504d49-ed23-4995-a10b-214164552d14", "value": "Shipment Arrival Notification of 772165397672.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "599cb2c4-24da-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689623071, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689623071, "uuid": "ba5e14e7-ba4d-4b83-a0e1-446afd94a306", "comment": "Malware payload", "value": "594173a93a04d2b9ed53ee505a9d418b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "embedded", "colour": "#9129E0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689623071, "uuid": "84985176-091d-41f9-818c-e50f679f1585", "comment": "Malware payload", "value": "c1796a8cf6be4b31342d3ba730ee278132be920a0b0946531edfd5d3ab2415ef", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "embedded", "colour": "#9129E0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689623071, "uuid": "20d9c2ba-523d-46e4-8318-f1a83af4ce4a", "comment": "Malware payload", "value": "f2c5e775bf98475700c428dd92c2d25ee330e96b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "embedded", "colour": "#9129E0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689623071, "uuid": "db5d4b5b-5343-4926-8c2b-e332df97bbce", "comment": "Malware payload", "value": "0fc85bdd7f7f424a1b5f80e246410c990c93d71e225200b246ac8ffb64d0d4b4a417678c7ff227bd403d2fd001743a3e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "embedded", "colour": "#9129E0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689623071, "uuid": "5eaeaf50-1177-4c07-8404-ce3a0ede2188", "value": "T1EBC27C4193CA8B2BDAAA0F3BE9F137114335D551DB47E75B9C8463284CB97A74E22720", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689623071, "uuid": "1346a4dc-c9e3-471c-a132-a6bbd2e6112e", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689623071, "uuid": "c63138e9-09f5-4f7c-8edf-df012e1e3c3b", "value": "384:4pr9KDxCEbegAndQFI+NZcYUDr4a2sdiMNl5HkgIkc70tIqICWv/eq+gCyQ7S/:4prTnKFIZ/D1fdUUc7uIfeq+gj5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689623071, "uuid": "4f30c2d6-1989-4b57-ba05-60cf3861e445", "value": 26624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689623071, "uuid": "c0ba7392-ef06-4ef1-a880-75234fe7c278", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689623071, "uuid": "c0b9920f-f057-41ff-ac9c-17e77f261f09", "value": "sc0pe_hidden_pe.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "947e6d7b-24a0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689598259, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598259, "uuid": "6ef7eb54-7413-4a1d-908c-cb583f131add", "comment": "Malware payload (Mirai)", "value": "c375339e398fd39a5203e791e5c37f67", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598259, "uuid": "fb03f02e-0110-4e90-80ad-30defe5dc894", "comment": "Malware payload (Mirai)", "value": "c1e5375ed9fadc54370de6cf7758de7323409f29a198287f5a1e4a15cd07ac00", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598259, "uuid": "e8baab81-4c4c-43db-a336-64281902d69d", "comment": "Malware payload (Mirai)", "value": "6afd9fbc01eccd4dfcd972604e4e2cc0119b8243", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598259, "uuid": "ee317d76-6238-406c-8eae-50c0167a0141", "comment": "Malware payload (Mirai)", "value": "05c7cb90d2d02a3651166673eab6ced101382c078325771da355798a920d142ba0afbeb63d026a4e649bf59b4fd2d0e0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598259, "uuid": "bcb91851-94cc-4206-a389-529a83f4f6f7", "value": "T1E8E2D040119E8F11C47EA47868EFBF4E04187A2F44885AA27ED57436F5F4FB64A60371", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598259, "uuid": "d85edafb-4632-4078-9d16-42e3debd1f38", "value": "768:uNyFa59wp6bs++1xqjENnqgVDTDcFCA+0yF65rVifnbcuyD7Uiyqu:ug05qMbsX4qnz1t0Ifnouy8Zqu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689598259, "uuid": "029116c5-5a12-4de6-8e16-9242b363db2c", "value": 33296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689598259, "uuid": "3f326cd2-47d6-4614-bdcc-8bcff20b5690", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598259, "uuid": "1e0edfc2-91e5-4cff-b7a5-749abfa45b28", "value": "c375339e398fd39a5203e791e5c37f67", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e90e13c-24a0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689598250, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598250, "uuid": "ed5cbaf4-f215-4e98-9178-56ef254f2bb2", "comment": "Malware payload (Mirai)", "value": "a09e8ac47fc6c248252339979e389929", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598250, "uuid": "23f8ac74-fa5f-4b4f-8398-74d62338966f", "comment": "Malware payload (Mirai)", "value": "c2c93b0cbba00ecb2deac85257e85ff997014cf3b3f9646c3f3776fab1b9c611", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598250, "uuid": "5a596e75-77df-434f-be83-08f6774dcb82", "comment": "Malware payload (Mirai)", "value": "87e60db358a4e6026b208a21b93c2c27750e63bc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598250, "uuid": "bee5f99e-2b29-4f29-ace9-1a82cfb3b0ed", "comment": "Malware payload (Mirai)", "value": "31fc044adc158dadafa252b464f4a424d7dc38f7532106ee5a8e0d8be07f798de9cfa22834735b343b6070b9de627ece", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598250, "uuid": "b7bb6199-0b55-4f02-8d75-32893b529e78", "value": "T165F2E1AFE9E2ADC6CA6D4D3DC0855F317D4DD0C495394B8E9F18E488873A18BB98C478", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598250, "uuid": "d8ae1957-c984-4842-bc77-e09e08f45331", "value": "768:TTBW1ra7wXX7tUCa0fDB4BllEu0aiCW0KZ2AOaFeu7JXZLKgQbWMb:TTB0Aw67THlEVjvppLmX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689598250, "uuid": "25925ac9-fd18-4788-b6db-b38ea87430ca", "value": 36704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689598250, "uuid": "2ef20e2f-e483-45ea-9176-a73674e4ddb6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598250, "uuid": "6b15d044-a86a-4f79-a956-1e5346371836", "value": "a09e8ac47fc6c248252339979e389929", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42a4b743-2494-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Cobalt Strike)", "timestamp": 1689592968, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689592968, "uuid": "bbad151d-4a1e-41ef-a6f9-2185ac864457", "comment": "Malware payload (Cobalt Strike)", "value": "de16dce8eb14706bc53e575a426e678f", "object_relation": "md5", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689592968, "uuid": "1b8d0315-5d61-418c-a35f-69d94b1504c9", "comment": "Malware payload (Cobalt Strike)", "value": "c3ea6950a38b40a5d85c6f3210c81cfb12810de376448e097a754ab66cd3b5ea", "object_relation": "sha256", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689592968, "uuid": "5bb63a84-17aa-4bf6-8156-1a7bc76e6bc9", "comment": "Malware payload (Cobalt Strike)", "value": "08e472c88c17b1056a99c2e4a059ec9da088e877", "object_relation": "sha1", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689592968, "uuid": "0670c453-a041-49da-b3d3-6ba3ad403b8b", "comment": "Malware payload (Cobalt Strike)", "value": "78fe919ec79b5e9eb566aedbc73913ed5721a0ec3df746d6b34ea38ea8d6f2fb4dc799fc084a4f1b653cfa70e3a3a75b", "object_relation": "sha3-384", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689592968, "uuid": "6a243f44-482c-4b07-87d8-2c2f3122327e", "value": "T1C6A56C53B88085B5C0AAD2318566A293B6707C880F3117D3EF54FBBA1F727D86AF9354", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689592968, "uuid": "ebdd071c-6fc0-4df8-b993-0dbdb24e7ff5", "value": "db8c0fee07d969271eb17bc24dbc27b5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689592968, "uuid": "100d20bf-8c55-4371-a372-d0509de50cc6", "value": "49152:D9w3ijZVCrb/TcvO90dL3BmAFd4A64nsfJ9MoogtD1JDepgJDH79n:u3fMOb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689592968, "uuid": "7acd3903-5b18-4c04-9a91-0b0f1195efa7", "value": 2227200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689592968, "uuid": "50f5fa7f-61a2-495b-badb-35d81c8fb439", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689592968, "uuid": "d15d062a-4604-415a-bc23-806db435f37e", "value": "6853F488.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "355c1921-24dd-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689624299, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689624299, "uuid": "41a61977-3088-4d61-9cc1-0faababad4c4", "comment": "Malware payload", "value": "be17076d7ad8c7427d83230266210b0b", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689624299, "uuid": "53706c4b-dcd6-4125-b456-24ac07ccb14f", "comment": "Malware payload", "value": "c41b62c08150340a18b6fc1a3acde0b8496441497b1a2af9b8f3c7ea4d2b573e", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689624299, "uuid": "874af6f7-836c-465a-a07e-655c73d8725c", "comment": "Malware payload", "value": "d6153ceff4f9a5de15da0f34ec2c49253de680fe", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689624299, "uuid": "6f35aefb-b62f-4f29-97b8-8557d4b23e49", "comment": "Malware payload", "value": "17cebbdbb105f9162c8fa6ec01f3fbea7f92a4f0037496ef4fd6c8aabb98e17a5d4ef9434d6b1d03b94d2acdbaf380b3", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689624299, "uuid": "7b4146c3-8692-4a9f-8b26-2183af6db254", "value": "T1518372CB27E2FC420913227033AA76E5E629DD9192C94C9CF018B458F1B991EF9FD59C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689624299, "uuid": "259b82b4-c08a-4731-bfe2-ecbcac81466f", "value": "1536:l4olw869MyEo2L3DTemFEkNexpTydJGvw1CRmoEQTvrVgRnNVM+aHoJI0pbf8+vq:lT+86ZF2XTemFEkN+pTydJGo1WEioVaH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689624299, "uuid": "f3be91c5-f20a-469b-bdc3-e8b3fd9b5c46", "value": 87706, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689624299, "uuid": "80f73c01-d814-457f-ab14-767d697d1ead", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689624299, "uuid": "b28d919a-d2e7-4fb1-ba02-b044339d635b", "value": "iroha.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2fc156ac-24b8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689608398, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608398, "uuid": "8fd1c07a-d0da-492f-83d0-e02d8ab632f4", "comment": "Malware payload (AgentTesla)", "value": "47c6ab3db56907b61545764dbe937476", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608398, "uuid": "7d968254-2a7c-473d-8d87-e0e3ba86bd5e", "comment": "Malware payload (AgentTesla)", "value": "c71b7e688d79fa6aca632f57ca33bb7bc92b95d101509d926f311466b460d362", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608398, "uuid": "7498263d-19b9-4ea6-9f09-adece3ba1104", "comment": "Malware payload (AgentTesla)", "value": "2539ea2499ee15fc4e834d46456fa94b6b3f35b6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608398, "uuid": "799625c8-9983-47ba-a7c4-8cc527f1ac4a", "comment": "Malware payload (AgentTesla)", "value": "37196ee1fc1991471aa26a78785c33970aa7fa523a9724c0a0ae26192a521bf7a0562ff3aefe7501f1084876624ac673", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608398, "uuid": "6b5bbeb0-2492-4fe6-abf5-aaebe272b7e5", "value": "T1A2C3C8D1651919D6FDAD61B2A97B8CCA25626D7F4AF0142D305FFA3243B32134207F2E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608398, "uuid": "824203f3-1ef4-4fcb-96ef-8d982f805b1e", "value": "768:bD2yZdP3SScNY8rfRqTuM+1+55emZZoHZqCyo0k4sxZO5GAwOywPXwA770X9mncF:X36G8QTugvAN50kvfZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689608398, "uuid": "67ddb45b-254f-4aa6-a775-60fdac2cc229", "value": 122880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689608398, "uuid": "c19c20ca-9bd5-48f9-8c20-6966128610ae", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608398, "uuid": "119c4039-b700-4460-80a4-2720cb40d4a9", "value": "PO 20231615HO pdf.img", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "744bf5ae-2483-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689585750, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585750, "uuid": "5b4140df-c873-4eda-818f-dde9fbc23d76", "comment": "Malware payload", "value": "ff51f734ea823c2667dc0261d433a7b2", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585750, "uuid": "94777267-b71e-4af7-b142-1eb14b773e25", "comment": "Malware payload", "value": "c71fd43dfb6a4573fe43d1c8f15c30586e136fef5d1399eacaa779651ce70908", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585750, "uuid": "0d0f0870-46bf-4e33-934e-a51649c6496b", "comment": "Malware payload", "value": "8fd7a2a8fba15643ad2c76d6a1061fa30a828eb4", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585750, "uuid": "fb69a893-14c3-4e51-a7de-9aae1f06eb98", "comment": "Malware payload", "value": "2a1b4105e55d72e6cca550353d80a324458d0da7941946c8113fafb0b3b684de1e0994560f995e0ef6c5e8c93d65d7c0", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585750, "uuid": "c5d8678c-610c-4851-94c4-a5ab41607355", "value": "T12CC423ED71EFF84885A000EB4BC26790B654C6E96B54513A4CF8885BD77A2DBD8C4CEC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585750, "uuid": "2d4cc4ef-fd8b-4999-ba0b-12d2cabe2a79", "value": "12288:F1LJWk0/r9GCtp9n90k2uwNP5Pdgb7btFa:F1y/Z99nOk5q5Pdgb7btI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689585750, "uuid": "f3133d32-5b24-496b-b423-0f0dc2f66da7", "value": 543115, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689585750, "uuid": "f67a80dc-596c-4b55-a74d-9086e5ea7b43", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585750, "uuid": "061036df-2347-4498-83f4-92fce7bdb215", "value": "pbsbs.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab31b4cb-24f6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689635234, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635234, "uuid": "30d4863b-2fbb-463f-9c14-ca4f030fb745", "comment": "Malware payload (Amadey)", "value": "86270699bad2681bb3f5f57f44a7094e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635234, "uuid": "a2ef42a6-ac2c-4f62-9711-64009b063d12", "comment": "Malware payload (Amadey)", "value": "c7a4524e38a070acf6ba7d4865de5125063cd4a021a47872adb720277271f3ae", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635234, "uuid": "91965412-a713-412f-bec1-3ca9956d987c", "comment": "Malware payload (Amadey)", "value": "cac5e4b620f438ece23b6e9df463b99d2667a95f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635234, "uuid": "29d0e99c-320e-4871-91b9-dc01c034d3d0", "comment": "Malware payload (Amadey)", "value": "ac11eff5a0bae2a0369e810a472d2c635cf44c84de7cad8a82053baf5d268ba9a0beba0a85847887cd48611cb6137a8f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635234, "uuid": "5623b269-7095-4e5e-8f23-5a2643cf4f7b", "value": "T14C84F102A7D88037D8B557B059F312930B39BCA15D70832F3796A95A0CB3AD4A87277F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635234, "uuid": "5657599b-6277-46bb-b22d-b2d6c246ce52", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635234, "uuid": "6425090f-bfa2-4148-9c14-4cd00060a194", "value": "12288:sMrYy90slB8Ldj5DBLjkSaHAcHnl9kkN6Kw:MyJ8D1lO/Hc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689635234, "uuid": "91cb07d5-2a79-4fd1-bedd-ec008a55c843", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689635234, "uuid": "907312fc-cba6-462a-b4a3-73327d693412", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635234, "uuid": "9ae41d73-d912-47b6-99b1-fa3f03af63f7", "value": "86270699bad2681bb3f5f57f44a7094e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee2cb902-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1689594974, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594974, "uuid": "8787c170-ce0b-4c52-ba53-86e39d6671a4", "comment": "Malware payload (AZORult)", "value": "48abb7efac7390f4cbe0b2ebcca28f17", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594974, "uuid": "2092cdcc-b67a-4375-8d59-9d04952cd473", "comment": "Malware payload (AZORult)", "value": "c8f19c09174f8e26f9e748a163048792994a924fe5c806ec2f840c307493e494", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594974, "uuid": "1036336d-0a32-427f-a027-baa6463c006c", "comment": "Malware payload (AZORult)", "value": "acff90b2e82a69b6f4e7aa33c9ffa9b6136f86dc", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594974, "uuid": "8cb6e995-d6f3-4ebc-a68a-8a30314309c5", "comment": "Malware payload (AZORult)", "value": "c51b5ac8bc435b19737996b743168fd894a67a51444bace1373e1a16acbe299a5e76aa69b28b74c2f6dc5bd3acfd1715", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594974, "uuid": "44a73eba-14df-412e-91b2-4ce42914a0bb", "value": "T187F3125E74FB8F1E4346C058A85B3845F6A7469D0ED7CA461388F83EA39162835FC27E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594974, "uuid": "41930645-164f-4a1d-b0af-194bed8f0d55", "value": "3072:/tDbrYjP3YHVd2tJpwWHXME/I391sByIiX8t40tW71Df2qgYyFnqQSuexE:pbrAGet/X5yqlW752XVkNG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594974, "uuid": "f7528a67-c6d4-4e30-b793-52f9301170b9", "value": 164248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594974, "uuid": "561d5e1d-c8c3-4a78-8f4a-ef86bc0e0133", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594974, "uuid": "95909931-3a48-4333-96f0-fc6628a6a533", "value": "Ziraat Bankasi Swift Mesaji_2.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28d07558-24f1-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689632868, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632868, "uuid": "eafabfc3-6e03-48b4-baa1-17e5e3cc1175", "comment": "Malware payload", "value": "34ee45ae2b9680de34d93618f10091bb", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632868, "uuid": "d9e639c1-d271-4fbf-9cb9-d1002e18a462", "comment": "Malware payload", "value": "c9e366415b60bf8683b8ed7c3250453ebeed70312105bd436ac7eef2927a6ff7", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632868, "uuid": "915768dd-b93f-4c04-8221-3f90d53d61cb", "comment": "Malware payload", "value": "2b72bcfca8a2c78fa9b794b251b8f4cfd8e0d089", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632868, "uuid": "aa29d9c9-da93-480c-aafa-56c99b30c7a1", "comment": "Malware payload", "value": "a5ea37548ecf70b2c3653d8cb71d6b663badf20adfe95f03ebd72274773302b051a2c6b71f4d08d1b0fdc03d26d47c64", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632868, "uuid": "b9a0c723-4aad-423b-be0a-8a1a7d398b49", "value": "T132A53B92E518FED4CCA4AE79F1ED64C0F7C4074DE6CB25129431E1B867E8D86C6A708B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632868, "uuid": "b0d08c8c-fbf8-4cae-8bcc-accbe05082a0", "value": "24576:A17HY/qk+T0PF/wt8Y5WZvHNrDKhq7ujEmd8DDHFydy6FEozNcm:07/T0PF/wt8Y5WZfOdv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689632868, "uuid": "a056bf72-c4e6-42a0-91bb-a640b22c811c", "value": 2245200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689632868, "uuid": "1172a668-1116-4b48-9843-91e979b21f50", "value": "application/x-sharedlib", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632868, "uuid": "722273cc-a16f-4008-8ec9-8ea9a474f00f", "value": "SecuriteInfo.com.HEUR.Trojan.AndroidOS.Jocker.uc.23189.15943", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3f449eb-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1689594930, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594930, "uuid": "97313179-30d0-4cc5-bc1e-dbd127ac6983", "comment": "Malware payload (AZORult)", "value": "428b645f7ff5317ceb6eeb422a7357d5", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594930, "uuid": "740f57a9-6f56-4cec-ae3e-c1dd9359a222", "comment": "Malware payload (AZORult)", "value": "cbd5559355a11f01b086790bef3b629d4b7fa642adc077e13f0829b9c28f2810", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594930, "uuid": "f9a485d3-566f-4116-a2ab-51d8e0a482de", "comment": "Malware payload (AZORult)", "value": "29018a6bfe4165ec4369bdd3a4b1cebc0f4e39f7", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594930, "uuid": "c9cdc406-c180-4417-a9a4-6f179aa0d949", "comment": "Malware payload (AZORult)", "value": "21c90c2d9686640cf163f3289b45670d9a995d7a71e8cf05d6a3f8a896a15c032759e62ac17aa7140e31d75cf91f9def", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594930, "uuid": "fc4139f0-bdb8-4bc1-883e-1ed041be1c63", "value": "T1E004121526D0C8E3E7B207305977FA8DAFF5D31A1110A7071B62EF127E3A6E6625E2C1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594930, "uuid": "616b4a87-b562-4b42-a34b-b96afd686027", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594930, "uuid": "55c287a2-58d6-48fe-b739-ee054933d13e", "value": "3072:ANzPHk9MpcWb7PpmDedyaeoYy53MPKAoiIVzFXPCIIKS7AMx8HCbt2DBl07:AhRDme0a9Yy53aaiIvXPRIKS7ASNBClO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594930, "uuid": "dd7fbdc2-f2d1-483d-baec-f09ad7dcba81", "value": 182495, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594930, "uuid": "b0954899-282a-4f45-8091-f7ccd88dfd19", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594930, "uuid": "6ac124a3-a168-4095-af33-18a58f3575c2", "value": "CI150723#856.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f1e47131-24b6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689607865, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607865, "uuid": "48ab1645-721b-4233-87ea-4bb20e905dc6", "comment": "Malware payload (Loki)", "value": "d5a779089da6064ffc2ba2236b38009d", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607865, "uuid": "30ef4a6c-c3f4-48de-a5ef-f64198cfcf06", "comment": "Malware payload (Loki)", "value": "cc1bad23cfbae891ffcafb36cd55c24b2936d4df71bd55f5ed57f59e2c1e02e6", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607865, "uuid": "902a2428-f0d1-4d48-bfaf-a3563009d942", "comment": "Malware payload (Loki)", "value": "69354c326482adc5a4fa7cb14ba8629ffabc01f1", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607865, "uuid": "f233dc84-0aa5-4d96-9a60-176432363aa4", "comment": "Malware payload (Loki)", "value": "38b4e25432af43a00ffc0fc2f4858e0805bee987cd37944aea85f7b7b3abe1f02be92e8f3a519b20b334e78a154f084d", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607865, "uuid": "6c9598a6-75e0-41d3-af0d-c902c591bea5", "value": "T1A99423ED7F4F2FC0142D8469D3D3E79F8710A2B984BABA54A050D0EDB2F6FD81548A19", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607865, "uuid": "70c63d96-8477-432f-8b89-867f3dfbe578", "value": "12288:JCdnb7asXiOrJdG4iVpTLEABYPeCyozhrpYx+jTUIJ:J2nbjiOvAD0wYPNNlrpYxq5J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689607865, "uuid": "1237f65a-e16a-482a-8245-aa2611ac4abb", "value": 423196, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689607865, "uuid": "01ea9cc5-ae3a-48f6-bb0c-79348bdc97a3", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607865, "uuid": "364a537a-861f-4cc6-9c6a-0eeab4d0beed", "value": "Quote# 1193353.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a1a49278-2465-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689572941, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689572941, "uuid": "05ced23f-6ca3-493a-84a2-bded37524a8f", "comment": "Malware payload (SnakeKeylogger)", "value": "9986588629bd667f60ccd817399a2dac", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689572941, "uuid": "852a94bf-6acb-43c7-95c8-813ae9003ab3", "comment": "Malware payload (SnakeKeylogger)", "value": "cc3bf74eb7b9b3dcddd481fde6791c38de22d8e7e0badd65c248f1b4cb8b1bbb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689572941, "uuid": "1f0edb15-d46a-4352-b4f2-5cf1d4b11899", "comment": "Malware payload (SnakeKeylogger)", "value": "a59b4162fba2bf69d4046315cf109edab26f9deb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689572941, "uuid": "f31235e2-3df0-43c7-93d0-66421aeaf180", "comment": "Malware payload (SnakeKeylogger)", "value": "a7fed32acac0273c35748910d45d5741950f554507e95316a66fbd0cdc7c10df10df6606b64b19d6cada7454afd6650b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689572941, "uuid": "c96a2a15-1a83-4868-b4dd-1f96517524e7", "value": "T1D5B4CF39103C87AFEB47D7B6E435259222F013A66AF793CC8C7A251F3E78538A1549B1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689572941, "uuid": "1ed36fd7-596b-4c77-8900-7b862e9e1fa3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689572941, "uuid": "789ad730-3a71-4347-be5b-6ebffaca1e01", "value": "12288:DqTrQaSejL8ZjcwSZKq5S+ROlXszIStHs7G5UHdySfI2Fg+P:DqTrQaSejL8ZjcwSmlXII2f53", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689572941, "uuid": "22ecf7ea-a89e-492a-9dd1-51a90062c061", "value": 506880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689572941, "uuid": "ac337054-d33e-4d61-88cf-b69826945d02", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689572941, "uuid": "7cf133a7-3810-4406-b04e-1f29359117b4", "value": "TFP.INV.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82b4aa21-2484-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689586204, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586204, "uuid": "34d3dbf8-1af2-4452-bc35-a1be451d00a5", "comment": "Malware payload (AgentTesla)", "value": "172111586ecbeb019ff5065102c298ec", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586204, "uuid": "08b7b39d-53dd-48ad-b97c-2676bc71d6fd", "comment": "Malware payload (AgentTesla)", "value": "cc69115623223794f7ca3beb83a10df029f2b13fbf3e71d69d91d7394c498e6e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586204, "uuid": "1b40756b-2614-451f-a228-0899372f08bd", "comment": "Malware payload (AgentTesla)", "value": "5f20961a78ce31de456b1f1fda821bc52e054b18", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586204, "uuid": "8b9b1152-2f9f-4467-8055-7f6ef61010f6", "comment": "Malware payload (AgentTesla)", "value": "4ee8d47f166dce6fc59a43b32fd6c42841d08dfb2420fa17b438f547685ddc767d7796226078a8dc25d823940cdd7420", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586204, "uuid": "74d7da44-bfcf-4494-85fe-fa21a5d9936d", "value": "T18D45E003D8049B83D40D83F47E530EE90F0A6F1AE999BDEB10537F8B3A71A72595A51E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586204, "uuid": "4ce3e73f-7105-4f4a-ad3a-7383766c3a2e", "value": "24576:mZu9V1ZyFw6VdAZyQw6V9CpbccwTA5L8cMEqwix:mZu396Vdyc6V6cjTQMEqZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689586204, "uuid": "9bd5936d-a788-4afa-8095-4c33028746a7", "value": 1212416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689586204, "uuid": "644ad47b-0bda-4bd7-87a7-66f8c84cd9d7", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586204, "uuid": "ab3a4a22-e710-4881-853b-139b6b8e9d14", "value": "NEW INVOICES.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8d60742-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689594911, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594911, "uuid": "66de39fc-4063-42c2-9654-2d4e88f6d78b", "comment": "Malware payload (RemcosRAT)", "value": "cb094bb83f85268a6b634aad4f8512e1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594911, "uuid": "92c3a2e7-5311-40c0-8f22-83fc2451e698", "comment": "Malware payload (RemcosRAT)", "value": "ce068c31fc36142145899195cf4dcb87d3dce15616bf9f60428f931d355c86d2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594911, "uuid": "724bd863-5e8f-4e22-a3f4-483cc4b7423b", "comment": "Malware payload (RemcosRAT)", "value": "a8b741007464582c5266a585056c04eaadb0819e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594911, "uuid": "9b8b8792-3d57-4dca-934f-7de99f77287a", "comment": "Malware payload (RemcosRAT)", "value": "ba7de0b9a84eabbb424a65f0c228b903e0631462f0965dc43c2710d64279890996cac5ecb4c8537c2d6c03eb66eed976", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594911, "uuid": "40447e71-a0f0-4bee-9ea3-62a1d7a000e8", "value": "T171A42309D7F4ACFED07166721C3F45AE8F7298196D70C38F936019483E8A2C3A95E766", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594911, "uuid": "d9ab71b8-7136-4e69-bc75-9b764c07d259", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594911, "uuid": "f559d7e5-b076-4a15-bf9a-eda31a6a6cac", "value": "12288:/Yh8COUYq7lTFi37sQSVAJBDbu4RnN6BdNJNT9w/e21Jxq:/Yh8fk7lpiLsDVASwoD7Qe2/k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594911, "uuid": "655e7c30-1229-4df4-9cb6-74d3f8384ff0", "value": 488818, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594911, "uuid": "f2d20958-e2da-4f3e-9e4f-04cdcd8abd88", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594911, "uuid": "842a95e8-bfea-4ddb-b393-af22c20a6cdb", "value": "2023-17-07 PDF 30127783946000762.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15e30989-2485-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689586451, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586451, "uuid": "92fb186b-fcf0-4e3b-910a-e6ab6ff751ed", "comment": "Malware payload", "value": "7ad0fc12635afd6d572ff2466809db3e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586451, "uuid": "cb34677c-c2fe-4a63-a26c-876eca285cce", "comment": "Malware payload", "value": "ce22a764aa4bbc780ad67a74daf4ff421993ad6099ddc3513ed3e804144b7ecd", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586451, "uuid": "4f2cacb9-9ecb-4a64-9071-fbc8e19babcd", "comment": "Malware payload", "value": "ecf5737eafc349d04a5ab3faa252da0226e864c5", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586451, "uuid": "da251de0-ebee-492e-b3bf-51ca5454666e", "comment": "Malware payload", "value": "0942a9c383896bc1dceee8b1dfc0d862411f37add9d499a02907b761ae7fcc9731254226a3821c5a01857eb06665a336", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586451, "uuid": "71552d1d-0aa5-4548-9848-4b39d9c2af43", "value": "T1E6325BBDA30341A2EE7E167F658EA89D19349231435D19E297878C094E41DF6FA31886", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586451, "uuid": "53115d1b-c621-4c4a-95c0-2660049e8fd5", "value": "7fd46a7f56c0e23d5f7b090d08198d6d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586451, "uuid": "3a5c546e-fb45-43c9-a68e-e700453d6d4d", "value": "192:PIZ7OS8X3MmVD8X3pETtXiA3LySfMU+wEOY1xhHMjp:PK73Gl8ETtBZdFYXhHM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689586451, "uuid": "e75d2e6c-eaff-4137-a156-2bf742325504", "value": 11776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689586451, "uuid": "6ea2cd7f-cd52-4a8c-84fa-45c8182e6b0d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586451, "uuid": "0f704a25-035e-4887-8a93-cb468ffebaf2", "value": "SecuriteInfo.com.Win32.InjectorX-gen.2597.2259", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a055a2ab-24ba-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689609446, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609446, "uuid": "416b77f1-31fa-486a-a813-a841af5a857e", "comment": "Malware payload", "value": "e9fb71dd600d96ec09b6aa7143b43a67", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609446, "uuid": "3401370d-5925-496e-bc77-4588140fc8c0", "comment": "Malware payload", "value": "d040e890b58aad20ff1c101a2b4ff4e90b1d18f835cb223a4a8ce4ee13a1f99e", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609446, "uuid": "697ea960-b7d0-466b-80a7-f81d6973f0ac", "comment": "Malware payload", "value": "aa37c5659c8edde33a52a74e91b461e27295c6ff", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689609446, "uuid": "e20719bc-b95e-40d9-ba01-cf9e5bc74ebf", "comment": "Malware payload", "value": "ccf4badb789d1ca012c6f240c570d5537cc0b8b38c5a72fb220c137709c525edcdcb28f1e1af99a2c5ff82e43449f334", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609446, "uuid": "8f10441d-4e72-4d85-9b71-cbe4cc85a29e", "value": "T1E4529EB7E4EEE039C70E05399C817228E319AA93636D06D5AF34D284A5F5D8F7BC0385", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609446, "uuid": "0eeec915-85eb-4b2a-bd31-fe92b7741123", "value": "192:Rg3VYycpU9JNf9WV8JYQnPZXutEzSPBkiOS0XZE4M//FYywPJA//YT:Rg3V1cpUTWSJYAx+Q45gpLEYyd/AT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689609446, "uuid": "0dd8cb18-a069-4d88-85a6-9094c4be8f45", "value": 13430, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689609446, "uuid": "1e74aaef-245d-4674-87ce-2b75a6931e24", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689609446, "uuid": "87122d63-2925-4f5f-8be1-5ba27565fa05", "value": "AGNI -BIO ORDER JULY.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a175e2a-24f1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689632870, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632870, "uuid": "0a0e587f-00e8-4be7-bc5f-550dd86b7a96", "comment": "Malware payload (Formbook)", "value": "724e861a7d2115a45b3916c69ada3700", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632870, "uuid": "bfddbb4a-246f-4d89-b14b-7ab838f5aa90", "comment": "Malware payload (Formbook)", "value": "d0b0c22cd8d89cc33def6e5e61f4afd8d3f2aafdeba6833aa686489a104eefce", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632870, "uuid": "a694f798-f1a8-43b1-ab3a-4891058d2086", "comment": "Malware payload (Formbook)", "value": "ba60914a187bd11a5408ab821cddddb125a0e271", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632870, "uuid": "58a9bcb4-b679-4d62-af29-680178a35672", "comment": "Malware payload (Formbook)", "value": "5b2bb061410588a01afaddd47bcf5db8e69acd519cdd82e93190ae0fafcc726de0912b233fd1aa819238c4aa27a07fe8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632870, "uuid": "ed68f201-567d-44c1-be33-4ee0a289a9a6", "value": "T108D4236641AF46A3D4E212F51A91FA162B345F818016CF690FCEFC99F4EF2426762327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632870, "uuid": "c08e390d-5e51-4a2c-850a-90dc179f9caf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632870, "uuid": "4493b27b-8fb7-46f0-8ccc-8db6f7068cee", "value": "12288:rfb/WT4UkuZb7094jPiJfTnH8kvjyqsXcyqSJgMFg6JNYRiNxt1l7P4:rfzW/ZbNgTnHfZsPqSJlg6Jestv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689632870, "uuid": "5ea946c2-1fab-4086-aab1-ef15212c5f3f", "value": 622080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689632870, "uuid": "09796086-f7e6-4731-a8e7-084dd72b0991", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632870, "uuid": "d6bade2c-f96c-4d2c-9ee4-dc4f3992208c", "value": "SecuriteInfo.com.Win32.CrypterX-gen.16180.19856", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99cedd5a-24a0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689598268, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598268, "uuid": "a4265205-48d8-4f0d-9d04-d8b449e6bc91", "comment": "Malware payload (Mirai)", "value": "703e1d90cf6dbe6eae72b9752f8baeba", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598268, "uuid": "44641c06-6f4a-41c9-9844-c66ef934fc97", "comment": "Malware payload (Mirai)", "value": "d3007b02ee85c33f99dc9df70d3f5781e5c40f5f8b7527679e5bafd88b325ddc", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598268, "uuid": "a116f2b8-45c5-4f5b-ae4c-d672eaa093fc", "comment": "Malware payload (Mirai)", "value": "5cb843bd3d50b108f83e23a658ae5521855fdda8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598268, "uuid": "5c79a29e-cafe-44d1-b52e-ea43180e9d68", "comment": "Malware payload (Mirai)", "value": "7327149b0d3fb46b89b0eb969b24864c9a86154ded4d582ec801d37ade36784fc4d4ac2268988b0644aab68b205375fc", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598268, "uuid": "3f33100d-5f01-480d-8db8-9e07167f59bd", "value": "T1BE735CD9B8118EBCF95BD9FD81224E0DFA2172044FA30F2BA267FC672D731959D0A845", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598268, "uuid": "be0b9b5c-41e0-46a1-9a63-afe8638f0bdc", "value": "1536:5ChqYa+Pq/kO7gMOSkRP2PmyTNy9JBaXLlG6EiRfk/TW8XE/t:52DO7sSktZyx0ExGak76", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689598268, "uuid": "47e3286b-9df7-4cd1-bfd9-015adb2c6a81", "value": 80380, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689598268, "uuid": "46633375-ca94-4dae-acd4-01f0ca37dd96", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598268, "uuid": "405dd5bb-1141-4930-968f-eb6e6b2667e3", "value": "703e1d90cf6dbe6eae72b9752f8baeba", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6c15002e-248f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CobaltStrike)", "timestamp": 1689590890, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689590890, "uuid": "13fb774d-7ac2-48e2-93e2-6b8035eb35cc", "comment": "Malware payload (CobaltStrike)", "value": "fb65d7ffc587868890496451b4706f39", "object_relation": "md5", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689590890, "uuid": "c4262c23-2f8d-4c14-acac-26b0a7b80078", "comment": "Malware payload (CobaltStrike)", "value": "d3bd4efe6795d73420f670212e364814b03e8e844b351518a76703c0ff22c68d", "object_relation": "sha256", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689590890, "uuid": "badd46bd-a5b8-4931-8ba0-ea1d72f1adfe", "comment": "Malware payload (CobaltStrike)", "value": "510d72453bee613c6a95bdabce26dccfadad6bb1", "object_relation": "sha1", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689590890, "uuid": "8afa4b9a-d5d5-47a6-a853-2fc49c23370a", "comment": "Malware payload (CobaltStrike)", "value": "3e3b1422451d75b9973c9c6d5d84521a6ee0232678097cd8fb3ac6bae29291a3d67bec4db317ec1ee9ae33ba04e8186a", "object_relation": "sha3-384", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689590890, "uuid": "ecf2b0a1-6537-4223-a292-2b20e0b3b867", "value": "T15E54125A112630E8D23383B818915D887B77B82607275FEFD511A53A1837BF4B83E7AD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689590890, "uuid": "27f7c2fb-0275-4a51-b818-c2da91782e14", "value": "3f4403e89d79751af1598faa11e4e8a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689590890, "uuid": "d389287e-a24b-4db5-87e7-465ce84b0893", "value": "6144:krqPHDIgSF/CawpJaBSk2LkLnDCcvntH65oikAj7RSA7l:kruIg0zpUjIvDa5oikAjdSA7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689590890, "uuid": "7ff6a42d-2718-477d-a9d5-17a082a086c0", "value": 293376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689590890, "uuid": "b0661d05-d472-488d-89cd-729d7229f67d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689590890, "uuid": "4b349b58-54bb-4ca8-a61e-5a6054c9e8f7", "value": "mpsv1c.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac250114-2473-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689578972, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689578972, "uuid": "c82e70f8-a166-4ffa-9d48-8bc24bc2fd06", "comment": "Malware payload (AgentTesla)", "value": "e110dbe8cee7a3d15de7816a9f77ffb4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689578972, "uuid": "69fabfc0-df51-490b-b1e9-7a143747c3bc", "comment": "Malware payload (AgentTesla)", "value": "d3c740183caf8efc711c6955c884c3bc5d560796b1e1bf6a0a44696340710750", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689578972, "uuid": "add46b38-0fd7-4964-af85-4cedc003dc69", "comment": "Malware payload (AgentTesla)", "value": "be574e57e294c428b4d8707250169b7240b85b8a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689578972, "uuid": "1fe8b9f6-9e6b-4697-87b5-12647f3ddd84", "comment": "Malware payload (AgentTesla)", "value": "76d999aeb8b4a07cc5c30ca84032235a75f7dc253caba4e8fdbacb7d986e190afddadc9cb43081a4940d9604978f9d37", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689578972, "uuid": "e73019ea-bf19-4edd-aee6-dab09c12772a", "value": "T174D49C38903C87AFEB97C7F6D420115513F413A66AF2E38C8CAA64DF3E75724A650972", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689578972, "uuid": "12ede1c8-ed24-4587-8ed1-0d58d2a5178c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689578972, "uuid": "67d0dea3-d3a1-459f-b627-a1dfcdc7021a", "value": "12288:1kWtOjj/Unh8tSBgQ7SZSEe51GAXp+QqkYuqTrQaSejL8Z:edWf7b55pFqkYuqTrQaSejL8Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689578972, "uuid": "3a99ec62-fff5-44c5-872e-1f1fc133ea25", "value": 628736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689578972, "uuid": "8e6bf703-a593-4462-ab11-129ce373a65e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689578972, "uuid": "d8bcb718-bd72-4319-b094-b93b4cfe7265", "value": "Transfer copy.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e06e9490-2451-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689564457, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689564457, "uuid": "d374533e-5e2b-4ffc-9db2-7a781bab56ef", "comment": "Malware payload (AgentTesla)", "value": "788155d24cccf7212342e68c442e6937", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689564457, "uuid": "326a1987-4cc8-465e-810b-df3d51842b7f", "comment": "Malware payload (AgentTesla)", "value": "d52f10a09796e91680cb8a8c25abcce09303c4044e31344dbda417b34ec5815e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689564457, "uuid": "18c34983-3288-43f0-a120-b36d8d27fe59", "comment": "Malware payload (AgentTesla)", "value": "b45a18684f4b62a40a271594cb54ed0a27d00d85", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689564457, "uuid": "7fc6db18-8ff9-44ee-9faf-ac44be15cc7f", "comment": "Malware payload (AgentTesla)", "value": "a8428422b2b7d57e8fd2b7d56f60a2a9eda699d3c9d6bbc46df926749914c984ad1596b442b3c0b4b00a368f5d7881c8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689564457, "uuid": "27794fc3-17d9-4a74-90bf-8842801e3f86", "value": "T190D44C0B39D02A57E42E427E107C6A6CEAEDE61D423FD928342DC293B2F664C0D5D75B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689564457, "uuid": "af58a007-3dd1-4c78-bb12-e9c3999afa08", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689564457, "uuid": "88b7ee4c-360d-4315-bfe8-777173741ec3", "value": "6144:lyJESZiEGjslqRISR++NEtfzzPEDMMLnbKxS8mRtRJc0PDcarZ9NMKrJLUIUHFb0:lYEQGQIut7DVWmyTcmDrrZHybFlAqF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689564457, "uuid": "a0df82a2-a2ce-46f5-8735-9fce066669ee", "value": 652288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689564457, "uuid": "6fe7d002-5e48-453d-860f-ddf5183527a0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689564457, "uuid": "6f30b0aa-0479-4830-a6d1-bd31405fea4e", "value": "SecuriteInfo.com.Win32.PWSX-gen.7147.18927", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b00bd08-2468-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689574219, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574219, "uuid": "ef3476b0-67c9-4f9f-9e49-b039246a495c", "comment": "Malware payload (Loki)", "value": "3ebd60dbfc79e33f9bef6c0c325d8b37", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574219, "uuid": "29b498d8-55f2-4916-99f0-0c2805333e59", "comment": "Malware payload (Loki)", "value": "d58646bfaefeec9f36b36152e66e7663fd37eb8819e44b3a99192ec295ef008c", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574219, "uuid": "ee3d8325-7129-46c5-9a53-9663fbf1b50a", "comment": "Malware payload (Loki)", "value": "00579cf536118fb8c3a720e7382e9dfdebc6feee", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574219, "uuid": "82bbec8a-ab13-4f24-bff6-4d8011fd1801", "comment": "Malware payload (Loki)", "value": "ddb9317a06fef8589a41abe550f65231ce91aa0fd69ba4b55b7e0cbfeade0faacf6f255f20f0775df041dd9df770e6cc", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574219, "uuid": "ebc2272c-77aa-4f83-85ca-eb70b04f47a1", "value": "T1FCA423E83FE5542014137280FFFBA99181099BE5F876B1A98EDCB3530F129F651BE05A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574219, "uuid": "29ee7967-162d-42e6-9966-c67af9a87029", "value": "12288:8VUNCoV6ql0Vw4hvRfuKvN6aLgac6xRetGJ6Ejcmhq:rvkNhtuKv4WetGJNNq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689574219, "uuid": "bdc2e628-ee7a-4b60-904b-43c4a0578498", "value": 475942, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689574219, "uuid": "a498a6d3-babd-4d1c-8bd6-8e7ece8a8343", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574219, "uuid": "751996f6-0f0e-436c-8900-bc640ce0d15b", "value": "HAWB_for_ASL H12660.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a441d30-24d8-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689622133, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689622133, "uuid": "3b18526d-b8ad-4bd1-9274-ecedc6da58a7", "comment": "Malware payload", "value": "d072480d939a819969bab643d14dbab8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689622133, "uuid": "df92cf48-895f-470d-a5e7-3c0f468d5d6a", "comment": "Malware payload", "value": "d8557a8feb4555c4daa426b0c26881712b4be22610caf924079a454150611736", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689622133, "uuid": "960a6970-171a-4489-a5cc-faa757b1d82b", "comment": "Malware payload", "value": "3cd5c36f672c10b9aa16bd439850a346abfbc01b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689622133, "uuid": "7154902e-1d35-4f50-971f-97d228d7a2cd", "comment": "Malware payload", "value": "dbd66d54cb7bf65a7d69541ea17ab7c34851e59cba9b3cedf926a765d0e00f7f380906aa71c0263ac5adb54a9521174c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689622133, "uuid": "5f78f62f-ae6e-4eab-bada-233035ea0163", "value": "T147C58C03BC9420B5D9E9A2328A7A62517731B8590B3577C73F90B2B93E737D81E35398", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689622133, "uuid": "3fc1e22e-2e04-4c69-9207-e908bc95948d", "value": "f0ea7b7844bbc5bfa9bb32efdcea957c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689622133, "uuid": "df5ba027-50a8-4e45-b3db-b356cd2992d2", "value": "49152:o/uuVcm6Irb/TqvO90d7HjmAFd4A64nsfJiFCyESgyyRzUxD1TR9nm4JjaX:q64EV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689622133, "uuid": "a510a56d-2aa1-42e7-b579-c43b3745626c", "value": 2553344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689622133, "uuid": "bac95d79-770a-433b-ab09-d903a85626e4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689622133, "uuid": "ce8c4b42-69bd-44d4-b01c-7880bd9e09eb", "value": "SecuriteInfo.com.Trojan.GenericKD.67468219.1336.32061", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17ab7de4-24ae-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689604063, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689604063, "uuid": "e10cc124-e410-4964-8ed9-5f724af0b99e", "comment": "Malware payload (AgentTesla)", "value": "dc3b86da76303f3a587f701e4faafdc8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689604063, "uuid": "0296ee3a-faa6-4de5-a9d8-d6143307d7ff", "comment": "Malware payload (AgentTesla)", "value": "d876e6a6c7d18d7d682d7113bab7ec8a9e3ecf2ce573886f025306300a3c2ceb", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689604063, "uuid": "39971533-2404-47b1-b444-55ef8fff56fa", "comment": "Malware payload (AgentTesla)", "value": "dc33d2d652a649fcf3d63012324f5d8ce0fce867", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689604063, "uuid": "8d982e09-f970-4c96-b16d-1ef2fd07e71b", "comment": "Malware payload (AgentTesla)", "value": "e4c2ca9c8dd617464e86ab4d180b8dd5ae601e1cc1f915f878b05d9b23c51968c2417c0913847ec262e11d2cb0559bac", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689604063, "uuid": "13bd7d23-c2eb-462a-b8ee-71cee4da54a1", "value": "T119D44C1B3ED02957E42E427E147C6A6CEAEDE61D423FD929342CC293B2F664C194D70B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689604063, "uuid": "ec19d408-8558-4fff-88be-259438b8caf5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689604063, "uuid": "b1dc57ed-d981-4542-af54-68e640e00652", "value": "12288:iXGQIut7D7WmD2nhtEXIhsn86FqkUQSI46:Gz7frDShCIhsJ1+I4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689604063, "uuid": "756b5633-61c8-4b75-844c-5857ce1e61d7", "value": 647680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689604063, "uuid": "f84328a0-041f-4b8e-b293-c6cca0253bcc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689604063, "uuid": "3a215123-d96f-4c31-a6d1-f22390cd658d", "value": "SecuriteInfo.com.Win32.PWSX-gen.16077.31943", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8eedf9b4-248c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1689589660, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689589660, "uuid": "55b7ca4c-735d-4cca-8352-a4ee6c14d6ee", "comment": "Malware payload (Tofsee)", "value": "39d8a9780ff1850067ca0a017f6a984f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689589660, "uuid": "65897d90-8f0e-4280-9ab2-20e5d7d94cf2", "comment": "Malware payload (Tofsee)", "value": "d8e851db280e7892809fc92c6c3db438331951e1f8192389fe62f6f66ebac5c3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689589660, "uuid": "788faa4d-ba9b-48aa-adaa-554453203aa5", "comment": "Malware payload (Tofsee)", "value": "eae07fddbd0a64a713c3cef4575f0d88a56afb09", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689589660, "uuid": "d859485f-ab3c-440c-ac92-7956d0a955bf", "comment": "Malware payload (Tofsee)", "value": "f35f83d89133a5952202e2df8f0a74332aca15beaaf39a952b461e080e4a0c38b3aa2fdfc6b0b6e7ae0e1ea1cce6ec07", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689589660, "uuid": "7ea84e33-4f99-4e0e-a2d6-ab6fa77cf4d9", "value": "T19344CF2237E0D072D4AF26305970C6A129BFB871577685CB3368163E5F70BD19E3839A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689589660, "uuid": "30cdc995-c7e7-4bb7-854a-3b822dee6082", "value": "c1faaafeea493fa6a83d7c193e85adf1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689589660, "uuid": "9f94473a-3bf2-4ac9-8b1f-95651d1a08a4", "value": "3072:21MBkxvfGaF/FzWb9VT5aLj/JSC5kJwSFjhvoGECaNwxAk8J:Fk5FOkjRSC6SS+N+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689589660, "uuid": "5da823b2-cfbb-4fe3-8d5b-eef5f42a88ab", "value": 256512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689589660, "uuid": "cb5d76e2-7a17-4f10-b30b-a8e23f7edc70", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689589660, "uuid": "a1a7b74a-3178-4582-a229-f39d9cf156d8", "value": "39d8a9780ff1850067ca0a017f6a984f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54b6d97d-247e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Cobalt Strike)", "timestamp": 1689583550, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583550, "uuid": "72f8c75e-3754-4d6d-b36b-d3a51b487e4a", "comment": "Malware payload (Cobalt Strike)", "value": "5b4cec97066d00352d706b03893004bb", "object_relation": "md5", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583550, "uuid": "f773eb0f-0dbc-4197-838c-bfeae3b8db25", "comment": "Malware payload (Cobalt Strike)", "value": "d9ef56a29627c7dddd5b7422d97c8ce56e6ae722e34d8d034b1fdac649357913", "object_relation": "sha256", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583550, "uuid": "af22dd21-d204-4f7e-881f-e31a39c4b76f", "comment": "Malware payload (Cobalt Strike)", "value": "d6811c747aa1cd9e28c84ef356e5ff2b130d8a72", "object_relation": "sha1", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583550, "uuid": "ac6f7ee9-4778-49ef-9c27-ed3809f68b69", "comment": "Malware payload (Cobalt Strike)", "value": "b16303320d69c9dda50791c4aaeced8188e55ccae83ab8d43c84e41b7c28bde8284b0cd0ee37600a0835e56746be7dd7", "object_relation": "sha3-384", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583550, "uuid": "03353ace-3062-4e20-8c14-ed054ac93010", "value": "T100464A13BA5144AAC65ADA35C469A3F165207C881F71A3E3EB20F7763F316D44EF8B60", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583550, "uuid": "1cbfdc3c-71ad-45b3-809a-0389dc5ea100", "value": "4e53160a12270531910b87162a608761", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583550, "uuid": "11660379-fb0c-4f2d-9977-416b4447ba69", "value": "49152:qEMn13tMbrb/TRvO90dL3BmAFd4A64nsfJ8JVHRrkPrp32NuHG5sd4xjR1TrzDaW:b+3Qja1BGqyr3aWyTixocxJ1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689583550, "uuid": "70ac2bf2-1bce-452e-9a56-c9f9c64546bc", "value": 5714432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689583550, "uuid": "8309350a-3b33-4de9-a69e-aa5609613489", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583550, "uuid": "14f76647-57b3-4635-a6c4-831636eee05c", "value": "DE591848.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8108adde-247c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689582765, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689582765, "uuid": "76f60b66-32fc-4588-8c29-f51189fff282", "comment": "Malware payload (Mirai)", "value": "e94230f4c7c505cd9c8852bacfd7d4a1", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689582765, "uuid": "da7da139-65fa-4ca2-a369-b9027131170a", "comment": "Malware payload (Mirai)", "value": "da02ac547bd17582eafa93f546d86a96c51ff798fcd415fe0d5ae3c5853485a3", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689582765, "uuid": "0c47a6ff-9627-48a1-ba4c-1a9f6783223f", "comment": "Malware payload (Mirai)", "value": "7ce2c166bde09c4ae7615a654a2a2603d42195aa", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689582765, "uuid": "4d7ce1cc-2210-4fc9-b659-b2e0e62e19ed", "comment": "Malware payload (Mirai)", "value": "d2e10c9c7b381271c2bf3525e86caa4e34a12e39511611c9628addfd96cae15d84a0cc4a0f89cd4f0c1eb06d34a0aea6", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689582765, "uuid": "e5ec19fe-dc39-4df4-84f7-7e7d892608b2", "value": "T19CF2E11A6A2B7F70C81503301E7853DDFD747E63B75A5BDF08DA20EB8992A552922FC0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689582765, "uuid": "9ed36aa3-947f-4590-a080-ceadf5adfdfa", "value": "768:fqFgbrxVU116wLkfCvQoUOo2IWWwo3b5mVvMP2cEI+Ox0sh:zbNq6XOoHkOkVvMP9EI1th", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689582765, "uuid": "4a719712-eff6-4d20-8b33-28a3e4196d96", "value": 36928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689582765, "uuid": "73dc44f6-30bd-4d20-98b0-8acd77e9e66d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689582765, "uuid": "e4f7639f-493d-4aee-a8a8-835c2e952773", "value": "SecuriteInfo.com.Heur.20230717083214588039983", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ee2006f-2484-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689586117, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586117, "uuid": "c7ae11d2-ceff-41a1-afd3-32ae07a9b5bf", "comment": "Malware payload (SnakeKeylogger)", "value": "c2664aa7cb82f230c1060dabc7d55167", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586117, "uuid": "2b602732-6c6c-43c1-b4d3-3bc6eec68b83", "comment": "Malware payload (SnakeKeylogger)", "value": "daaaa1107bcfd8b9e0f682a1677141093786f201a8396f5210e9348222af2399", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586117, "uuid": "fa722174-e9f7-4460-bbe9-0a1ee7e81c63", "comment": "Malware payload (SnakeKeylogger)", "value": "1c000c2e539ff42ae85b12c135fda288a186299a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689586117, "uuid": "e96bbaa1-a81e-4e49-928f-67baa92d6f4f", "comment": "Malware payload (SnakeKeylogger)", "value": "0d93259994425a838d18ac1a20a670c0f0daf193d72fa14b1ee15b46a39affe22c25749216c257aa50a64ae93ea4dc33", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586117, "uuid": "9d406e6d-b792-4451-afc2-0a37ea028a50", "value": "T10CB4BE38503CC7AFEB57DBB6E434255222F013A26AF693CC8C7A246F7E79138A1545B1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586117, "uuid": "d9d76785-a9c2-4d99-a303-ab46d55d0777", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586117, "uuid": "f5ec43d7-ebfd-4166-ba2f-e177b332817c", "value": "12288:oqTrQaSejL8ZfRdVWTl4QtYQ3Rf3lQIE76fZOH25Zb692IS:oqTrQaSejL8ZfhWZ4QGQBP5I6B5Z9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689586117, "uuid": "862f48a8-06b7-464f-876c-3534bb07c95c", "value": 509440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689586117, "uuid": "80f584eb-a526-4df7-8be0-958de5887c90", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689586117, "uuid": "6c9554a2-61bf-4251-b3f1-1a27d36c32aa", "value": "Fatura n. 24.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3fb48d0f-24ab-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1689602842, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689602842, "uuid": "8c5f1f4a-6605-4b77-91bb-d28dc3dfa8d1", "comment": "Malware payload (njrat)", "value": "4ad9f0ba9446148bbfbe31b7e1861704", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689602842, "uuid": "93425cb0-3d4f-46a6-afc7-98ffbfae7bb9", "comment": "Malware payload (njrat)", "value": "db879fb9c4dc5f17da2744c2106f60fd0b62c68a5ea8e3651df163f6a884b22a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689602842, "uuid": "ff898381-47b3-4be4-98d2-db5a21bfc64f", "comment": "Malware payload (njrat)", "value": "0479cfe50e1d69c4e15e903fe33f311203e10afe", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689602842, "uuid": "0ed6d1cb-07da-4026-b4b6-3f78f5bf6b08", "comment": "Malware payload (njrat)", "value": "8f907f7b12cac67dc5055fec574b44962f8b52ce17beee7c7d0657f313d3b27a101918f34af8141863ad413cdbd41c11", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689602842, "uuid": "b531ec93-9aa9-451f-99fa-fa40117be5d3", "value": "T177E2F74677A58229C6BC5BF88CB313110772E3478432EB6F5CDC98CA5B67AD04245EEA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689602842, "uuid": "4cb88e1d-8a83-4652-b81c-57141a960f79", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689602842, "uuid": "9c6816b9-5ff4-43d8-b1dc-220d0fd5638a", "value": "384:N0bUe5XB4e0XOOViiaXLilpknDdWTBtTUFQqz9hObbF:eT9BuNzaXWlVvbF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689602842, "uuid": "423db400-9b39-4ad5-9d7f-4208dd78ae4c", "value": 32768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689602842, "uuid": "b4634c09-7b83-4276-90c3-edb7dc21df3d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689602842, "uuid": "d0db9486-1555-4e77-aa54-641f7089f104", "value": "bOsw.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "acf9ca14-2477-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689580691, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580691, "uuid": "2c3c1873-cccd-4fdc-af3b-05d28c7df9b6", "comment": "Malware payload (Loki)", "value": "583e977b5df64ab36d7c9f3b4aac43c8", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580691, "uuid": "b5ac6734-4cf4-482b-b871-9f1036359d96", "comment": "Malware payload (Loki)", "value": "dba87425c7eff12d404688728673f64bc6faf6e62cc4b3801ca18a08fc3214a9", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580691, "uuid": "37539ec3-2db8-4ebf-be3c-799381a15552", "comment": "Malware payload (Loki)", "value": "d648a9a64f171ac7dbf74c3b4246c088115f19a8", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580691, "uuid": "9e091103-0e74-4768-9d57-31a60ed033b7", "comment": "Malware payload (Loki)", "value": "216638ea62e85f8ed11f4e47dbf8dd2dd31462558884b3e3ca3bd9bd70670fd9133fba11389ee7df160a45e9efe5afad", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580691, "uuid": "21ffd5cf-8610-47e5-9bd6-70f0fd96f5cc", "value": "T131B4CF38503C87AFEB57DBB6E834254222F013921AF693CCCCBA255F3E79538A1545B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580691, "uuid": "0fb60a3c-c1a8-4092-87cf-31f435045903", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580691, "uuid": "d11bc055-e771-433b-8fd0-6ee527f23e55", "value": "12288:GqTrQaSejL8ZiVZ++G+LTx7KeFsWuZ9i11oYU9zYkD4s1USAS0kd9ll:GqTrQaSejL8ZiVZI+Px79nq1pzYkD4sT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689580691, "uuid": "143fcdea-1af2-45ae-b95b-350b15d4a276", "value": 507904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689580691, "uuid": "cfe13d7d-549c-4177-99c4-77bac3474e88", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580691, "uuid": "52f144ed-3b9e-4ed2-9611-d93036955e3f", "value": "A01_Shipment doc _for_ASL H1209.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b899fbf-24b8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689608472, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608472, "uuid": "c0e99035-17c2-4026-8162-1f9b6e5740d2", "comment": "Malware payload (AgentTesla)", "value": "04312b533d333def23d09ee3bb512af0", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608472, "uuid": "a4847056-e375-4680-97ec-9beb6e03f230", "comment": "Malware payload (AgentTesla)", "value": "ddb0a6bc96896dbf8f065fe84a824093ccb52d8a2498badfd5ab00348fbd5bab", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608472, "uuid": "b48011cf-47f6-42f2-8ab6-da02fc2f2b0a", "comment": "Malware payload (AgentTesla)", "value": "40695ca6bced49372ba0531a6147b1416671468e", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608472, "uuid": "e060bc3d-15bd-41fc-91e9-179cf29ce0ff", "comment": "Malware payload (AgentTesla)", "value": "4234ba64cfd6775ca844c321bace531b51c6ea4e18bb9e6021b750904015e39c51e215316993eb456ee4e68d7fed28c5", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608472, "uuid": "a882e238-aea1-4e75-9519-d72cb431346e", "value": "T1D694236C10B19F6A843E9C70815FA43ADA7885E1207E720E59DEEA454C4834DF4BFECE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608472, "uuid": "8e65d303-6be9-4b8d-99d2-4244e9061014", "value": "6144:xraTTmp/45DMMjAbK8S+TBxGnTSQH1Y9Wzw01bmO7MaMqp+gC56iTPfcwBLPJd0w:PLqhJmQVY9W0WjH+gC9cwl70wP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689608472, "uuid": "070a1180-d5d7-4a56-93b8-3e617c3aed77", "value": 433583, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689608472, "uuid": "c9aa6d3c-fad4-4541-a370-eae7411d36d8", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608472, "uuid": "86718de2-b99f-4f21-804c-305857e61d3b", "value": "PO 42236903.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5ee0653-24b6-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689607764, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607764, "uuid": "dacb5da9-0a94-4e78-b882-97bda514cb53", "comment": "Malware payload", "value": "751759316fb8810d69fcdf0883423fad", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607764, "uuid": "806b7259-c314-4434-8688-231ba1c26264", "comment": "Malware payload", "value": "deef3c113339983e7015eca3e955c98f2cc2a3f40941bdd9870890222067c294", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607764, "uuid": "b91a948d-4e24-4ec6-9032-925bd395b04f", "comment": "Malware payload", "value": "cc4fda8982a0e612178bf29714a926319a37bafb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689607764, "uuid": "8897a941-30d8-4d40-8754-fff219cbd7e1", "comment": "Malware payload", "value": "9dad7d8ee713d56ef722830d71bbb306c6b4c98f0b99550a5e22580ead93632bf67dc9bca5cb349e76eded4a00712cd1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607764, "uuid": "2c71d4b2-9537-4b85-9c88-f2c27e2804cd", "value": "T193868D16E3E807E4E927C734CA6AC733D7B0B9550B35834B1425D24A2E736A1CFAB275", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607764, "uuid": "71ca791c-8d0b-478f-b759-79aa133547b6", "value": "a500bdd00f81d714ea191e6b604ee0f1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607764, "uuid": "82cf0cd9-137a-45e7-9de2-e94ad45f6730", "value": "49152:bMMYhqgNSqmCApK9XzNFLQ6FYk8LfDj2pzkTDUEA/7gio8l9RK0vp6evZHeUWQgP:WZT8LfDjkQyRKmp6ewW2M+Gfqi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689607764, "uuid": "f77d3b63-657c-4a82-95fe-d19193c21b1e", "value": 8176128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689607764, "uuid": "be045b18-468a-4032-834c-9f1b57c57613", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689607764, "uuid": "c969c166-1a5b-4b77-a140-c0d813bdd144", "value": "Anthrax.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3f7038b-24aa-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1689602715, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689602715, "uuid": "c0495b0d-d774-4801-969f-423953b197dc", "comment": "Malware payload (njrat)", "value": "057df2411d38a779d6d97f2e769af90e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689602715, "uuid": "3f80780d-4ae4-4db0-aec9-265e58c8f4f0", "comment": "Malware payload (njrat)", "value": "e049a669a569c924198e402401ec91a6e564fe6f6c82a124bfd5c72e28ade6ce", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689602715, "uuid": "e7a2e2cb-1f34-436c-b53c-89af9a407ffc", "comment": "Malware payload (njrat)", "value": "0bdd24dae49898910d086a5887676bb50f30d6ca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689602715, "uuid": "e1405965-35eb-46f4-879a-e5679a13845a", "comment": "Malware payload (njrat)", "value": "519c80eb4534510fbd5af2ca61096dade0dc5f1d4321d1ce9d8d6a3461b130341438211cd5aca037c8f373d17f11e549", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689602715, "uuid": "907eba1f-f682-4492-bd16-e0bff5975af5", "value": "T121E21B6DFBFA4465D1BD0AB50571950013B4D103E523E77E4ECA24A62B7B3D84B88DF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689602715, "uuid": "d060eddb-9ea0-440c-8921-4ac4ec896f20", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689602715, "uuid": "7137445d-ac80-4ab2-b4ca-795ddec9093a", "value": "768:LbS/69DdxkzxP6bGCMGHfQNvgVQmIDUu0tiPPj:wqqeziIQVkmj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689602715, "uuid": "0248aaaf-c261-4749-8161-48b3101f133f", "value": 32256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689602715, "uuid": "4a82a6ce-c156-4fff-bfd8-c1b2796e76e1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689602715, "uuid": "a82c1bb3-9380-4ad4-9eb4-f0b032f882cc", "value": "057df2411d38a779d6d97f2e769af90e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ba9c416-2467-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689573790, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573790, "uuid": "955bd7aa-afb0-4680-ac22-30ad0c42b61d", "comment": "Malware payload (Loki)", "value": "646db35642c7b5979782e9ddc512a3c8", "object_relation": "md5", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573790, "uuid": "6bb09234-5f5b-4028-8b4b-29dee5c48ec8", "comment": "Malware payload (Loki)", "value": "e06308bce08457e094478bfb50c3c34e53a46b6272f413e3246bd70117683fc7", "object_relation": "sha256", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573790, "uuid": "a6a8fcdb-05cf-4b35-ba4a-ccb34739a622", "comment": "Malware payload (Loki)", "value": "01045b320a40a69058a4f33fd5ab9e09650732fa", "object_relation": "sha1", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573790, "uuid": "3ce0bf3a-b8c4-47c1-9999-85d3e41402f1", "comment": "Malware payload (Loki)", "value": "7242204f3ae1906faceedc61fa89208fba3de890b9d78e437021ed44198b620922e3f4dd591c6ee66c7d5d025943ce1e", "object_relation": "sha3-384", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573790, "uuid": "158b11ba-b662-4bf5-bf5d-d188cb19a23d", "value": "T1E3A423E83FE5551014137280FFEBA991C1099BE5F876B1A98EDCB3530F129F651BE04A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573790, "uuid": "93bf7a16-aa41-4ff2-b9f7-96219c338163", "value": "12288:eVUNCoV6ql0Vw4hvRfuKvN6aLgac6xRetGJ6Ejcmhc:RvkNhtuKv4WetGJNNc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573790, "uuid": "b21d7a13-d8de-4cd7-bdc0-671d5504b865", "value": 475936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573790, "uuid": "0d063c55-8bbc-4c28-a14c-933ecdf171d6", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573790, "uuid": "c292044f-56e8-4f33-be00-c1be4d4c143c", "value": "AWB - 8488476883.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27992ffc-24bd-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689610532, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610532, "uuid": "191e95b6-31a9-4245-9f67-4c061f46db8d", "comment": "Malware payload", "value": "7321124823fde8c60455f8f3190e1d78", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610532, "uuid": "d420734e-2611-46b7-a8af-e7145b6d681a", "comment": "Malware payload", "value": "e07227505ba3746f44f3793090bd16e7a2116f59ee2888f08c13abf62a0dbd89", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610532, "uuid": "0dbe5c78-23a5-4185-ab7b-73c1f0cdfb8b", "comment": "Malware payload", "value": "0dd62611f9ce640cfc43cbdbacc5401fd024d42f", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610532, "uuid": "7b7c262d-033c-408b-ac9a-d39293ca5e22", "comment": "Malware payload", "value": "84ab87aa1db1f621d4e746356417ac929461cbb5b7000028c3bb01af42c948f630e841d8e5324a8dd6ab70951a877ebe", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610532, "uuid": "550b3d7e-2926-47c9-81e6-519ea8cc8bc9", "value": "T18901653101E8EC11C6011C7138CE30F355664AAEB05187FE1CB9AC851E683800ACA43B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610532, "uuid": "8d10e542-2c8b-4164-b01f-d3ccf198c9be", "value": "12:Gl6onA77X5EhCB5rdGgglh+ILC2AHYwrH0eUTI8z8Tfy8zmBFl6naN:GlbA7ihs5rN0hHCroBI5TfyUmBFlL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689610532, "uuid": "1cc99a59-3bad-4e6c-8f63-36090416e8ba", "value": 742, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689610532, "uuid": "167064fd-b6da-4026-95ae-c194be8f1367", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610532, "uuid": "abbd5144-0cca-46f8-a025-72808ece8f46", "value": "tBZ__Qj9(778).rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e83892ba-24ef-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689632330, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632330, "uuid": "77c72991-83d3-498e-b13b-4042d5fcaefd", "comment": "Malware payload (Amadey)", "value": "6451b45a8d1ce333776c7bee7773dd07", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632330, "uuid": "ac1a870e-8e66-45e0-955b-24e6a2ee9164", "comment": "Malware payload (Amadey)", "value": "e0c49b8cb554d259b0391f2cb23b231c18576c5931a51b87fa395c782ee40ec4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632330, "uuid": "18bb8078-61c9-4d83-9963-c76ee691a7d0", "comment": "Malware payload (Amadey)", "value": "1b960f01237812c152ff962dc5c0b273759bcc8b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632330, "uuid": "bea8cb9b-7123-4d04-9d47-352ad4ba1b16", "comment": "Malware payload (Amadey)", "value": "2478fa718345e600dc1e1655a1be7ce412035f9f359343d13a6c55094bda09aa54ca1943b0bec0847b92805ea850398e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632330, "uuid": "05db263e-eaa3-4681-8cb5-a2b3d9795e7c", "value": "T10D840153FBF94132E8B557700CF742D31B3ABCA09D34832A2794999A5CB3684A93177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632330, "uuid": "512af7b3-cbd3-4027-875c-5f506340765f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632330, "uuid": "c3c6c146-1f2c-4820-8fe2-794c1e54f9c4", "value": "6144:KGy+bnr+0p0yN90QEF45Xr5g4CWwWI2PppoBzWrThd2pMAD3JP:uMr8y90PW5veiDThs3dP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689632330, "uuid": "81917e23-2a57-4735-a674-b5d27d985990", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689632330, "uuid": "b1cbb467-cd3f-4d1d-94b8-f965c6b90e68", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632330, "uuid": "5d748f3f-ce0e-4642-a9bd-a5b160bb02a1", "value": "6451b45a8d1ce333776c7bee7773dd07", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3bdf021-24b0-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689605238, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689605238, "uuid": "22376cde-e18f-4f5f-815f-e990f54ec947", "comment": "Malware payload", "value": "bf14242171dba706b645baf325806dd7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689605238, "uuid": "de82eeaa-24db-42ad-9f23-e61b94f4d5eb", "comment": "Malware payload", "value": "e26a1c5851a66a19021d08ab1e6044a5d92a898161af886bc5f8ea4a8e004999", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689605238, "uuid": "601a5f58-df96-4858-87b8-6462a1f5a3a2", "comment": "Malware payload", "value": "c37e0043712029c1dbe29839e11c29c04f9c8b9c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689605238, "uuid": "25f648d6-e6f1-485c-9544-0b756bf77d8b", "comment": "Malware payload", "value": "2c7caf759e914fe81b9721d40fce94390df7e22b058b7a267b540b3622de448386d2fd5d104446da5df45207901b1804", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689605238, "uuid": "689d5ae6-09a3-4c9c-89d6-b241fc01e6c8", "value": "T178A53303E9E44222E5E1737411B3C1A70739FEA7677197CB57832F2A46B14E0267D3AA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689605238, "uuid": "6233f176-d300-4bdf-9b8e-046db9e0e110", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689605238, "uuid": "dca36003-f567-408f-bf96-f13218a4cc21", "value": "49152:PtlKAqon+Tc6/vkvgC4jzNT3v5qZBIF1YHe59TssyZLnT8AE:lMDonnYhxjzN53YHc5yZLTQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689605238, "uuid": "59603f75-7a7c-4ca5-8518-d6ed4781d533", "value": 2265639, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689605238, "uuid": "61912758-5e98-460c-883f-3846539342a6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689605238, "uuid": "70e61924-0e39-44c1-b08f-87027241e382", "value": "bf14242171dba706b645baf325806dd7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1eeefa2c-2474-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689579164, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579164, "uuid": "0f9eb3a9-d43b-440a-ae88-26b307ab0254", "comment": "Malware payload (AgentTesla)", "value": "0acee6d18dab9477e0b6891d8afd1f52", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579164, "uuid": "72899130-aafe-46fb-9490-12760344b59e", "comment": "Malware payload (AgentTesla)", "value": "e2ba37e478e024c29d6049cdc87518746be699c5a7c16110183ca35b55d8a763", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579164, "uuid": "57f5fad7-d138-48ae-b6e3-adddd4da1a39", "comment": "Malware payload (AgentTesla)", "value": "74cae660b090dcf449ec82e64554a9cc4753fc20", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689579164, "uuid": "18710bd5-0818-4e48-a0c3-df03cdb38943", "comment": "Malware payload (AgentTesla)", "value": "e73144501c6cec077cfa8e93030041293dce5116052370c4acbd5af2319e50eaed192555a7762c642845707e145f413e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579164, "uuid": "81928aba-4766-4c81-91e7-4b5ff3df4264", "value": "T117B42316B14DE5C29E57566095A027BDE0468F7E20F318DA8CDFFD1E8BD642A23027F1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579164, "uuid": "cd1e457b-d575-4109-a813-c0f8a35d2f37", "value": "12288:PYqe/110KL0XiUBcZVWd00Nnv5e3s6iXqVGF2EXwgyEHMPPLDG9DDiG:PYqs15LXvHkWNiXqAXhyEsHGdDiG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689579164, "uuid": "f68d0944-b131-4ca0-841a-c38f27ea278d", "value": 532968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689579164, "uuid": "60af539f-fe39-4a69-be36-a922fe21a2ec", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689579164, "uuid": "12d0f53e-e8dc-493a-aba1-7cd74f93c31f", "value": "New purchase.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8a88af0-24cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689618506, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689618506, "uuid": "860e528d-aa6b-47a1-92ce-fb2f4aace194", "comment": "Malware payload (AgentTesla)", "value": "d9216ab7f838b9eab6264c46b3ba8e2e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689618506, "uuid": "d9c8b329-7736-49b7-89e5-831e9f244249", "comment": "Malware payload (AgentTesla)", "value": "e4d098122d676445d7e89826b59fe891a9bb9d3c78226e402406688cae0f7a62", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689618506, "uuid": "253aa20d-6f1b-47b4-9b3b-6166b9682964", "comment": "Malware payload (AgentTesla)", "value": "a6116772cd9007b43c766cc9c376124b92d0914f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689618506, "uuid": "f14e0f08-ab80-459a-aa07-845f256eb532", "comment": "Malware payload (AgentTesla)", "value": "5c036b5044c8f98764143116326b48264eb06317a0b58586f1b252ffaac9ced82eeb5c7a7d84d4ad4c0a3f4d2c202523", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689618506, "uuid": "d9faa522-b0fe-4a22-877c-00b3d391b833", "value": "T139D42313998C4167C1DA56F1EEA7EB5507F39F802089CB4CD24FBC157A9A7C4E21372A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689618506, "uuid": "6d6cbcdd-b437-4ac9-9a34-109149b3e50f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689618506, "uuid": "15464941-2a3c-4330-b148-626b90db5853", "value": "12288:ffb/WT4UkuZbpTezl029VyZ89huwmw06Jxwkl71FaQ:ffzW/ZbpeX9VQ8HHz06JxZ7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689618506, "uuid": "df14a22e-4f9f-4d1b-9429-b3abce37febb", "value": 604672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689618506, "uuid": "59297d70-3539-45c0-b05f-4a71972df18d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689618506, "uuid": "460293e4-fac2-47b3-bacc-38029288f7e1", "value": "SecuriteInfo.com.Win32.CrypterX-gen.1381.5285", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7581e470-24d6-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689621400, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621400, "uuid": "85d9d34a-1788-4540-95e2-9117d9d31dea", "comment": "Malware payload", "value": "84b1f23a2a44bba69b9993d7d8f4508d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621400, "uuid": "2c307026-54a1-4eb5-bafd-d82db7d30b2b", "comment": "Malware payload", "value": "e5474bdcb0a87bd6c1c74d6a2fd6cff6c8ff913248b84e22c1ef5e82cb6f5cde", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621400, "uuid": "a5a4edc3-eb4e-4d22-b94e-7d4a5df9b0f3", "comment": "Malware payload", "value": "936b40a234c50d16d0ca31d98ae485de14f12d36", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689621400, "uuid": "9d141d55-d267-4886-9192-345c77ceefbe", "comment": "Malware payload", "value": "35f20f480431152f4db980218db4462917a0d5965eb78c685f3bf22269eb0af31bfccf8f81a1200bd849c99bab0d5de0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621400, "uuid": "5875553a-b777-4728-b9a8-0a9ab54549ef", "value": "T12694E1353186C037E1A716344BE0CB7A293A7D654B35A8C73BD42BAE6E646D1DB3430B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621400, "uuid": "918ba547-be21-44dc-9dcf-63f0e5721d93", "value": "107ce26529ae294c1f1bd78f8930ce3e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621400, "uuid": "486a8751-6a99-4c5e-ac32-91fd22ed73d8", "value": "6144:Wucyz4obQmKkWb6ekie+ogU6BYv0znbHKN4BEN58ByW6i0zbcfp3wZhIDsk4ORw3:Wq4w/ekieZgU6u03GU6iScRAnISlx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689621400, "uuid": "be6a1b77-e09b-48c2-a12e-dc4a4167a028", "value": 424452, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689621400, "uuid": "fa45afd3-308f-4b70-8994-8b796a2a41df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689621400, "uuid": "df6c741c-4354-4095-83d2-af19bff91386", "value": "D7FF1CB1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8ca82d9a-2467-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689573765, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573765, "uuid": "84da7d20-8e06-4339-9371-b2d3a8afb42c", "comment": "Malware payload (Formbook)", "value": "2cf6982530f8d41adee99353cf4b76fd", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573765, "uuid": "979933c6-4147-4561-a7bf-316ff65d2e71", "comment": "Malware payload (Formbook)", "value": "e5ccaa86707215d5156f2aab958330598ca1d4f0cdaef9704f13b9b866d59f7a", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573765, "uuid": "054f67d0-99ff-4593-a6e2-8a1ab1b21521", "comment": "Malware payload (Formbook)", "value": "5e73e1685ecbcb7da9ae507e2717d60a3fa21be4", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573765, "uuid": "1f7ad107-1c15-45fe-a4ba-8139705f8bc3", "comment": "Malware payload (Formbook)", "value": "36bffb1be59c5bf239c49bb597d788367bd9afee6350251d2adc6b2886ebc749331cf84b06aa0af2e654ccd4382c234c", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573765, "uuid": "1703b0f5-0541-4bc6-874a-ca4356a8f3f2", "value": "T10BB42307D9B63EB82831CC6F65D6333DB92B5CC01D5790D10AC89CC948EB75BAC8169B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573765, "uuid": "e001500b-b964-45d9-bdc4-bb88522cef47", "value": "12288:vsSnzwJZSeYiJ0ZZpeMElT+2BZV4BMBGUOyMU9MR1g//i:0SiYTZZQbFPbxOyM9g//i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573765, "uuid": "5bd21809-1224-42b1-9c53-7dd1f3210607", "value": 513730, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573765, "uuid": "0f0822ae-2998-401d-99c6-7b8f2f5e4b9b", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573765, "uuid": "4154b414-f4c3-44b1-9820-d35ec14b1c62", "value": "Product Specifications.GZ", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d174cb12-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1689594926, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594926, "uuid": "f9260140-2f61-467b-a84a-37c119aa5bde", "comment": "Malware payload (AZORult)", "value": "dcbbd856d3d09b17d341edb4d20042a2", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594926, "uuid": "920f5f0a-89a6-49d7-8585-8b927bd412a5", "comment": "Malware payload (AZORult)", "value": "e86c8b3bc2b1ad4ab8ff8c84cb8eff8a845a684ae13f838afd9148ebe1fdf3ee", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594926, "uuid": "2816c191-ea24-496b-917d-af0657666e69", "comment": "Malware payload (AZORult)", "value": "7a9e9988a618fac37889669e7d878641f097fb00", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594926, "uuid": "c28e9f0c-8ba2-4568-bc1c-c008f017dad1", "comment": "Malware payload (AZORult)", "value": "b7adebc5b56e15308f162b7291e57463a05314eb7ec4680c8ca2f94011c660d5a4ac9179830600b81248b0fc7a1934fd", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594926, "uuid": "4ecfcfce-fc78-4ac7-9816-49ae8bdaf429", "value": "T19304022932C2C0F7E7B21330173A3257D76DA7184156D64B6F929FAAB434281E62E7D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594926, "uuid": "259022e7-d411-468e-b547-04faba95fd8c", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594926, "uuid": "8ce72438-34b8-4eef-a626-d345cc2750d7", "value": "3072:ANzPHk9MpcWbUe/X6AzyH/gU4imimCk2ZRhVrj1v6hoIRkO0lYPa4YzN1KzAe0l9:AhRDUoUXmimCk2J/UGIRkO0lYC51KzZK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594926, "uuid": "957cbb7e-7a17-41f7-9a11-47d112285332", "value": 179322, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594926, "uuid": "dbc5322e-b356-458d-8374-f4dabd556ce0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594926, "uuid": "b643ddd6-924b-4da2-a3ba-7cc30507e874", "value": "CI_0723149782#.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c399b772-2476-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689580300, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580300, "uuid": "52b8bf23-ea11-44f3-a309-a18e8fad284d", "comment": "Malware payload (AgentTesla)", "value": "b654d49825c3d3ce83fc3ccea0311be9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580300, "uuid": "123323bf-97c7-4084-afc4-11185425a3dd", "comment": "Malware payload (AgentTesla)", "value": "e9b265ef236137a61a9e6dfd209aab64d9e16543927f162490b00bbb10b043a7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580300, "uuid": "365c5826-4f3f-4ad1-94ff-0ce6aaaa3b10", "comment": "Malware payload (AgentTesla)", "value": "b1ddfb6882f1f8d255a0a132ec73b0b8031799ab", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689580300, "uuid": "7e2950c5-99d8-41e5-ae24-c9536469f482", "comment": "Malware payload (AgentTesla)", "value": "8e6b68448e827a6e4aeabd6585b3e6e54171ba7b0cd046251b92cc9a2092fd6d68ebadcede48298938eec61aa630f539", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580300, "uuid": "b57f8a7b-26e4-442d-bae7-db06fefeb216", "value": "T122C4CE78503CC7AFEB43DB77E434259222F003A61AF6939C8C7A255F3D79638A1546B2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580300, "uuid": "d214c293-d06a-4e16-8f2e-add300c58815", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580300, "uuid": "51df07f6-a361-4e00-b30b-6f6991514d7b", "value": "12288:ZtqTrQaSejL8ZZ18vZ9P/rm5tZPJEvLI0MAyMA8RUg/hrSgHP:ZtqTrQaSejL8Z4h93rmZPQI05yF8RHVv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689580300, "uuid": "fcab94a8-a7f0-4d3d-a61a-ae7056200890", "value": 546304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689580300, "uuid": "60ec8148-b9e8-4457-b8ad-5bc98e783a2b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689580300, "uuid": "95ead53d-5074-4cd6-8f22-0e470c6f1bff", "value": "Transfer copy.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2bef230-2469-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689574742, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574742, "uuid": "0114aaf0-ebc2-4b02-ac95-30ff0cd36ce0", "comment": "Malware payload (AgentTesla)", "value": "cc1654f37d3a19d363abae9afd112788", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574742, "uuid": "1598a7f8-c643-4037-a587-656a3c6173fe", "comment": "Malware payload (AgentTesla)", "value": "ec57c2de3349840ec8ac00000c964ba5c68cda5b954f6ea4ca3ced7098257286", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574742, "uuid": "722897f3-43e7-477c-9e83-ba1da6cf88a0", "comment": "Malware payload (AgentTesla)", "value": "1906b798cb71daffe4aa209383467b5dd6f19678", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689574742, "uuid": "cbb89a4f-66a9-41cc-8d42-14ff8bd6be0c", "comment": "Malware payload (AgentTesla)", "value": "dc61120ca2e1af216d764bd7a340ac26f3ee654e097401e84e316baadee2b2857a9b2db5e780b3fb18dfa764dc7099d2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574742, "uuid": "ad229fc9-5f12-4c3e-91ff-a2a635527227", "value": "T114D4126AA8BA5F92C36403F615447170A3FE5AE2B561D3170CD7F0CA8A7AB058F24F17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574742, "uuid": "121d2492-dd34-46d6-b399-d117c1266780", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574742, "uuid": "323944c3-833e-4abe-9d7a-c5628ac0f13c", "value": "12288:czP5fztK7xB73farrIiPBMFCQ4INiqI/V:e5fRKdBbCr0iAJNDa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689574742, "uuid": "547dc520-0414-4c6a-86f9-132ad1c9bed5", "value": 624128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689574742, "uuid": "b96ed5c1-1c2b-4d48-bc33-2d9f792fe0f4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689574742, "uuid": "dc918d54-d4f4-49a6-9e46-900257d95ddb", "value": "PURCHASE ORDER.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74621b31-24a2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (QuasarRAT)", "timestamp": 1689599065, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689599065, "uuid": "000df094-ba07-4297-8ffa-ef40e8a7861c", "comment": "Malware payload (QuasarRAT)", "value": "576ff204d9896ca30bfcce09b672470d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689599065, "uuid": "a4e531f1-fbc9-4c89-83bf-f205fb2b0438", "comment": "Malware payload (QuasarRAT)", "value": "ec5f46d31e3640082deea41ecd1ec3977376737db0a044e9ffb9f3fece8dcb82", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689599065, "uuid": "dd898448-c6e6-4ff3-b668-52f05dd2c87f", "comment": "Malware payload (QuasarRAT)", "value": "c6a8d74f5ad6c058d27588404411d062850c2157", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689599065, "uuid": "92f2a6f4-dbfd-4369-9647-c7eb54f6802d", "comment": "Malware payload (QuasarRAT)", "value": "fc2d627e32e5c6c897e1060893d9c2ec2b39573c3e1d5305f64c8d508df9a687a4ff1cdb8c4a8012a1771a39b3323518", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689599065, "uuid": "a52c8349-d4ed-4c30-ad8d-00ba41b7f572", "value": "T1F426E02877E4A92BD0AE5BB1C8B19D3107B1AD0296D5EB8D3AE63C8E2D437504D113DF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689599065, "uuid": "6e55a247-f754-4e66-a18c-b633efa361a8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689599065, "uuid": "0c06d011-b4f7-4b9f-9a44-f86b0b5b26b1", "value": "98304:FusihuInm4o46YDGngBDQkAiY0mf0dZl:Fuvuym4olZuDQkA29", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689599065, "uuid": "b7528d77-95b6-426d-9dee-7cb7c780717e", "value": 4751872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689599065, "uuid": "7fff3c56-be0b-4650-950e-d808255607c5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689599065, "uuid": "1e26fc0f-83d9-4070-8193-9454c6eae667", "value": "Valorant Coin Hack (2).exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad7b4958-2466-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689573391, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573391, "uuid": "ee15e06b-6d6c-460e-a92f-10d438d76e77", "comment": "Malware payload (Formbook)", "value": "b7acaf76d538117cad4263128ee94f07", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573391, "uuid": "2b50a0c3-2b58-45bf-9c96-3ef02eac781e", "comment": "Malware payload (Formbook)", "value": "ec7310fe0daf621beb2b1fb82df4a4e8bdb4f9fdb3b3528d13ae434821103667", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573391, "uuid": "1bf5a6f8-44e6-4a83-a4de-613fdf27a5a2", "comment": "Malware payload (Formbook)", "value": "a9b203b314afbe8702bcec1b9db5068777edba61", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573391, "uuid": "db88e802-be44-413c-a65d-0c15a9420d14", "comment": "Malware payload (Formbook)", "value": "507df64db5e28d44ed827c74da6d506a61d08937963afbc8f9aa96c94fa8e056367c353932e021f06b6531071ee88fd6", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573391, "uuid": "b25bba99-4747-46f7-9e48-8b795d3f3dc4", "value": "T14444232AAEFC8BD5319F2E986CE87052235B23BC1F275957EFE44BD50062F1B4462247", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573391, "uuid": "eaf7b49c-2755-416b-bb1f-d4a1eb0a1bac", "value": "6144:HinWYzO52YLBT86awhEToVzoy6xgf6J+pB7xXEecMmd3VAnr:HiWYzm2YtT7JioVz36Sf4+pB10td32r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573391, "uuid": "617555d1-aec8-42c0-a5d5-ed6803ee33de", "value": 270936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573391, "uuid": "8186ad74-ed9a-4595-82ca-558a16fd47fb", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573391, "uuid": "764fa0e2-5a5f-4e6f-8e1a-265ac68e6d54", "value": "Invoice.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec37dd4a-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689594971, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594971, "uuid": "768511ac-6278-4ab0-b432-91d336ba8be6", "comment": "Malware payload (Loki)", "value": "72886107b71c217831c6966d666bef08", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594971, "uuid": "2fce449c-3b9b-464c-bd83-961c0ec304ab", "comment": "Malware payload (Loki)", "value": "ecbdd22e120012cc767cf5a8498cb20011048df2bb38e7baf1fb691aebf02af9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594971, "uuid": "8a1c626f-a2bb-49f2-9a7b-09c0f758c0aa", "comment": "Malware payload (Loki)", "value": "f234f498b7712c6ec6893479861a3ddd2220c9f6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594971, "uuid": "b957bc55-f8a8-46b8-9a2a-83ff670c8a2f", "comment": "Malware payload (Loki)", "value": "8883dedd7e17c0c3d2ac154e9ff79d146681faf4dfac338a2438615d269caf0c327bc889a41130bab98488fcf4d7ad7c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594971, "uuid": "6543f653-d933-4810-973e-5d9118e25636", "value": "T10DC4BE4573B49E31E8AED2B8202920C8DF79B43E74A6E21A1F5A34D11E60F77771B643", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594971, "uuid": "f4e73acf-854a-490e-a528-96d425b53cb5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594971, "uuid": "61e709aa-089a-41b5-b191-a7063579dba7", "value": "12288:tDp8/BdnKg2N0MC4rcHkVSUjZbAcIa7mQSgNIchFE:k/nKg2DC4RVjWgNIn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594971, "uuid": "be55ac26-8592-43a0-a96a-64a8bdfc4517", "value": 586240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594971, "uuid": "c63de4bd-b23d-4b0f-9b67-ded4a0c779e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594971, "uuid": "bada01e0-ad7e-4110-b524-4945bcdaabe6", "value": "swift remittance.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8d683e5-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689594965, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594965, "uuid": "22e3824a-3842-44bc-8c80-9ba845f4f87f", "comment": "Malware payload (AgentTesla)", "value": "4ac8659d18ee55e61f5a0f591d396875", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594965, "uuid": "05957a59-158d-4b6c-ac9b-260b4699cfee", "comment": "Malware payload (AgentTesla)", "value": "ed9d8a4de542e999d3fbafc2f47503e85258d65f46c24e3308f564b78b4f7023", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594965, "uuid": "b5c2c850-6f55-4c3f-a7bf-075ba47cdd2c", "comment": "Malware payload (AgentTesla)", "value": "2b49b3e7d91844c37f3330c979a2feaf1ac15b36", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594965, "uuid": "0bfa97f7-368a-4311-b797-80948e5e0732", "comment": "Malware payload (AgentTesla)", "value": "3cd324c122b616db1853f0610020d4799466ca679d4287eb3981b7203b56c0860447d3ded31a0d2b8b07484a7cd6caa7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594965, "uuid": "87d01d84-7743-429a-86cd-f2b077a4a75b", "value": "T1B7B423171004EDE02554C81A6BD84AF62216A494A9EFCEB7D890BF3C6C5F9E12CB3F35", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594965, "uuid": "9b8bee03-2676-490f-9479-3b50c48aff7f", "value": "12288:6WZFOsrFhaqU3T1f35eNB3TgtAvQEeaxmyWJ5o8lGN9xg0JS2PErW:zZFOsnQ3TFeFUZImN5FGe05PQW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594965, "uuid": "14cd5da7-a07a-4da9-94e4-aa87df689b53", "value": 497830, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594965, "uuid": "8ff7c4ce-db7c-40e3-82ae-5b81b2066b4e", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594965, "uuid": "28ddfa79-18fd-4af3-ac7b-69b76622fbc5", "value": "SOA # 983580_1.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1932cf23-24ae-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689604066, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689604066, "uuid": "72047122-2b0d-4b4c-8c78-fe58af7e8f0d", "comment": "Malware payload", "value": "f3fdd4b1c32be9414c5b8709d25f2c9b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689604066, "uuid": "a36d75a8-8c57-4453-98b0-ca8e22bc1f98", "comment": "Malware payload", "value": "edcb25c8185dfe64d75333c78beac8533745dc6edfe34cfad75d0bd3bca6b057", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689604066, "uuid": "146fe3b4-56c9-474c-9916-995d47f9b2c4", "comment": "Malware payload", "value": "ab90b5e3599a81d7e27d568fb986c09e398f1d00", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689604066, "uuid": "8f44995d-1581-42b9-ab1c-77fd12330ec0", "comment": "Malware payload", "value": "d612537ab83b7530e8f343ffcec9e7b1a6dec84623e6c8155bcb718203a4e03d3228855526b9d6fab10046bcc9adbcde", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689604066, "uuid": "77d08723-7daa-4e1d-9ee0-110e488e7fe3", "value": "T105527EBB92DA9696EE7B0EFE02FF291D81262321433465D3838545094FD0EF2F8316C2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689604066, "uuid": "774f69ca-4705-498f-8b84-dffef57c791f", "value": "8576330f9aeb41bf60082dc9f971f9a0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689604066, "uuid": "e3ebc80c-f5a2-4acc-a714-ee105a2f24a7", "value": "384:FeK7ut3TtJLQb5z8T5abu6yaKCOzswLNQFMD1:IxTtVQ98lfWOzswLWC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689604066, "uuid": "7249c572-2055-4b91-a157-cc76590ff6ab", "value": 14336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689604066, "uuid": "2f5feb1f-4aeb-453c-b5f6-8c77c065030d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689604066, "uuid": "d9588439-728d-465a-b04c-cfaedf4e7e6e", "value": "SecuriteInfo.com.Win32.PWSX-gen.10084.1111", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ca7e8d6-24f1-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689632874, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632874, "uuid": "6a0288d5-8f3a-411b-badb-b6912b658ed4", "comment": "Malware payload", "value": "eb9dda8bb294fb77047986fe666e61b2", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632874, "uuid": "8c75c6a8-c657-4827-97f8-f298540c9a80", "comment": "Malware payload", "value": "edeb2bb7851b59966fec05e427bd2c88ae3daf2bf4946b43b978b1e449e55c17", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632874, "uuid": "50462f4b-9d4d-4b21-9bb3-8b47c8222f47", "comment": "Malware payload", "value": "c588a66074b6bf7cae884b5d6ffd3904a2fddf85", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632874, "uuid": "3108d70f-13ef-4180-905c-2926fe0d584e", "comment": "Malware payload", "value": "3f02d73c800b6d24dbbed5cdc901f13e1f2959cb4b58bb13219320a9c16b4326fff0b7de043db6a5a26d18589d45aa2f", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632874, "uuid": "7126cfdb-34e3-4d36-bfef-0ff9e3adaf2a", "value": "T1F686D007DA1E4EA7CDC570B4485C2686A755EE108334C0E37DBF4D0CEA8EDB89676B92", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632874, "uuid": "b159e033-d417-41d8-b6a9-7f53f794cf7a", "value": "98304:Fg3GiAaZDBHIOf24dSnD0cyF7xY3MjRhaKu1VNiRsnJHoAG:FpEDhIOuq1xSMVhXu1VssJHo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689632874, "uuid": "1c612572-062a-4acd-8fe0-d9f4a50287ac", "value": 7888472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689632874, "uuid": "b7d963c0-c64b-4ca7-a848-c4198de1dd6c", "value": "application/x-sharedlib", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632874, "uuid": "e7e87290-8ef5-4c61-8523-2b92a23c4552", "value": "SecuriteInfo.com.HEUR.Trojan.AndroidOS.Harly.p.4808.28459", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dbecf565-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689594943, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594943, "uuid": "fdaa9d6e-db43-4612-935e-be736e6c9e3a", "comment": "Malware payload", "value": "04d5329d1d30dfa1c363f6d3539267e7", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594943, "uuid": "86b84fa9-122c-4bbb-b3bd-6c6da91c9a5a", "comment": "Malware payload", "value": "eeb4cfedd977ad754fe402ae2e01ab57cb994c13879b2c2945d218f2f7c3ef82", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594943, "uuid": "2e13b590-0faf-4be9-aade-2c804b1d6c0f", "comment": "Malware payload", "value": "efc40a7088ec6022a82d02f866ffdada405ce4d1", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594943, "uuid": "bcb35536-2737-499a-a446-0ce02e4a8d4c", "comment": "Malware payload", "value": "b44fac78cc46ca049d354bfbc8242935b0da70c3210c8d3f4a6812a1f5eee9c68f7e64aaf5545d50cbfe58fb1f5b8210", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594943, "uuid": "8bddbe5e-809b-4f40-85c6-6bf73dc62f17", "value": "T15824137AAB38E110C85AD99A0D9F57FCED85ED2A7DE741B11DD0CAA8868044F30572CF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594943, "uuid": "bc2e4184-c9cc-438e-809b-561dc66a1b88", "value": "6144:fc5CmzHY9Y44RKnqaFy7jOJ9b73NsM1+gCH33u:HOHY9t4RKnqaFy7czD1+ZH33u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594943, "uuid": "d2a02368-726a-4c36-8220-d9311d0856d1", "value": 210259, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594943, "uuid": "8607dfcb-077c-4814-99a0-1ff07cc6afca", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594943, "uuid": "b8603d2e-47f1-4816-9bcd-d2925e6ce22d", "value": "iuxaol.ei", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "822359bc-247c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689582767, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689582767, "uuid": "5ae6509e-1769-4d36-99bb-2a9745b071ea", "comment": "Malware payload (RedLineStealer)", "value": "15eb8ad14a87788df162588c878c6789", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689582767, "uuid": "dab4a1c7-2d35-4d65-a279-0666764e856b", "comment": "Malware payload (RedLineStealer)", "value": "f264b8399bdea1bdcbf1f2e70a1c185a8df97638ba9c171e51a5bf1ee0e748da", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689582767, "uuid": "69331b34-e75d-4d12-b3c1-13f7e2f722b4", "comment": "Malware payload (RedLineStealer)", "value": "4aca83fb3ffe5ebee4a1b16503ae5cab7e9d4ae6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689582767, "uuid": "15213ec7-95da-4140-8870-8e68801195d6", "comment": "Malware payload (RedLineStealer)", "value": "8b5c6be96378154708ef7790848d8aee8cd93b8c3f4a7798e8b259221cc8089ba73324e5b461c77b1c05a94e52e820fb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689582767, "uuid": "9b423f11-1671-40a9-b124-5f55570b6ea4", "value": "T18AE46CA07CD07262DDE3207A06ECBC20D56E6CA4077097C786C84AFFB5691D1763A5AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689582767, "uuid": "d35d93b3-06d5-4c9f-b0e8-dfb5ebca6dee", "value": "366b889fbf8b867e33436fbbbc4d0c58", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689582767, "uuid": "ce5714d2-3651-4c4f-be1f-7fad8a29b4c2", "value": "12288:8n1st25/ZyKB9UyTLrY1XbYcF9u2qgqqytK/YTkALrPGGyf0a3yerTZ:6O25/7rYbFZqrKAJrGGyf09c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689582767, "uuid": "3d47c312-4fdf-42aa-a236-b6e06f5b330e", "value": 701440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689582767, "uuid": "f4622cd6-beb0-44bd-931e-6299e5d2c197", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689582767, "uuid": "a68a2f27-5019-4291-87a8-cb75dd5d1ae0", "value": "SecuriteInfo.com.Trojan.GenericKD.68216066.5153.2993", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d94c971-245a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689568076, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568076, "uuid": "72eb4944-1f60-4f4d-beac-df38d9498512", "comment": "Malware payload (AgentTesla)", "value": "5165b6f9948d86e04ac57edff6e8268c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568076, "uuid": "59d15b8a-1776-45f9-9a3b-c4e43964ffdf", "comment": "Malware payload (AgentTesla)", "value": "f34415b4df3cd3bc51418ec3af5c0854ba70f38f421978a283ceba9ce6e67683", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568076, "uuid": "4eddda52-ba8d-4e80-b0cc-2744687001c9", "comment": "Malware payload (AgentTesla)", "value": "fb94157846504a61b881d9e28f9ce18f387b901e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568076, "uuid": "495d1f30-eccd-4f31-8a1f-72d0dbff4a40", "comment": "Malware payload (AgentTesla)", "value": "db35513b355a6bfb47c35b30143c6a893176fdf7800c301032a44f17460be4aef4d92357c121f6c9868d752a480a52f2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568076, "uuid": "423bf7e6-62e1-43c3-b0b9-42cd2e1a408d", "value": "T106C4CF38503C83AFEB87DB77E430168222F013A65AF697DC8C7A255F3E76638A1545B1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568076, "uuid": "eec92670-850f-4806-b4de-29f8e709f3e2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568076, "uuid": "be366e45-cedf-4bb0-afbd-4bc8d05f1d40", "value": "12288:/qTrQaSejL8ZfELgKPuL3sPGGgfv5SmNiq8wArqfeF95hdBe:/qTrQaSejL8Za0c6v5RNizWfeFr7c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689568076, "uuid": "9fbdbbc2-daab-4217-b7d9-6414606bc98a", "value": 547840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689568076, "uuid": "3ca466c0-9768-4bc8-9e48-bd69e405e798", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568076, "uuid": "41a88475-cc7c-4dd2-8751-7045a544f375", "value": "SecuriteInfo.com.Win32.PWSX-gen.4584.12355", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6aede48-24b7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689608168, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608168, "uuid": "53baa116-8d6c-40e3-8213-0d403112e18b", "comment": "Malware payload (Formbook)", "value": "4f08507af03b7a382fb6f78017aacb95", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608168, "uuid": "2aaba4a9-4fd9-4fc6-b8bf-d7041d1d2ed8", "comment": "Malware payload (Formbook)", "value": "f3bd3f3d3614a9ae90661ee0fff12fd05d626353d1bc79e06e3d74870477411b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608168, "uuid": "80a8e0c0-153a-4e47-99fb-02d57703ce23", "comment": "Malware payload (Formbook)", "value": "289e36621213abdb165386b19667009f462410b5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608168, "uuid": "07d7f306-f92f-4e09-9974-95066a426248", "comment": "Malware payload (Formbook)", "value": "0cf8c2ac9c97882112740d70a6716b82c08ad10f3d68ce83745cbb50499aec6c9f356f7b606350c2e9964198945ce79f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608168, "uuid": "f1108b3e-0aa7-4bda-8d23-3d400d5206b6", "value": "T1334412057A71D266D0D326320C391B9A9F7ACE024624836F23115BE8BEB37E1960DF77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608168, "uuid": "0023c830-17ef-4965-99ae-9c1c53c25363", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608168, "uuid": "d2c89616-f18c-4d24-8cdb-3ae3fb3e857c", "value": "6144:/Ya6I/kWpmXa++6JSb6EyE0IesuJsXaHzqadkVt3Ngdb40skmms:/Y+/p89/SGo0TsDqTndkVt3NgdVlm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689608168, "uuid": "f9c132dc-2e7f-4bac-9228-38f83a1963bb", "value": 260717, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689608168, "uuid": "db73d644-79bb-4896-aa53-b4dba12f4996", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608168, "uuid": "2e57fac4-bdab-469d-b38d-cd9fe713b70e", "value": "Proforma Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb95a8be-24a6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689600902, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689600902, "uuid": "4d23f580-474b-4c87-98a2-de4c52544404", "comment": "Malware payload (AgentTesla)", "value": "5a15707348fe2b10d72b2214f9da79a5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689600902, "uuid": "61bc5441-793b-4de3-b32d-45a5c82b2154", "comment": "Malware payload (AgentTesla)", "value": "f468e71c51b81601ee1c836199470b669e9c5dd83d931890b406dc82744bdd1a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689600902, "uuid": "c329bfc2-0e55-490e-86ec-39414e2f414c", "comment": "Malware payload (AgentTesla)", "value": "eb64892227ac7fe63caf8f74d81e90601454fc64", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689600902, "uuid": "98ab5e2a-a534-43af-97f2-cf56d8df7f68", "comment": "Malware payload (AgentTesla)", "value": "0e605fbe023186a0d057b6552cf1a5512a9b957762e30a3c380f89e1bb35fbede2f7c7d1cbfe569f355c6b43b15dfb82", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689600902, "uuid": "cd26e0cd-a0e7-4c3f-89da-643da16dd462", "value": "T114256C163AD01A0BE42A463D043C7F5CE7EDE55E826FD919B92CD2A7B2F67480D4D30A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689600902, "uuid": "944d21f5-eb2a-42c9-adec-8104ff96490d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689600902, "uuid": "3713b831-0999-4e9b-a934-be55d657953e", "value": "24576:7gynjGJDNUa3EIZ9m3gZl1tt/XTFz7N5FHH+HHHHHWHVHCUXGHnHHhHraHoeXO:je5T5//XRz7rFHH+HHHHHWHVHCUXGHnt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689600902, "uuid": "938dcba3-7a54-4d9b-bf6f-ad0a50527db9", "value": 1046528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689600902, "uuid": "6f9d16f9-6caa-4181-8a20-28bf65331769", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689600902, "uuid": "a6c96325-aa2a-42b6-ba59-fd4668e96a1e", "value": "Invoice AR20230714N.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ef88d4f-245a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689568078, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568078, "uuid": "b9933c66-a8cf-4e11-8452-67fb1c8be4fe", "comment": "Malware payload (AgentTesla)", "value": "ff311d34214d103f87c82556b7b276cf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568078, "uuid": "011e3875-266c-4d6d-8665-2637470799aa", "comment": "Malware payload (AgentTesla)", "value": "f4ab856bd56b75b7ebb8925ba5f880a539b398c9286a47c45ba0ff1a220a2f5a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568078, "uuid": "88f3be0a-9953-4780-a56c-8368b960e77d", "comment": "Malware payload (AgentTesla)", "value": "0d2a780ef56478ed6edb735b1dbd5adcd5c7f6cb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689568078, "uuid": "afd9dc5f-104d-49b6-b232-189aaaa21e7c", "comment": "Malware payload (AgentTesla)", "value": "c21093e6a78e5c86e62493dc21cb5937cf23437a0c4e6dfb8e9f57d9f57b744b15e1e98a383c35026f8348fe98c9d443", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568078, "uuid": "b7caa96a-c411-4ae1-bdd2-ebb7760cd75f", "value": "T19DD43C1B39D02A57E42E426E007C6A6CEBEDE61D467FD929342CC293B2F664C0D4D74B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568078, "uuid": "a31165c6-262d-4fa5-b768-8818deb56702", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568078, "uuid": "fc9db869-3280-417e-89b6-6c189e0e1708", "value": "12288:hoGQIut7DWm27tPZZc7qQrEyFZQCdPQtsIzU9zyU7+PYWmdzz:mz7SmgzZceUdPusIzU9GU7Prpz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689568078, "uuid": "9eef77fe-ab0f-4d72-a1b9-36ce51382296", "value": 639488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689568078, "uuid": "163e3a3d-003d-4f79-8cbc-bddff504bdd7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689568078, "uuid": "191e0570-8a15-4b4b-b624-c0d1e5388cec", "value": "SecuriteInfo.com.Win32.PWSX-gen.53.6054", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f92b7e80-246e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (StrelaStealer)", "timestamp": 1689576954, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689576954, "uuid": "827e0a78-0538-463a-a420-16217c737e27", "comment": "Malware payload (StrelaStealer)", "value": "673493eb4e7d873a34bc33451ce57206", "object_relation": "md5", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689576954, "uuid": "fcf549ce-d24d-4d84-9131-277898b5107c", "comment": "Malware payload (StrelaStealer)", "value": "f4b430913c07730b14bdf19f5803dffe57ff6cc360f6af549360a9db0ba94002", "object_relation": "sha256", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689576954, "uuid": "6175040a-f72f-4734-abfe-174a0758fc6f", "comment": "Malware payload (StrelaStealer)", "value": "8d52c3c30eb28ca8fc6054ab7664503d95e6a0e1", "object_relation": "sha1", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689576954, "uuid": "8480296d-0e8f-434e-b08d-a7dcda088dd5", "comment": "Malware payload (StrelaStealer)", "value": "9b7eeaabe392a543665c871651994839a7d8331cda03209a8ca9b89c545d794eb4bf2416cad41f4eda57297601b1d0f3", "object_relation": "sha3-384", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689576954, "uuid": "fd5f00d9-3431-47d5-afb0-a05692c578a2", "value": "T126E40BBE65DB654AFEA19C306FFCBBA0D77764A9C757C6F044E9A03024204A3DC12927", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689576954, "uuid": "be5c14c0-5d47-40b1-8d1a-5b4352dd95b8", "value": "fcfbe5457e76d2ac347d7db113c0ca3b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689576954, "uuid": "0d6a95a7-77b1-44aa-bc3b-6e564bc4abdf", "value": "6144:zzKS5Xfi14/Dgpz1WLISH3uIwjAg9TUAv27xQs7To1vwYfNN/m+MM5TKEku:z2+E5jSHl0TUAoB7ToiYrhLKs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689576954, "uuid": "c861abbc-e7aa-4aa1-bccb-658027f4939d", "value": 711915, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689576954, "uuid": "797c7de7-e26a-456c-b69c-b817bad4a479", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689576954, "uuid": "69474dd9-038a-4f2a-aec1-20bb827cf45b", "value": "freespotty.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15eb8cf3-24ae-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689604060, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689604060, "uuid": "9bbcc52f-b3c6-4b37-ae93-e012dec9a263", "comment": "Malware payload (Mirai)", "value": "540efd193fb03a2fc08f6b6a2cba9dd3", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689604060, "uuid": "7c446c2c-b19f-4c79-99fe-d524d389321b", "comment": "Malware payload (Mirai)", "value": "f50922247634523ea5e4d89918ea8d8c1490e65b2cdbcd91f1ec07b43e4a64cc", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689604060, "uuid": "412f7260-4888-4d2c-93cb-f8eb58bdbbd4", "comment": "Malware payload (Mirai)", "value": "cf527ac93be7bb9976c8dbde4c0c8d515a7cc49d", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689604060, "uuid": "47d202e8-c6db-4479-b9c1-f948689dd7cc", "comment": "Malware payload (Mirai)", "value": "adb6da7c3e96ac7e13602fa62fde666953f71253bb5fb8f71693e3a85e2e0ab0a73449bf31711152d8403dadf9143ebd", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689604060, "uuid": "228e8db9-9bd8-4839-8104-99f07636cadc", "value": "T15AF2E138530114EECDBD88BE87F707117032CBB6E0675D0A7B11F1D6CA622197E669DA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689604060, "uuid": "343473cb-92f9-4a20-a79e-ea843de8b67b", "value": "768:B+jPtF3IG+ZaDofA0JnZuIeacUMuXawjRIt6VMw+Sh3+8JROeZxDJgGlzDpUYsA:BGtFY/Lb3aUntItgL+yu8esx5VqYn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689604060, "uuid": "b818536c-2eb8-435a-b622-e4d922f5caba", "value": 35228, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689604060, "uuid": "d6f38b56-5a61-4e40-af13-705963e42b4c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689604060, "uuid": "12f0a2b2-656e-4f15-8944-1c1b8f9101a4", "value": "SecuriteInfo.com.Heur.20230717142745921918488", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "08f84e7f-2484-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689585999, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585999, "uuid": "59e28874-208c-4463-85d7-202366ac8e4e", "comment": "Malware payload (Formbook)", "value": "5dab2a17678b076d73823191fe40eec3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585999, "uuid": "eb7b5d4d-73b4-4882-a5cc-72994154bdcd", "comment": "Malware payload (Formbook)", "value": "f5514ba2ddd26604600411906b8391af11ef05fa5c034f45f30c50ee7048ddd4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585999, "uuid": "e8e0ffd6-63b5-4589-97d8-8696405ef96b", "comment": "Malware payload (Formbook)", "value": "62527c037c8f99e997b3ee61a75e7dddf7bb938c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689585999, "uuid": "9d284181-c582-41aa-b3c0-18f5561ffc84", "comment": "Malware payload (Formbook)", "value": "afdbc48ff927e85d9d6e00342ad9afb47ef7784eea88ed2ea4720b8ab8d1e0f5655a6f676c724a626aa3da750822bc66", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585999, "uuid": "24c7dda6-b4ff-4c58-a842-e3d8b9a18bc2", "value": "T1A93412186235C5AFE9D11B736C7B91B79BF43C053425A24727541BEE3A23382CA0FB22", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585999, "uuid": "9e8472cc-4b41-4403-8922-663a9f6e5fde", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585999, "uuid": "56da79c8-c7a6-439d-9ee8-78ac396afc6f", "value": "6144:vYa6bG4q6WdKykkv+wQiUOPFl9sRiO+u5mhqYV6sy:vYZGcQlWwsOPL9sRiBhqL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689585999, "uuid": "165d011d-8e55-48db-ae1c-0086a93cda05", "value": 243858, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689585999, "uuid": "84a29ea2-5ea0-4ad4-8d8c-5a5fe8697810", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689585999, "uuid": "071cd4a3-638a-4266-b83d-b33aca40b724", "value": "isuu_\u00d6DEME.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ea9b43f-24c6-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689614597, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614597, "uuid": "ac24bcd5-c895-473a-8b41-90737d5b9087", "comment": "Malware payload", "value": "7b9a2188ea818c0d2adcd8e437e869ed", "object_relation": "md5", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614597, "uuid": "32135822-cf29-4ac7-862a-b607b2c67606", "comment": "Malware payload", "value": "f569a9972ee881d645cdae693e3432a8a56c5123bafef3a2853915b5cd27027e", "object_relation": "sha256", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614597, "uuid": "76dbf8a7-b728-44a8-9bfc-b8639e2b4301", "comment": "Malware payload", "value": "b6dc916053a7cdca7ca5cce192876072c1613f31", "object_relation": "sha1", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689614597, "uuid": "a9cea256-3b6c-448c-a689-e1a3ece7c6e7", "comment": "Malware payload", "value": "5d82fa7e08e9439fcdb79113de0a1c996f2c6a5d315a77b4d165e1f65927a90a1679c5e3a59ec5866c7580fd462ca7e2", "object_relation": "sha3-384", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689614597, "uuid": "2c6eb8df-fd28-48d9-a9d0-69417d479ef2", "value": "T13BD18DBEBFD628D9C2D4F035D0142DAE53028642C81E3106F5A4E76DB9C76E4732E158", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689614597, "uuid": "0c18905f-f837-46ca-89ae-f25a89ae61cd", "value": "192:CynSBqew32UniqUy7xwkEage4w8QaoB1X:t3ew3rnisoRTK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689614597, "uuid": "b21598ba-9791-4026-bbb8-3622d8706ad7", "value": 6594, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689614597, "uuid": "0d885129-0fb9-4e69-9e86-c975750c7ebf", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689614597, "uuid": "4cc84c39-873b-4ce4-8446-68bcde818434", "value": "Braemar MTM Report.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "651d7e83-2496-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689593885, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689593885, "uuid": "95d46772-3ba2-4715-935f-075459077113", "comment": "Malware payload (AgentTesla)", "value": "ada04ac33a5453e87d17f3b34f57f50d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689593885, "uuid": "cce9c68c-98ca-4050-b84d-5d9d2a12a20e", "comment": "Malware payload (AgentTesla)", "value": "f63529cbbb9347615150ed2c567ae06bf9cf3c343b2c4c001ffae7b3ca5551ca", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689593885, "uuid": "1d87f7e1-3d3c-413d-94a8-27590aacd5b9", "comment": "Malware payload (AgentTesla)", "value": "9ba221f7abb643dd2e643461e8d30d1de6b691bd", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689593885, "uuid": "6b1d4d9d-b624-47ad-9e08-84d719323a4e", "comment": "Malware payload (AgentTesla)", "value": "b8bb23abda01c00400721067df650e047085e2df385fc4d9096033736a72c2d59de4b083f27fd0cf9ec61ab255a7e0eb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689593885, "uuid": "c86923ba-f092-4eac-b756-3be4fa602150", "value": "T1D0D43C0B3AD02947E42E427E107C6A6CEAEED61D427FD929342DC293B2F664C0D5D74B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689593885, "uuid": "6a87dbdd-fb0c-4a5f-a780-fa4ee6fa6064", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689593885, "uuid": "9e844696-c250-4b02-a202-0ff5befa6527", "value": "12288:nzYGQIut7D1Wmldv/0+P5QoiiGd0jfEM0JMFEi:kz7Brnv/0+P2ZiHrEM+MF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689593885, "uuid": "da647b11-efbb-4d98-a875-adab17b6013a", "value": 610816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689593885, "uuid": "6bfbb1ba-c784-400f-9238-090b38cb5cd1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689593885, "uuid": "94711059-96e9-4b0d-b43c-9ef1cc01115a", "value": "grace.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc92be62-24c7-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689615077, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689615077, "uuid": "c1fce4ba-a429-4664-8cc2-ac347979a711", "comment": "Malware payload", "value": "e9c1a95a63c907f7cdb1eb640cdd285c", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689615077, "uuid": "5b351a18-4efe-47aa-a86e-b261a3ebdca3", "comment": "Malware payload", "value": "f63765f4fa17eb57dc81bbe7b4da69dcb0e89785f8a7ba5d68d0877bd37fe04a", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689615077, "uuid": "8c913c42-e061-4eb7-8746-60156c244851", "comment": "Malware payload", "value": "f617f2a7af5ec5cf069e4089503230427bd2135b", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689615077, "uuid": "68bd1db7-8f0c-43c2-bf44-ba981e331542", "comment": "Malware payload", "value": "24baba844741a8066d3e8267c61ad80a32aef71c5e18af660472d316b948bc89b8143453b41ad9196ec5605740330b96", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689615077, "uuid": "978425bb-4405-4491-b808-c676a4372b72", "value": "T17455BFF876047DE6267F176BCA96ACDD13B617639ACBA4CC8064B7C305A3375EE02805", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689615077, "uuid": "78a5c018-b991-45e7-8065-ac365019e155", "value": "24576:YFicpFDrlMAjxoK1+NraaW3CCurXh0rk2p3yr/Dk07kL6cysYIbD4E9rcZL80htU:2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689615077, "uuid": "110716ff-eb0c-432f-b76a-829893d99f2f", "value": 1359517, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689615077, "uuid": "9e3f6247-6cdf-4ddb-95ba-306bea605069", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689615077, "uuid": "d742a933-63b5-4b42-9178-97d86fbcd731", "value": "SecuriteInfo.com.Exploit.RTF-ObfsObjDat.Gen.18586.16610", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "39cf4c53-24dd-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689624307, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689624307, "uuid": "aea24dd7-63ba-412d-8647-287ae2d434bb", "comment": "Malware payload", "value": "a2e4f4c2581d1db499c31f2e92f29124", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689624307, "uuid": "8162b5bd-df13-4488-8159-897aca8b0898", "comment": "Malware payload", "value": "f6d489954b8998f657e3e20612144242705d6b66d7a5523f3e9e89c08683db17", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689624307, "uuid": "67f4b594-5334-451f-8587-22f3bb79633a", "comment": "Malware payload", "value": "05536a77ef8638a5f1b79b3a410e94eacb12048a", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689624307, "uuid": "7df0f216-0623-4ce8-96db-5f95b861ca2c", "comment": "Malware payload", "value": "7fdafe5532b06f3729b7226a07cec5bf0796ae47425fc10de3f6bad850155a47fbd4845714b00276ab39903f9b1ee6ab", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689624307, "uuid": "eeb3c7dd-cd48-44a4-813c-f6ab2cdcbd02", "value": "T185C43211A3FD5508FAF73F806DB5A2A40E26BCA6EDB9D2AD1250105E8A72F40DD71733", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689624307, "uuid": "f2d17815-ffc1-46dc-b581-79f9dd201926", "value": "3072:GYpXDa0f8XTPDvLm10lo5Hi2FS+5jVtclZkTpCYgBmCzItwK0os:W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689624307, "uuid": "85477797-935f-4ddd-9ff4-b880ea1d29dc", "value": 576826, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689624307, "uuid": "5b3bedcf-b3e2-4c4b-92c8-e6e889b413a4", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689624307, "uuid": "e64c0e47-a3d5-45b5-ae95-cfeff1132027", "value": "tamaki.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60f9ff8c-24f7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689635539, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635539, "uuid": "7353a7d8-d95c-4fa7-923c-e15b384cef08", "comment": "Malware payload (Mirai)", "value": "47ef749a79575768827c5b5635503f4e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635539, "uuid": "2f5291f5-97bf-4b07-83c4-46afef829a7f", "comment": "Malware payload (Mirai)", "value": "f7a0fbc4bfd4e9ba00dd99f1efc9d737512b4b5ac45002220f427a438bdd66a5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635539, "uuid": "aa7fffef-b5df-4076-ac75-d0f69d331d5f", "comment": "Malware payload (Mirai)", "value": "e003ef185e66839efa43ca2a1105d7dd27d5b96b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689635539, "uuid": "1a9a92ec-4767-4178-9bdf-8fe2b6a927e3", "comment": "Malware payload (Mirai)", "value": "864f6a1f2ae748fd455b3b577338292f1ad91d5acce9d355965f90186364eeb9daca71f21528de4093adb61fac05cab7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635539, "uuid": "cf160cd8-458e-45b9-9a3c-5232f49bfa4e", "value": "T17B538D75D12DEEA8C0424AB4A9598E704F13A0C046733EF7DA9587A69443DBCF858FF8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635539, "uuid": "0a399775-0fdd-4c97-a740-d732e2148a6a", "value": "1536:zag/Vdf5F1LwtkbaOoQ3veifs3guba/qzCEZaCw:zJzf5TLcQfPf+gehCEZa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689635539, "uuid": "0627a4ba-025f-435f-b3f4-f48c8a2d45de", "value": 63484, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689635539, "uuid": "6cd3a0b9-d235-4db4-8ed0-9be1520cf21c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689635539, "uuid": "e4fa2c7a-ea1f-4089-a875-89a7229ac63c", "value": "47ef749a79575768827c5b5635503f4e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0fc22bf-249d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689597019, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689597019, "uuid": "612b98b0-f7c5-4881-8a1e-3e7d92e9258f", "comment": "Malware payload", "value": "c5601589350f0353bd3779a5c4f89b54", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689597019, "uuid": "1f0df05f-be39-444f-9e79-b9b3783af117", "comment": "Malware payload", "value": "f8b870773e730645757551bd0e3a94bd714e8498ac324df55cb58b72b5804cba", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689597019, "uuid": "ece4bb4e-7e4e-4593-abb1-a4f78afbc9bb", "comment": "Malware payload", "value": "ab93076aff221a21e0e32360ec5ac9d49a83062b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689597019, "uuid": "476bb5c7-e090-4b2a-9b90-41f373456fd0", "comment": "Malware payload", "value": "2a6d5f98f3a2e3a884ff0f9ba1a18d42a6c8567001e1c02f9a7889689f1a98b9de092e31cf28ac0da36cd95e05c59392", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689597019, "uuid": "20553120-ddf4-4267-b834-7f339169b4cf", "value": "T1A5424C7B92074113EFBA5EBE26EF6C9D09355236035822D39786884A0EC4AE3F5329D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689597019, "uuid": "1da120ec-7cb7-4d86-86ac-f3e315c6b926", "value": "8576330f9aeb41bf60082dc9f971f9a0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689597019, "uuid": "1347b0e8-25e7-41dc-bcfa-11015e58c121", "value": "192:FgIZ7OlEa8TtXiA3A0+UVmfkG/XGgYgVHMX:FgK7O8TtBcdp2gpHMX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689597019, "uuid": "321930d4-4de6-4eaa-9003-eedfee82873b", "value": 12288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689597019, "uuid": "e5187265-6238-43c9-b1d5-3fe4cc9decb4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689597019, "uuid": "adbee887-d00f-4aa9-944c-7cd3b0036f4d", "value": "SecuriteInfo.com.Win32.PWSX-gen.25277.20157", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1194fce4-2466-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Vidar)", "timestamp": 1689573129, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573129, "uuid": "20f0af70-3f13-45d4-b7c6-e2c8ec539c56", "comment": "Malware payload (Vidar)", "value": "efcd9ab9479a5ad3cebfb2a4cf4981d1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573129, "uuid": "87b2883c-7a70-4505-8cad-028beb8b5c4a", "comment": "Malware payload (Vidar)", "value": "f9240d5311995517f50bfadef7c3395ac278a450aaafc3e5ae0409cd4ac4eb3d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573129, "uuid": "4ac7f645-7f9b-42e7-aab1-61045580cc65", "comment": "Malware payload (Vidar)", "value": "804fa384c69be0bd562b774eb813e7e803a0382c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573129, "uuid": "aae35111-78cb-428a-a75b-b0dda0d04e14", "comment": "Malware payload (Vidar)", "value": "2647cdff2dc037901df8e37425ebe8600a62292a81355ac70273bd75c1cae4e5b057a1fa0eeefb8328340d9b18418fca", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573129, "uuid": "1d9647f3-b47a-47c1-b319-af159aa755e7", "value": "T17C44C05AA3E460A6E8B9577498F203434931BCB19B7846FF12C5D5BE1E33AC0A532B17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573129, "uuid": "3d90dcdd-ff68-40bd-a357-88cd2a0fea01", "value": "4cea7ae85c87ddc7295d39ff9cda31d1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573129, "uuid": "7c8cd027-49cd-4771-8b1d-40e6098a3db5", "value": "6144:JahOyp0yN90QE5pHwUeBAj1IfElUmgpN:Jimy90LuBAD2xX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573129, "uuid": "c2898d11-63f8-497e-bb19-9b5a9a796784", "value": 257024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573129, "uuid": "e0a1f5ff-0292-4b6b-95d9-a4ddb06edd50", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573129, "uuid": "c5aeb87a-e798-45b7-b796-61463c8f41f7", "value": "efcd9ab9479a5ad3cebfb2a4cf4981d1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ada8027-247e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Gh0stRAT)", "timestamp": 1689583533, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583533, "uuid": "05ad56ba-a515-4055-8061-a983acd812c5", "comment": "Malware payload (Gh0stRAT)", "value": "67e54b126541ff09acded272afdcf671", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583533, "uuid": "3ba65b16-61ab-4af5-ae49-d67bed8e7142", "comment": "Malware payload (Gh0stRAT)", "value": "f96391d4e6dba4b0af73bb21d48158252a10fe2c21b986da28c2ad4501f2ecca", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583533, "uuid": "a1a50e9e-5168-4f67-80dc-9979c3ab847a", "comment": "Malware payload (Gh0stRAT)", "value": "17a178ae8464e1e88df2589bc7e70c38470ac6fc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689583533, "uuid": "8ce973ef-bde2-4601-ae28-acd748a753da", "comment": "Malware payload (Gh0stRAT)", "value": "516dbc334aaed81fe93afd76a215dd879f8bea7b6e0638e47c0f08e9f55843dbc8ac9b16b62da997c28472b2f4f975f7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583533, "uuid": "e2b6b3aa-b3db-4568-bc35-280079b8aad3", "value": "T16973842A7681C0BDDAD084300EA7DB7A693ABD6309759A973B94FF5D2C32510D93334D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583533, "uuid": "2c95a7ae-093c-41f1-ac6a-d0cd6cc07f6a", "value": "819840f63f66649e7fd37cd0c9fde6bd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583533, "uuid": "87e3ccfd-b7d4-4f92-884c-c12d86057270", "value": "192:Hht4RDlpkVC/eV8rRJUaRKS6RngoV5v/JO+oV5vcP1oyn7goOmsfr1KD:HhaKw/eVQjVcvRgaO+Z1BCD1KD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689583533, "uuid": "fec77f1f-c05f-4c30-bf5c-683c97be417a", "value": 77824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689583533, "uuid": "1010e950-536d-4985-a74c-cd6774bbe0ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689583533, "uuid": "ca7e9101-3230-4a18-996c-1389fedf34c3", "value": "BAF29D95.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6dbb7983-2481-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689584880, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689584880, "uuid": "cf3277a8-d3bd-40f7-84cc-c569dd1932ad", "comment": "Malware payload (RemcosRAT)", "value": "5d571d0af301aea2a2f2df9ac80aa3b0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689584880, "uuid": "fa456904-fe50-4ef9-a580-ba8789cbd34d", "comment": "Malware payload (RemcosRAT)", "value": "f9757e655b46d179dfadee752d8d147d1ef2add907a8712755dffc158667b1e4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689584880, "uuid": "0ca21bbb-6365-45b6-95ad-247566085e8f", "comment": "Malware payload (RemcosRAT)", "value": "8624c280514a5d01551e54e2a635022a076cf73d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689584880, "uuid": "9c64ab5a-6899-43be-9def-298dd040ac1d", "comment": "Malware payload (RemcosRAT)", "value": "b4d4f4bae82616aa48d5ae25579be9a71b813c5d90a29f2fc7adc845354e14dcb9d5913e0f6be1525541adb838224241", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689584880, "uuid": "57631649-93f1-466c-b42a-478145d37af6", "value": "T1AE3412986B2ED859E194C6FC9524D5F222E95C7E0D2665CE17C8FE2FFD27200ECD10A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689584880, "uuid": "631a151f-484c-4c55-892d-7e4eeeb83c12", "value": "bc4f8e98d1041d53dd63bfb91ed10d0a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689584880, "uuid": "4140f155-f66f-45bb-9829-440616813b09", "value": "6144:4vGSN9gWuLpcBKnVBYAsmrzpyDfOXXVYBX:4vbGWulcBKV3uOXO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689584880, "uuid": "16f0acb3-134f-4f1d-b30c-65385da9f615", "value": 238080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689584880, "uuid": "48d5c5b5-0753-41d4-9ae9-408f4dbf80a9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689584880, "uuid": "1bfda3c7-7993-43c2-9811-91b88cc3ce28", "value": "bOsb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4df2d3d1-24a1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689598571, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598571, "uuid": "97c18648-b0e9-41e7-af44-6c208a0ef953", "comment": "Malware payload (Mirai)", "value": "7befa06b10214734ad93369d2969a70c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598571, "uuid": "bdaf19c7-7458-4346-82de-91ff064a71aa", "comment": "Malware payload (Mirai)", "value": "f9f79daa3dd6f7bc0898dcfda9e1205899a6c41b8b781954c30a58175c31f953", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598571, "uuid": "28b140a4-f205-4c32-b304-8c3c0b5b2e81", "comment": "Malware payload (Mirai)", "value": "27b2eee1d7712cc23bff9bd9265aa91caed83c61", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689598571, "uuid": "155089d7-0fb5-48bc-b3e3-e7bda4c4d71f", "comment": "Malware payload (Mirai)", "value": "655f2c9125cdce0b53613225a7286c1fff4bdb9de160f8cf86fcf7e6534f1524c9ee59d677b0d5b22b5cddac2f35ae54", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598571, "uuid": "929c4612-1b70-4cca-994d-fba72fd5369f", "value": "T1ABE2F1B597C829F2C1F098BACE7E8A012E970DB495CF2322CB384B4A71E74051E7D465", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598571, "uuid": "f8b07675-d949-4378-831e-325b9c5b9573", "value": "768:Hc7HzRgd+zL1DMqAP2Dn1llW7Boljs1/4T2BokVuMGTA3UR:87TK+9VAPyn1lAFoAoRMQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689598571, "uuid": "ceae8d79-8b9b-4563-af35-8ad4a76b0406", "value": 33788, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689598571, "uuid": "db3fcf62-e111-478c-a7b2-8d8021b71ac5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689598571, "uuid": "d9c67309-fa1e-402a-8bab-2612653840a1", "value": "7befa06b10214734ad93369d2969a70c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "760ae246-2436-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689552682, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552682, "uuid": "aa459a51-b2b3-405a-91d7-b7291ad5caa6", "comment": "Malware payload (Mirai)", "value": "4cc36b0814a7cb100937d9258fd90b40", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552682, "uuid": "4e153c14-bd56-44b2-9775-47488667ca7e", "comment": "Malware payload (Mirai)", "value": "fa5e17fc023d15ec53c4f0f4bd0b5f9f4569fbf3e418af7d6f2e83d366723d30", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552682, "uuid": "32057eaa-4bca-4c53-a90a-299beddc1409", "comment": "Malware payload (Mirai)", "value": "20ddb2715d9c34df7d90e4b2ed4434054e399f28", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689552682, "uuid": "f364bdcd-4323-4095-92c8-4f21fd7f7560", "comment": "Malware payload (Mirai)", "value": "4e7c27212304b7053950527bdb73d651e6ef1a671e4c927c075ffb9bddc8f2c01f7dc1aeaffeea2827bc6ecbdb3a0fd2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552682, "uuid": "bb4aa4d3-52ab-4f39-bff6-1b41d5b26e5b", "value": "T1344312D1233D39EEC279E172E96140527FEB17FE752F30B01D795A0079A02EE2D68285", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552682, "uuid": "8574ec13-4434-4a19-b8aa-1adab0628ca8", "value": "1536:eZPey5rnK5pRTm62gl7eBC8JXCIovFSMpLia3zH54PDETvM9:eta8Xgl7YCCYFSILx3zH54PYTk9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689552682, "uuid": "3609d4a1-b2f0-48ca-98ea-c483cb27e1c4", "value": 60632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689552682, "uuid": "36207457-a38e-446e-baf4-e8ce510dca0a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689552682, "uuid": "b101991c-b23d-4ca9-a4e9-63e57da7075d", "value": "4cc36b0814a7cb100937d9258fd90b40", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0ee8758-24cc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689617312, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689617312, "uuid": "d275f1cd-448d-4b61-89c9-c059d5c4f20c", "comment": "Malware payload (RemcosRAT)", "value": "98c31b202cc3fd8c47b61f085dd4ebfc", "object_relation": "md5", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689617312, "uuid": "c6d38dc8-3be7-421c-8860-0b46bff00a09", "comment": "Malware payload (RemcosRAT)", "value": "fb7b4de6fe1e517caccbdde9450c7c42d5ba1a42e0a5e5c14e362aeb6ad67745", "object_relation": "sha256", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689617312, "uuid": "7d030810-304e-49b2-8d4b-eb3ce0ad193e", "comment": "Malware payload (RemcosRAT)", "value": "c678fb695edcb72af3d82f52f1b8292f17398a2e", "object_relation": "sha1", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689617312, "uuid": "ab718d07-7b8f-4c21-81e5-8b22202e69a9", "comment": "Malware payload (RemcosRAT)", "value": "40b37d192cda51c7652b3b7a2a9397b12cbd54226ad3b2ec79a7a0f4caad8bf37afd85f7840016df64da2e1795b4f327", "object_relation": "sha3-384", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689617312, "uuid": "5c2100e0-aa2d-414b-ba4a-ac718b7c6bc8", "value": "T102B1C5608F8C079600796B95B145F0FCAD78CEFAE2A859B1848DE3A8309E5D46D4F94C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689617312, "uuid": "6d8b39ae-7d84-4992-870b-b19bf3addddb", "value": "96:uthC/xE7YcYmAcQ03Lo4PMX0GFf66OticvLmC4EdR4Z8Y:OhC/3NmAcQ03Lo4kX0GFfZOtVL3I8Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689617312, "uuid": "83fb55d3-2b01-4dd9-9cf8-abd5a37e8df4", "value": 5578, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689617312, "uuid": "520cc530-3e38-4cb7-97c1-d63566ebf877", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689617312, "uuid": "4c15f1d4-c3f3-436c-a182-e215c7acde6f", "value": "g.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93fee216-24bd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689610714, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610714, "uuid": "06236360-b317-46bc-8083-aea8a220e899", "comment": "Malware payload (RedLineStealer)", "value": "9822a7555bed6d91c0358bc25fd63152", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610714, "uuid": "51ebe5a3-1e21-484c-b430-102a8f4de816", "comment": "Malware payload (RedLineStealer)", "value": "fc70465d07b9f3eb64e7f5ada2c047cd54b1a10b2790264456c0f76a798b50fc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610714, "uuid": "56e1eade-d18b-4e56-abd0-4c9e7bd40fb9", "comment": "Malware payload (RedLineStealer)", "value": "973fc2efb2b6072e2a114767ff204dd0112b64d3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689610714, "uuid": "e12eac83-4297-452e-a206-3019fae87d66", "comment": "Malware payload (RedLineStealer)", "value": "32a6915f338d5efe4cfbe4a70caee2d5545fe0536c5d3a96d8c5e5444e0f9110ce2c114dfaccafe06f6e74c763234a5d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610714, "uuid": "f07ddd08-8680-49f6-8582-0db1046435c0", "value": "T11E44BF22B3E1C0B9D46799301974C7F21B7F78722B7581CB33641A3E5EB06C19A7939A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610714, "uuid": "1fe67a23-156d-45a1-8b90-aeace2bc1093", "value": "189fcb3cc81a9771ead68c0464a642d8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610714, "uuid": "51dfb504-0c17-4d56-86b6-46af6aac5add", "value": "3072:OKxvB4CHOkQt4CgmeCr5dH7jEfJlpVqmLQT7CYc:1v3tQtrgafbwfJDJL4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689610714, "uuid": "d5669a30-367a-41e7-90c4-6fd6a5bfcfe9", "value": 255488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689610714, "uuid": "ee8f35fd-70b3-4a74-be7d-8ece36114f9f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689610714, "uuid": "9605e782-aba2-4746-b6aa-b09143d7e5a9", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dbf4129f-24c1-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689612553, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689612553, "uuid": "184af54c-59e8-4710-8862-f5f3652b5cee", "comment": "Malware payload", "value": "12f8e0e148cf71fcf07c8f9a161fa3e7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689612553, "uuid": "2f67494e-9feb-443c-b286-19463a745745", "comment": "Malware payload", "value": "fd831bc88d1c08c8b8a2e3756569b8fc3c143d516f4a72ec6fbf3c456c6209bb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689612553, "uuid": "ccd5c390-b08d-48f5-bbc9-1d7251b59c55", "comment": "Malware payload", "value": "37b1d09caa82cdb261aae287bdb9be74b4576149", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689612553, "uuid": "e996f77c-5742-4d1d-8936-bc3c1c303394", "comment": "Malware payload", "value": "211235cc818afc825dd082654c2eb78dfdfbb24bff7a362b2e6badacbf83bef1efdac937a5a1d9c732d2712bf4df4c28", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689612553, "uuid": "de0a9cd2-20f1-4bc2-b4d0-733a072dca73", "value": "T16844BE2233A1C071D9A716305971CAA12E7B78B2177195CB3358173E9EB07D07E783AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689612553, "uuid": "d89fa2f4-6ce3-4bdc-b556-aa52b2d805ec", "value": "f6842a56688153c9d892ae860013ee8d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689612553, "uuid": "e054037c-60f5-4f8a-aa5c-b51bc66b3478", "value": "3072:ApphADQeMKDSd58XT47kKpNT7JvDsNf9jlARJmwxN:mDAjDI58Md3JvmBlmJmw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689612553, "uuid": "4a79f30d-f6bc-4a16-b37c-1a0b7a364ec9", "value": 256000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689612553, "uuid": "7aff1e8e-6167-4e01-9aa1-f7304946ff91", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689612553, "uuid": "6d3781f2-a51c-4201-9313-328d720efb2a", "value": "12f8e0e148cf71fcf07c8f9a161fa3e7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2aece8e0-24f1-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689632872, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632872, "uuid": "19269e99-4a7c-4f37-8856-e4e8ef52f2d6", "comment": "Malware payload", "value": "db3c73e68b8bf6ecbacdad47a764fd8c", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632872, "uuid": "6c81647a-e77a-4130-9bdc-2fe9510c10b7", "comment": "Malware payload", "value": "ff7f5aa017632bea6738eeecb82f8865fa538c7a240a76c35ac601566815ede1", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632872, "uuid": "b1a13449-c6a4-4dd8-8f97-25d97ac7d2f0", "comment": "Malware payload", "value": "36eb8f794b5f14e56e0927a2aee0cab000c52e71", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689632872, "uuid": "49f85dbb-ccbe-4205-a6db-df6781916d11", "comment": "Malware payload", "value": "2f7d0db7f4bacea341e21f49a1bd8ba95fe3ffa1667658104b3067c812fc4b59f83e284e4346ed8db27959954d397f9f", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632872, "uuid": "4e0f5a71-d50a-4d52-9bc2-380b0aeb346d", "value": "T169A3AFEBB0B4EC2EC296E171692597AEFF4084D7E441D70281124DADFCEDE51AD7C284", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632872, "uuid": "747704d3-6750-49ff-bc9b-3b7e14468db3", "value": "3072:sjvMRJwuUT1mjtlP3A24IO99rFnYHNp/cV1a6:sEpUTGlPpDSRYPqY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689632872, "uuid": "68d221a6-5ccc-422c-9fbf-94b6eeb8562b", "value": 102396, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689632872, "uuid": "8311f5d7-7adc-4bc2-a795-382ab62997eb", "value": "application/x-sharedlib", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689632872, "uuid": "07cb59b4-0c09-4929-9d63-4be5091cc957", "value": "SecuriteInfo.com.Android.Joker.1857.6997.2033", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e278fe38-2498-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689594954, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594954, "uuid": "86d19cf8-f1e1-41cb-83f5-2fbcaf294e55", "comment": "Malware payload (AgentTesla)", "value": "24dce50b4099470a2079c1905e839bcd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594954, "uuid": "60d1db45-a196-4919-810b-e96bdcca448b", "comment": "Malware payload (AgentTesla)", "value": "ff868e2c47c2ff9827212a93df18c6dc4da5373ff725a47153e6faedb1c5c153", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594954, "uuid": "323557a8-43ef-4b05-bf2d-622b700ac436", "comment": "Malware payload (AgentTesla)", "value": "026f959c76b96d2765961f8eed119c4c746f9d0b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689594954, "uuid": "3925765e-8dee-4729-9f02-73e179a3393c", "comment": "Malware payload (AgentTesla)", "value": "8cdcb6317b64357b79debd38befcf6cfc02dcd475580df40217ca1135cb06f389cf6c201b6f3a16365dcf095f859eaa9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594954, "uuid": "d38741d6-1e72-4113-a408-cfd31a2ef517", "value": "T1EFB4233456B864BF7FB36A9E9300753676F5B7C351A226BBB8067A3B14C4D880C97432", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594954, "uuid": "3c903c06-9fdf-4b0b-9b89-501edcfefb64", "value": "12288:3T2ezER6SmbutdqXlXKIp2sSBZJ2d2X7BbuYgaea:Dl+IBK4yZMd2XNiBZa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689594954, "uuid": "e5d15ee6-bff2-426f-8c88-e92b942e07f4", "value": 516455, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689594954, "uuid": "e7911d8e-a217-4f6c-a6f9-5359916a84f9", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689594954, "uuid": "4a0a4dbf-e93d-4a18-93ff-087964648b78", "value": "PO.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3af79bde-24b8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1689608417, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608417, "uuid": "fcfab734-b3c8-4868-994a-4db8e2fe1ca7", "comment": "Malware payload (AZORult)", "value": "9259cd147ed5880ad2b0c4b681e0db4b", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608417, "uuid": "cb5833ce-5fc7-4633-987a-ea9649457ac5", "comment": "Malware payload (AZORult)", "value": "ffbc5914f16b287d3ccd7b855e634db5d95fa14596868d7dc29aaa9dd7f4180c", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608417, "uuid": "170706cc-7a53-4f4d-bd47-61840f7d2084", "comment": "Malware payload (AZORult)", "value": "d0341177f21804fa550600235ea20056f3f2e311", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689608417, "uuid": "83ddc6e0-0d0e-4e99-bfb6-f424100c81c2", "comment": "Malware payload (AZORult)", "value": "19cf6008a33f753e54fd8d545c2d2a15822fb0f5aa1c6b3197f7649176925ac91e7a1dd42593e4fa90d7de114c8e511e", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608417, "uuid": "03ff8087-8e84-4f7b-a7e1-9af6f2654c52", "value": "T100B4BE38503C87AFEB57DBBAE434255213F013522AF6D39C8CBA20AF3E75724A1545B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608417, "uuid": "909055c8-35f6-4bee-8677-bf72a73818ff", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608417, "uuid": "c052f79b-8b08-4303-9931-d1d23dcff19a", "value": "12288:GWV6X6FqpgHEcOyApIvnzGgbJ0kqTrQaSejL8Ze:GQWpgErIvzhbJBqTrQaSejL8Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689608417, "uuid": "3ef50495-3cfa-4611-83f2-1fbf5e728f82", "value": 513024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689608417, "uuid": "fb27fa24-0171-4db5-891f-a10734919525", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689608417, "uuid": "f83f34ee-1c54-471a-840b-f1a992c7554d", "value": "Purchase Order CW289170-A.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3aed7d9e-2466-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689573198, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573198, "uuid": "c35d9c0e-5928-4908-bade-c2e4e098d481", "comment": "Malware payload (Loki)", "value": "0c13eceb36bdde5263a3e2ecc3339407", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573198, "uuid": "f4e52c40-593a-46a1-bedc-2eb37e9a7538", "comment": "Malware payload (Loki)", "value": "fffb8dde88ae23cc6c9b00e3692bfe33242ebfde732dc0b0f4a445b729985fc5", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573198, "uuid": "427ecab1-6eee-4492-b1fa-c75ad6ba6e3f", "comment": "Malware payload (Loki)", "value": "19d9f3512d1d0e0ec66fe8fec4efd149f4287e1f", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689573198, "uuid": "7fc71f6c-c748-4202-984e-aa395e582c71", "comment": "Malware payload (Loki)", "value": "db1241d338364a43b74fc16bcfc2eca7edf50112fe101ea3f4fd65d418025ca7552365208d9faff662b08fd711726f92", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573198, "uuid": "f3205359-2405-4c4b-9dea-f07c06d7db4b", "value": "T13765F103D804CBC3D40D83F4BE530EE90F0A6F19E99A7DDB10667F8B3A71A62595A25D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573198, "uuid": "adb30048-8ca0-459d-aa78-b9ba391be3c5", "value": "24576:UIu9VNZylw6VVOZyNw6VleHBlEzp7usR0bgcwyA52hcP5YwVux:UIuPR6VVYp6V8hOzkgjy+P5Yj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689573198, "uuid": "5a57cafe-1ea7-4409-ac49-ffd80792e728", "value": 1436672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689573198, "uuid": "c3e68aed-b73d-4fec-82ee-f677e818d73c", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689573198, "uuid": "dc1fc579-143b-4780-bb23-4795b53bde7e", "value": "MV TRANS-ASIA I.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }