{ "Event": { "published": true, "date": "2023-12-04", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-12-04", "timestamp": 1701734582, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "d3e8410e-a850-4170-bfd7-3ba20bf0c047", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e10a4c6-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698245, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698245, "uuid": "ad8b3151-71f0-48ca-8385-00170fdd7e1c", "comment": "Malware payload (SMSAGENT)", "value": "7084f09aa191f983ca5abb4cbcdd0410", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698245, "uuid": "0044aaf7-20fd-459d-be8c-52d54b439fd0", "comment": "Malware payload (SMSAGENT)", "value": "00867a5e20723f57251ea9ae69c6d329f16c910f8c82e74c2d117191f14ccba8", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698245, "uuid": "bd162db5-1dcd-45a3-bf86-5a66f6b8f942", "comment": "Malware payload (SMSAGENT)", "value": "d4ed8448dd68bf01b9e56a19c01647062258c550", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698245, "uuid": "f0649d5b-5cfb-440a-ac47-9dc2787834cc", "comment": "Malware payload (SMSAGENT)", "value": "88f6f4a81bbced807211fa20af1fd5c249005be1f6fd0384bcab0d9dc5b3f515859e0e71ebf8f91c7703ceebd9773ada", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698245, "uuid": "02f37697-fa88-4625-8dd7-4ce336ae868e", "value": "T115560175731CF40BE073DE316371814F75E085E51A72E312AB07B8585DABDC4AAAEE0A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698245, "uuid": "fbf9ae45-1782-4730-98e6-ede888ac2cf9", "value": "196608:/YDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYM:oirUVis8O/0giAZ9PD4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698245, "uuid": "34af473d-3836-46ab-bc6b-50d6c8291d96", "value": 6360000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698245, "uuid": "6740dda0-9441-4bec-aa60-d7b292af496f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698245, "uuid": "261588d5-9889-4fcb-bc41-6a862f72ad20", "value": "Craft\u0421\u043en.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ce28b17-9285-11ee-b7ea-42010a9c0006", "comment": "Malware payload (GuLoader)", "timestamp": 1701681225, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681225, "uuid": "9b431b9c-997c-45bf-8537-23c3952c9cfb", "comment": "Malware payload (GuLoader)", "value": "9d697a763745aba267d528c4d7bb3d63", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681225, "uuid": "af57c92a-fad7-4a0c-a0a2-a210ef7d5357", "comment": "Malware payload (GuLoader)", "value": "00e9a57fdb09a5e4a8da4ee7fc33e9654851c96fa02b2be3a9616253e1d64bb4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681225, "uuid": "d89b15eb-d4d7-4258-adc5-75316c6522eb", "comment": "Malware payload (GuLoader)", "value": "4d9ea8f109cd40e66d33f760e60b64e24605b300", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681225, "uuid": "44652967-5aa8-4dfc-8ef5-c63efa2c1d0a", "comment": "Malware payload (GuLoader)", "value": "f711cbddcf6b06c8ac092c2cad88c102120354c797ee4e6ee6c86b75daf7598449c31df1847fbb44cb1e8a778fa1cd0c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681225, "uuid": "0454a015-4e4e-4620-9a62-454ae3a3abb8", "value": "T177C40102BB8CD49EDA632B7098B3EA4A17F4FDF556B601077E29352E88373515A39F04", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681225, "uuid": "77c99842-d4fb-44ea-8063-070a5d0e03fc", "value": "93dfc16ed07ebeb5b405221f10d12c0e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681225, "uuid": "674d9981-f1f0-483f-9b2f-530f2d461967", "value": "12288:TS2dfQBQfY/hJX1kVpP+Wb1LYTt5mMYAMxWI9:W2dfWX/VcpPjhLC0AAX9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681225, "uuid": "ae0dc642-7904-4cea-9eaa-655088c87383", "value": 569824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681225, "uuid": "dc07682a-13d1-4250-848f-b99cfad384df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681225, "uuid": "776099cb-61b3-4919-a307-c08add27fbba", "value": "Inquiry 1100735.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "02f919e5-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698227, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698227, "uuid": "e47a22af-3ed9-4852-82fb-7062d082bf0f", "comment": "Malware payload (SMSAGENT)", "value": "9081f6f59f909d9a17c3df4498eaa2fa", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698227, "uuid": "50c8edae-ff06-42e5-bd8a-93a0113f42eb", "comment": "Malware payload (SMSAGENT)", "value": "01a7fd5be94b7995ffa3ebf34f1a0c6bd2f779801d1753b19e0c09a6011d4529", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698227, "uuid": "0341ab50-c616-4fe2-a645-1d5c15df81e7", "comment": "Malware payload (SMSAGENT)", "value": "bd976c386b3b01808485eb7b046fcfa6bbe47ffe", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698227, "uuid": "e502debb-701b-48ee-b139-9fffcb7aadab", "comment": "Malware payload (SMSAGENT)", "value": "b168415a8ffdd18f43e888adf506b4b6d965ee349cd6c1b802edfa2808f41c66767f4b130657874b8c00e5f2f894e734", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698227, "uuid": "c450e32b-25b2-4800-9df0-b03565ea98c2", "value": "T1CC560175731CF40BE073DE316371814F71E085E51A72E312AB07B8585DABDC4AAAEE1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698227, "uuid": "eef13604-0978-4a61-b18e-904544600f82", "value": "196608:/7DGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYo:XirUVis8O/0giAZ9PDE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698227, "uuid": "c7ffb3c7-dc30-402f-af91-e51cf88b700e", "value": 6368186, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698227, "uuid": "cbf87b6d-2b34-42e3-bef1-249f37780c7c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698227, "uuid": "025b16bd-4ae2-4863-b38f-32164fa4d3fa", "value": "Videochat Ru.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db8135af-92ca-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701711045, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711045, "uuid": "161b036c-7f07-4160-bdcb-92d9822044ca", "comment": "Malware payload (SMSAGENT)", "value": "edb8a3a576d1c29e733c3da44c2f3f90", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711045, "uuid": "fa9f6ae7-ab08-4a82-9f33-804a2f948c62", "comment": "Malware payload (SMSAGENT)", "value": "02a97f8b0f92d5556f0657a28f4ba27dd5eb727df37d5f3877130bdecde040d2", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711045, "uuid": "508316f8-fe95-41c5-a17b-dc167a0f8589", "comment": "Malware payload (SMSAGENT)", "value": "ca834eb4dfcd2f52dad9e946d1492dfb3123ff9d", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711045, "uuid": "96af3fab-15ba-49fe-b75a-e3c09333402e", "comment": "Malware payload (SMSAGENT)", "value": "afe425d6cf587d737075828973883ff4de548826ae914676239b973adc32cf22cb6ea4d1b4b5656daf0891a5a5e7203d", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711045, "uuid": "fbfa602c-a660-48d3-a03c-3e7dcf400092", "value": "T16A179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711045, "uuid": "96e651b5-1af0-4bcf-90d5-d4c6796259d5", "value": "49152:RuuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvp:Lv+49UBEIIddXHNqjeceCnMI+lEaA5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711045, "uuid": "2c270169-5ef7-426b-ad90-2ccb2607c176", "value": 18589396, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711045, "uuid": "d57cbe19-a073-4645-9fde-bccee5e38ead", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711045, "uuid": "7c55f6a5-da83-41b3-8511-d55d5f19e3d6", "value": "\u0413\u043e\u043b\u044b\u0435 \u0444\u043e\u0442\u043a\u0438 \u0432 \u0434\u0443\u0448\u0435.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48f0f6e1-9294-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701687607, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "a4728bd1-00c0-4726-b0c9-9f9e40e20cce", "comment": "Malware payload (Gafgyt)", "value": "50478cb213dde55d982d4f2bfb19c392", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "3ff75ad8-a3c7-4124-9a08-ae9f562dd3da", "comment": "Malware payload (Gafgyt)", "value": "042ce2146a4bacb6caceb5fcd1bd357760292b36188d7e0e47c67ceeac0ef1ce", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "7f23cc88-3da5-48b6-9811-9e697da2c18d", "comment": "Malware payload (Gafgyt)", "value": "a6d2715b2b7e9ff68574a23b3659e520a55a50a4", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "4b469d2d-8b8e-4981-909f-e4747fdf3c90", "comment": "Malware payload (Gafgyt)", "value": "478868c1f2c11a6d8cf3bed0310c56005db3720c809f01a73e7342d878380a004dd65c8509ec6cfa7c80351da0dc831d", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "8fedad7a-5413-420a-92fc-1a30bee7f876", "value": "T19F146125991AD217C4D2EEFDFFC5BACA961DF2838BC6A30275A4105D0FE5E94242F8C4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "e5451d7f-b204-46c2-91aa-2c65f896dadf", "value": "3072:e67nQB1R6sfNTOcCj4rJsbCTFmRcqD6sFsfdT+:Ix6sfNT+4r5TFmRcqD6sFsfdT+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701687607, "uuid": "1572c241-4fce-4268-9634-e7a52a392d11", "value": 190391, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701687607, "uuid": "7b8ee548-6f6d-4350-9813-18d8516d7b47", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "62968e05-2846-42d3-84c4-b8eb7821f0ca", "value": "tftpd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48811e31-9294-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701687606, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687606, "uuid": "d3d00a29-a50e-42ea-8d08-ec1258201762", "comment": "Malware payload (Gafgyt)", "value": "447c20a9b2e2f11e38cce449315d24a7", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687606, "uuid": "d421eca4-e0da-4ca0-9d9d-f1960ef83ff6", "comment": "Malware payload (Gafgyt)", "value": "043e66edeb6ecbd0e7c3f99fcd1685e7b5c296668259eafc3c8f7488bd9c018a", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687606, "uuid": "5fa864d9-bfcc-4001-b028-d1e3c30bf9e4", "comment": "Malware payload (Gafgyt)", "value": "1f2e4422e2187bf1cca6498586a96dcc3762906f", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687606, "uuid": "7e26fd85-697d-4281-b7a4-29219838dc01", "comment": "Malware payload (Gafgyt)", "value": "24a7ca539cd32e9c80188ae55f44397a0c6ae29908e8385a91a649f9c8674655eac22e6c511927e2ba32d25fd4f2219e", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687606, "uuid": "9b85c65f-bdab-4f07-91b2-6d86c37d2cc9", "value": "T15A146121991AD217C4D2EEFDFFC5BACA561DF2838BC6A30275A4605D0FE5E94242F8C4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687606, "uuid": "ec00c0b5-4b05-4503-a429-999838dabab4", "value": "3072:a17oAxuBqM4+TocCTcrTykincBqRcmYzrDuOKZfRT+:ekqM4+TUcracgumYzrDuOKZfRT+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701687606, "uuid": "03d59913-f233-46e2-bc01-c7ea5eb096d0", "value": 197937, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701687606, "uuid": "ddd0b87a-89e0-425a-9436-7057e620ff7b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687606, "uuid": "0154bdbd-9e78-47d8-b3a4-ea902c489dd7", "value": "curl", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dad7cb81-9295-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701688281, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688281, "uuid": "e72a703a-5737-4b9c-a6cd-3dbe2e1a6903", "comment": "Malware payload (AgentTesla)", "value": "1818e9167ca1b95dd1e6d3e02be1c8ed", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688281, "uuid": "b7e8a972-4301-485c-8fd5-b1e3e4ce35f5", "comment": "Malware payload (AgentTesla)", "value": "04b079866d5cf8adf944e484210925524a14517a6d2e3c3b5c6f18317f8ea232", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688281, "uuid": "77d3fb4a-1aac-4e95-a4cb-b0852e85eee6", "comment": "Malware payload (AgentTesla)", "value": "333636601f605aca289210786090f2e374fa4451", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688281, "uuid": "eb6710d4-1a66-4a45-acf2-892a984c6343", "comment": "Malware payload (AgentTesla)", "value": "3ea194a68f6118ffae603077aded2f7f86c238e48f757e9e4beb47bd1a4d6fb0c1e8772cbaf7a86ac9e4e6b6363aa162", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688281, "uuid": "e15f175f-abfa-4075-a9e6-4bbc60bd5299", "value": "T10E6423FE5C44E22E60C99194720BC4BB951D91391AE48C6CF2CD0BB02D657D7AF3A67C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688281, "uuid": "cafa2095-7eec-4270-a6b1-e54c7d335f99", "value": "6144:qarOCCNqI1qf2Jd7nEhMerIa/2t0Sled7wEBQabvrgROxnPiqVO6z:7r3KZk67EGeD2t0td7bQagU4aO6z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701688281, "uuid": "05a6d35d-d115-41b7-84bf-5a415a24be8e", "value": 318794, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701688281, "uuid": "12fd7308-6a55-4189-b408-8e357fb05c7e", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688281, "uuid": "34f44f02-0337-4efb-8662-32738578aa3c", "value": "ORDER FUZETEC PO2311-000031.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49be065e-9294-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701687608, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687608, "uuid": "b0a026e3-08d0-4c01-b6b7-931c5898a592", "comment": "Malware payload (Mirai)", "value": "72474d0ecdd766ef523e537bf20f81b1", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687608, "uuid": "d7fea2f8-8b27-4011-a405-ebe76e0f455c", "comment": "Malware payload (Mirai)", "value": "050ad8c66b8604578700009f1248143dd879a332175962b7fab0603a6d87efda", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687608, "uuid": "8d2b0c68-428b-417c-8330-f7f6df948890", "comment": "Malware payload (Mirai)", "value": "1e1ec31a11de9ef76459dc835d917719f723f035", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687608, "uuid": "27b71e15-a76b-426b-a1bb-820f8ec70680", "comment": "Malware payload (Mirai)", "value": "85a7f232cbe06a72249e89f9e2c2ab095062bd95e8b5c4b6ac579669938031d1c4c645e1c4908f1f8713648674b089ae", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687608, "uuid": "d5e7e47d-5e4c-4c12-8d71-c9bb7d127663", "value": "T1A733F291906E6DB5CC702CB1D8A55AE07AFD0B3CF98B772E75049AC230831A76FF5448", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687608, "uuid": "1421edad-7e3d-48b7-aa1b-28273b34172c", "value": "768:LEbPpQwNueqlA/gS8wgXFuCAIDRFLoBco+i9q3UELjCHVIpH3UQJc2ZVYCYjK0Ns:I+wg7A/ww96jocLm1IpXVJc21+3onv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701687608, "uuid": "85fe0a63-f7f5-4eeb-ac19-f07e23e32e19", "value": 52524, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701687608, "uuid": "7f51f814-52f4-4b91-8504-0bc6483dbc5a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687608, "uuid": "cca2f997-a5b3-45c4-9373-77a54423e7b4", "value": "sora.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43fd71d8-9272-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Stealc)", "timestamp": 1701672995, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672995, "uuid": "5b965e54-8a64-489b-97d8-f26aec43681c", "comment": "Malware payload (Stealc)", "value": "7762caae922545f5f1b64714f44e7e55", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672995, "uuid": "2de63793-b97e-4de1-9f10-588ae0ea9de9", "comment": "Malware payload (Stealc)", "value": "0563e1d721c5c681720d66d71afe67d0b3db51a5837a81feab52eef1aaca27b4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672995, "uuid": "74ce4c83-78c7-4153-8d1b-94de836e33b4", "comment": "Malware payload (Stealc)", "value": "38fde32a3f95204c6a3709c37e9d47978fa4b166", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672995, "uuid": "ceddd8d8-6105-4673-8ea7-29d692c6eb11", "comment": "Malware payload (Stealc)", "value": "c11ed3bf1f986a50c6d99953008e5273e7e63341d520163e54d79ae8bc6e286696ab7ff6a350dee5a0ebc2fb8fdaeb92", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672995, "uuid": "b43044b1-7132-4300-9cda-ef647b56cf0d", "value": "T1E954E80392E1BD55E9268B33EE2FC2F8761DF6408E0D3B652918AF1F14B1176D1A3B16", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672995, "uuid": "644789e1-c6d2-4163-accc-0884cbeb98e9", "value": "4218786bdd48185e04ca1848e08c3d21", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672995, "uuid": "e8f73f92-bfa5-4c8a-bfc0-600b38fcaed4", "value": "3072:ep/3nKbUKJToBzb6JBJVL4g6LI45mXL/bhemOibTUyGTxs:S/Nef/L9r/XL9VOibTUyGT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701672995, "uuid": "6eee6a57-f766-4db6-afa5-cfd7110f5bd5", "value": 288768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701672995, "uuid": "c18f82fa-dce8-4b1e-bc19-542085efc0eb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672995, "uuid": "7672319c-1fba-4694-b8a0-914df50c4864", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f7383a1-928a-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701683376, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683376, "uuid": "b1f0f8bc-cf07-41b5-81d6-f3c7f48f9c61", "comment": "Malware payload", "value": "81ad4b6ee847b58a6de4fadc8e5ac0ae", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683376, "uuid": "ce8faffe-6ae7-4b08-8b4a-29e936e10d72", "comment": "Malware payload", "value": "05b7636daa1fcd8855554e04c865b868c5c658fca6adeaf2f28a6ea3a7b3bca6", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683376, "uuid": "238140cb-ea2e-4980-be52-a04e20cd23e8", "comment": "Malware payload", "value": "941f8a7476f01d9d06440b3d0736a4b70c108359", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683376, "uuid": "0d877117-aa4d-4c66-9b04-299b6491e62c", "comment": "Malware payload", "value": "6356c92c1c8ebe5e2471e81c14341626b8f370e94fa4df9b6016fc7c08c0cd9f2a09ce516ce0f10c0983bf93327d03c3", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683376, "uuid": "485a91d6-3801-4958-9e17-b1cd3e91fc93", "value": "T1B8755B12F4FFE80FCA762435866D789AB79B556651B73DC0297C2C2886B72B13990C0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683376, "uuid": "e2ff9422-6fbd-4567-82b9-bbf695809215", "value": "ffce77b060e7b2ed38dea14b0235dc8e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683376, "uuid": "ceeb3283-e77a-4ddf-bff1-ae01cbc77799", "value": "24576:xOeh7E7IJbtEJEHng8wGrQTLq73xaH7pbHTJZo4HwJ+qx3:xOWFJbtSMXoTLq73xKfJZ7w+qN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701683376, "uuid": "599c13ea-f972-4b5e-88ef-d1800376a56c", "value": 1672832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701683376, "uuid": "40fded25-1329-4b81-b7af-fc4ccda53100", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683376, "uuid": "0c69d8e8-61e9-44e0-9117-af1e076a88df", "value": "81ad4b6ee847b58a6de4fadc8e5ac0ae.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48f88d9c-9294-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701687607, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "5b23e3e2-4a57-45e8-b878-3ec57eb2c2c2", "comment": "Malware payload (Gafgyt)", "value": "83271bff5f660f54a38b1de71c6bc177", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "438fdcaa-873e-400a-a5c2-7741f853d656", "comment": "Malware payload (Gafgyt)", "value": "076906e5f87c6f5dba035c54fd12f9610fc9ca8a9010de1347a9e40073146081", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "301a02ab-ee92-4086-87b7-470c8ad3668f", "comment": "Malware payload (Gafgyt)", "value": "29110e043945e976c711ba524d08948a0df4cc4f", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "2d9d5403-bba8-4382-a000-cc9cdb8899bc", "comment": "Malware payload (Gafgyt)", "value": "5d685853b672c2e3a23a0a282d9dba9baaa0ed213f62e861491ca2152b93c7b69e7ae5a48b084b0ea4d2626c6da4c6e3", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "e4b7dc20-f6d5-492c-83ea-4715ce60d9fc", "value": "T154F340259A1BD173C896EDF9BED2BAD78509F1934E8A8302B2C4249D0EF5D94701FDC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "d5c32bd3-ed62-449b-909e-61268194cd08", "value": "3072:x7obOvFOEhb2rufGO3C5T7cCGCu8gmECVd51tHEaM:xCk6afGOITWCuBmECVd51tHEaM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701687607, "uuid": "91e18f00-9b78-4ac6-b7e5-a8c3480fe4e8", "value": 165464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701687607, "uuid": "7d4d99ed-a059-44f9-a672-94aaf1a08a7b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "65753daf-84d1-436d-aae5-f7cbd7132ac1", "value": "telnetd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "008a2b18-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701681902, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681902, "uuid": "eb756ea6-ce85-4f8a-8b41-8ddbfa8cdad8", "comment": "Malware payload (AgentTesla)", "value": "9f2a5bfdc96beaf41c4c0a77c9cc1eb4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681902, "uuid": "7932921f-c190-42bd-80b9-fd034c57e394", "comment": "Malware payload (AgentTesla)", "value": "07d837ca182080435013ec54fd8be82904502e62363c84de204f5ff991a191e8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681902, "uuid": "1a12b25e-6861-45b2-8c5b-e3271166055b", "comment": "Malware payload (AgentTesla)", "value": "79a8b33d5d43cfdd47ec0a30d6c6babe6e7936a1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681902, "uuid": "e3616df6-5585-4233-9959-460cb5df77fd", "comment": "Malware payload (AgentTesla)", "value": "1893955d7dbf3b332a15936d7080be874d3cc2fbfd4440c7fd3c0e53130e7c4124d6f333aafb4907dbc80c69460b1e06", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681902, "uuid": "8b143e21-4810-4e50-bf68-145f222aa7ac", "value": "T14B155DD1F15088DAED6B09F1BD2BA5302493BE9C54A4410C56AEBB1B76F3352309FE1E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681902, "uuid": "d094e11c-c77e-4b23-a325-ee1bea5066c6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681902, "uuid": "b2eb5f71-1cbd-40e7-9e62-8b32869ecc3a", "value": "12288:EvCe+rYESCVPjkguQUQqzjFNxnFyZakskuD3jYRvGhzQEeknDqz:Eqe+ACVPpuQ4z5NxFu7uDTYRvG2UDq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681902, "uuid": "ac0afe79-6b60-41f9-bcbe-29e39d16a55c", "value": 884736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681902, "uuid": "82124f2b-577c-4b74-ab58-cc8dfc71cf06", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681902, "uuid": "04f5b99d-0950-4f6f-8d9c-24be2adfb0f4", "value": "T\u0130CAR\u0130 BELGELER VE \u00d6DEME DETAYLARI.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "421f90bb-9245-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RemcosRAT)", "timestamp": 1701653665, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701653665, "uuid": "06f253af-3286-48c0-96bb-db09e1692123", "comment": "Malware payload (RemcosRAT)", "value": "c94101f36c6da727a7b183c9bee4b1fd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701653665, "uuid": "b14c832c-42eb-4c9c-aff0-fd88d35e6d95", "comment": "Malware payload (RemcosRAT)", "value": "08538c88f5bac66f227cacff308550bc87d5ccd4c169b8b62601724ba7370066", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701653665, "uuid": "9a8c16ba-819d-480a-bcfe-ba0754c035ba", "comment": "Malware payload (RemcosRAT)", "value": "5335dbc638b27310506d9afeb8a9fc38711c1750", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701653665, "uuid": "5fd25e00-7a7a-43e3-a53d-d4232da87124", "comment": "Malware payload (RemcosRAT)", "value": "ec76d95440290fe7c2cd7a3a996ee52de18bbc6c32dddf2cf077cf07976a786947780ddd6b59358c91c8d50ccecf66b4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701653665, "uuid": "b05f826f-97a0-456c-b0ad-4b94b0363440", "value": "T164B49E01BAD1C072D57514300D36F776EAB8BD2028364A7BB3D61D5BFE31190B62AAB7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701653665, "uuid": "a5338b56-288f-4518-b4a2-d21c51e22b57", "value": "8d5087ff5de35c3fbb9f212b47d63cad", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701653665, "uuid": "846b93f4-52d6-40db-9258-755ccc394788", "value": "6144:AXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZsAX4cNZK5Gv:AX7tPMK8ctGe4Dzl4h2QnuPs/ZsOKcv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701653665, "uuid": "26228606-e2de-4b7a-9f72-957206a2a131", "value": 494592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701653665, "uuid": "8db0bd3d-c648-48fa-a35f-c3f98ee764c4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701653665, "uuid": "ad3d6061-1997-4057-af1b-a27af42fc381", "value": "xZqm4ZfZikBO.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ee6e09b-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698327, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698327, "uuid": "d9504497-b88a-4c81-b681-a481af27938b", "comment": "Malware payload (SMSAGENT)", "value": "6176f0f48bf6c1e62d92cb4dc4ffc095", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698327, "uuid": "a04f09ec-2cfd-498e-b081-0f7252e54667", "comment": "Malware payload (SMSAGENT)", "value": "0896070f1352684b153815741c728c66f2726006310a227bb8cd6bbdd4dde7aa", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698327, "uuid": "f8673393-2ec6-4d71-a48c-663a4730f3f9", "comment": "Malware payload (SMSAGENT)", "value": "323a7248310b1c7c05cb984f910388e3bd9e9443", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698327, "uuid": "6f277b16-d1ec-4af3-b51b-e477edea66ac", "comment": "Malware payload (SMSAGENT)", "value": "4627745103cd81a90ad3101612f55c0f26c0f01a91957bdc5deabab7623526e3e894fa94dee9e0c241a063e30674f916", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698327, "uuid": "477b4fbd-186b-4eb9-a265-5eae6fa807a3", "value": "T13166011A775EFC0BE263DA3123724D4B772B85F51360E3126B06B0686FB3D448D6AD1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698327, "uuid": "5497576e-b1e5-4a0f-a40b-074e9a591da1", "value": "196608:ZyoEI25FawilQNbk2fwDBEIAZ9J9DCJY5:ZZG50qJkjNAZ9PDt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698327, "uuid": "90010728-c930-41a0-b975-99590b414a39", "value": 6691765, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698327, "uuid": "4eec65d9-1188-4b19-bf25-e53bb14e428b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698327, "uuid": "40f509c8-e242-4fc4-8074-34952ed9c78b", "value": "Lovechat \u0412\u0438\u0434\u0435\u043e\u0437\u0432\u043e\u043d\u043a\u0438, \u0427\u0430\u0442.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d9aac9e2-9295-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701688279, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688279, "uuid": "eae9e9d8-d24d-4430-be06-6478374e2fe3", "comment": "Malware payload (Mirai)", "value": "ab3a921441a027dd3cdd29bd02fce9d5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688279, "uuid": "913b00f7-41af-4f65-b7a6-cc0ff3702308", "comment": "Malware payload (Mirai)", "value": "090d54ca33e5025329387f5e1ed891ff65e839b871f5e0406acc7c7ef45add31", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688279, "uuid": "eabe8fb4-52b3-4991-8b11-7dcdb56b8ac9", "comment": "Malware payload (Mirai)", "value": "6eb71d22d7c4eb4bb6d2199e91b40afc14896665", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688279, "uuid": "0d197cd7-b7b0-4eff-b373-fe85d4f6bbdd", "comment": "Malware payload (Mirai)", "value": "9b93908610472704b893856f631a8d8e61f55a936615c18d3b94f41fd65b94192a5b50cdc21b1930848af92c11c0b294", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688279, "uuid": "ed56f123-703f-4d3a-81c0-944df0323139", "value": "T128B2CF3601CDAA92C9549870FAE5C20833130ABAE27F719637814F79D7D12E9A3255AF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688279, "uuid": "4a9f413b-33ec-491b-9d34-d8bffb1542d4", "value": "384:t9dWyZ1lp0E/Z6uy1AEZZBTCU9HT5SExCDtEFL88lKOsl0C5jNhymdGUop5htV:t9dWCp0E/oZ1zZBT31TYsCcL8zXRxs3H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701688279, "uuid": "01a5df09-7d20-46f9-806e-7420dda95cbd", "value": 24516, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701688279, "uuid": "df3d1007-2775-4186-a1d0-806e8be4a4f5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688279, "uuid": "b3a1781f-3c29-4373-9a00-665a89e1284a", "value": "ab3a921441a027dd3cdd29bd02fce9d5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d9efc2c-9289-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701682890, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682890, "uuid": "876b6175-e321-40ca-93d3-f1bbe4b2881b", "comment": "Malware payload", "value": "a3571b1368694c5a60dde00baa21dfe4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682890, "uuid": "55fc575e-48e4-4669-97da-0f1defc91a7e", "comment": "Malware payload", "value": "09f0807728e7e6f8cb3526dfddb7907dabca9d48ea932c53f8a1e584822041e6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682890, "uuid": "fb3d2d9b-6c3c-43d5-b5bd-ad65d99b2788", "comment": "Malware payload", "value": "e83be7fbfbea30f3c13148e1743c3610726e17ea", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682890, "uuid": "8a1dbd4d-109d-4613-862d-a21d35c07719", "comment": "Malware payload", "value": "f70febd3cbe658134c6ed6d66e3743193d9b33444fd5978aea971ec1c14b5b4ad0d18c9619035c2a84a0c6625296fbc1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682890, "uuid": "02d44ffb-c12c-49ee-aca2-624da88a47ef", "value": "T158664A57EC9546A9C0AED63089769263BB717C494B3023D32FA0F7282F77BD0AA75314", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682890, "uuid": "ec956447-8dec-4045-99c0-08c1ca58bfeb", "value": "4f2f006e2ecf7172ad368f8289dc96c1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682890, "uuid": "787346f9-431e-45ab-8f60-3c892c33ed95", "value": "49152:uMK5IPlnfSFBmrMrfAbsAJLyRdEljnjYpTqEW1ZSCSVu1/8iL+llReKnNPI7kr3A:XE+K8MrQNhnjYpT7QZSS7EoqFc5Aa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682890, "uuid": "4e47126f-b4a0-4c25-b1f9-adbf6bd39030", "value": 6574592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682890, "uuid": "2543bb5a-8f8c-4c59-8dc7-70b6da07eeb6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682890, "uuid": "656e6697-da0c-4ce0-ac11-f2f7273771f5", "value": "a3571b1368694c5a60dde00baa21dfe4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a2e743f-927a-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Arechclient2)", "timestamp": 1701676522, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701676522, "uuid": "731125e3-2cf8-41eb-86f1-dbf00b0f7713", "comment": "Malware payload (Arechclient2)", "value": "2bdda0168d51524ccee8eebcaca2601f", "object_relation": "md5", "Tag": [ { "name": "Arechclient2", "colour": "#FEBA91", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701676522, "uuid": "5f50d6fc-b898-4f06-a23d-e1d8a8f890de", "comment": "Malware payload (Arechclient2)", "value": "0a9063ffb0478d1a4b1a5c488bbdbf0cc123c809616c298912e1814829842ba7", "object_relation": "sha256", "Tag": [ { "name": "Arechclient2", "colour": "#FEBA91", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701676522, "uuid": "4ad07dce-3de3-4d2e-9508-712211c1b5de", "comment": "Malware payload (Arechclient2)", "value": "81d4f5ac9b322fbe7135b48e2b24bff54f13e092", "object_relation": "sha1", "Tag": [ { "name": "Arechclient2", "colour": "#FEBA91", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701676522, "uuid": "0f148c30-11d6-47d0-b715-0de3085ed8b7", "comment": "Malware payload (Arechclient2)", "value": "7a957a3ff0d8115d3103a54f709f936df6b00de97f52cb32a0958fc16eacc9ad7c0fca7dde15fdc235f5fdd468287819", "object_relation": "sha3-384", "Tag": [ { "name": "Arechclient2", "colour": "#FEBA91", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701676522, "uuid": "454576c6-a6ad-484c-ac38-8ea20be14077", "value": "T129467C05AEADCB22D2190236DDD1741B83F2DC0DB722E70B23B53E25DDA23DE4976586", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701676522, "uuid": "f1c7eca3-4b33-4772-8047-cd27562777c3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701676522, "uuid": "35dc85a1-e15c-4393-af42-06a9106bd11d", "value": "98304:Ab32/vAFDOIHMx35FQ8pZqdEltR4jdmhmGzT:Ab32/vAlOrQ8/qiNbh3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701676522, "uuid": "b5f30004-0c79-412a-ab3d-0d6a0cbc35db", "value": 5659648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701676522, "uuid": "bf5a0d88-f8d4-48ab-b57d-59150f05e3cd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701676522, "uuid": "8a61371f-3f4f-4282-a8c2-8c17219c7f5e", "value": "2bdda0168d51524ccee8eebcaca2601f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0d9a576-9286-11ee-b7ea-42010a9c0006", "comment": "Malware payload (GuLoader)", "timestamp": 1701681875, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681875, "uuid": "48898bb9-d99b-4f69-bf25-8cd205d50e94", "comment": "Malware payload (GuLoader)", "value": "e96bd1c59a8e67c4ab01a9327c98aab7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681875, "uuid": "c390ca1f-991f-4c34-927c-6902ba8c2e3e", "comment": "Malware payload (GuLoader)", "value": "0b145928bcccd1f9510ef2744ef2487a38cdcdcc6b8595995c491c29f97f55e9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681875, "uuid": "cecdd280-8089-446c-add6-86f292ad81b0", "comment": "Malware payload (GuLoader)", "value": "184bfeb63316cb4aec59ee6038e1f0912541cbe9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681875, "uuid": "4dfd9e5f-c4b5-41b8-a24b-de17751a6543", "comment": "Malware payload (GuLoader)", "value": "5ef84ce59fc3aa5af01f977e22bebb59980b632bd6e1d2a9cce67599d25b8e6ed09ce253f4d4c9040f064828fd62d79d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681875, "uuid": "8ddd7525-522c-4473-bf9e-8bc927d1f425", "value": "T1AE74021E3611D4E6F98883B02B3AAB0F599F6C4712460A0A3771777C6B39693CE1F9C5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681875, "uuid": "b0363ce3-1afc-46e1-8b6a-e57168cd1d4c", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681875, "uuid": "4aff61f6-2d9b-4e11-ae5a-0f6bbeb54847", "value": "6144:6Q606xNlmkDnWv/NIPpWUELI8kMcpBPJi2IVWSF3E5jOWrakDkf3N:UFLWHopWUELI8kLpNJi2aT6OWr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681875, "uuid": "27fe441c-01b7-401a-ba3a-2784c73c4c28", "value": 368795, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681875, "uuid": "af1ecc8c-1d82-45af-9caf-fcd42cb51a61", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681875, "uuid": "fdd66139-0dce-4b9a-a881-c80de7c6e29e", "value": "hesaphareketi-01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "21542e29-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698278, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698278, "uuid": "209765fa-a93c-4b95-a939-274bf12e093c", "comment": "Malware payload (SMSAGENT)", "value": "9d9b336099099225e353f31fa6985f22", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698278, "uuid": "30833b96-7b11-4280-a009-ff482c1f0e59", "comment": "Malware payload (SMSAGENT)", "value": "0ba83d7175bc30699415dad1fd74a54aef3bf120790f137af6877b4cb0e32c63", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698278, "uuid": "d2533e4d-2b87-48cf-a98d-3047a99a9a6a", "comment": "Malware payload (SMSAGENT)", "value": "89377f2dea13178ff3951da8efdef70cd4193871", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698278, "uuid": "8d996cef-d7b2-4bc8-97cc-80288879d2de", "comment": "Malware payload (SMSAGENT)", "value": "b61ffb1f18c831cf6edf3e10c1a0f09c6290cc7716b0fc0f199ff1fd8a6cc42e2eb33072a7dc8b79b62ff918487af82d", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698278, "uuid": "e4398b46-af9c-4ae4-a561-3048b6f3aad1", "value": "T121560175731CF40BE073DE316371814F71E185E51A72E312AB07B8585DABDC4AAAEE0A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698278, "uuid": "cedc99ed-f430-4c19-80ca-4d6ccda5fd29", "value": "196608:/DDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJY0:firUVis8O/0giAZ9PDI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698278, "uuid": "53e9af4e-6a5b-438f-bf94-204c8718a6bf", "value": 6364096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698278, "uuid": "16ed99e1-f14b-4607-9a59-071da49c9155", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698278, "uuid": "70874124-091f-45f2-be21-a8acf62c9228", "value": "Slarry-\u0412\u0438\u0434\u0435\u043e\u0447\u0430\u0442.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2df7bb2f-92c7-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Stealc)", "timestamp": 1701709466, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709466, "uuid": "105b6196-c862-4951-882b-b11d70a9b41a", "comment": "Malware payload (Stealc)", "value": "b01e4b0bcd2380a46e42a927130c752a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709466, "uuid": "6116e341-cf5f-422d-b27d-3134ec90a649", "comment": "Malware payload (Stealc)", "value": "0cdec6aa2a559db4795ff299e8b4b322caf92e6042c9463b828243c97fb7748d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709466, "uuid": "15eb5ced-cabd-4d43-a2b6-91cdf5cb9dd7", "comment": "Malware payload (Stealc)", "value": "5fe9bfd36ef7f2d018ae40b02108b6ed58920d16", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709466, "uuid": "e7a975fc-8906-4ae7-85f4-1e44676f961c", "comment": "Malware payload (Stealc)", "value": "949ed9dcb46dabcc25c6f2acbf1ff945d59573cbe06b0291f28f0689874570293c5c4fb6dfc490b23e169af224b3372c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709466, "uuid": "baf524ce-0ece-4b9d-9fb2-08467aa6549c", "value": "T18254175382E07D55EA264B32DE2FC6FC721EFA418E297B6A2118BE1F14B1073D663711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709466, "uuid": "04c780d7-e24c-4e78-bbcf-e38c73c4d950", "value": "01f6fc978b1d93c9a83c4aab7e4e75ac", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709466, "uuid": "f851e7e8-a554-436c-ab1b-a21619be4f9a", "value": "3072:vIAvOYXd5LrejWGDEHN9GS/0NyN/lPb5UpBwJVZkTkS:QLaLrej4GOpSpBwjiT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701709466, "uuid": "7cb8760a-7923-467d-b1ed-90e5b055bd8b", "value": 297984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701709466, "uuid": "dfe3695f-580f-4cd5-82ae-c575a910e0af", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709466, "uuid": "02e2b24a-2150-425e-a10e-59b1fb4d05bf", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "524cb0f1-928d-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701684616, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701684616, "uuid": "9fd2c605-9bfa-4da4-bdd2-834f2cf4c2f4", "comment": "Malware payload", "value": "b02aa474ddd7087b2ca33dbe0414f10b", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701684616, "uuid": "956339a4-decb-4e99-a447-e1aa0f0098c6", "comment": "Malware payload", "value": "0d9142a196b7a1715add306f46f4426a6c16afef83c906c2bd100c4919939fc5", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701684616, "uuid": "bfc26abb-80cf-4a28-9306-5a546786c8b4", "comment": "Malware payload", "value": "9f819597d49283b719342b271d55d0a25b993801", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701684616, "uuid": "f431378e-ae2b-467d-9fd4-b434710d3ce3", "comment": "Malware payload", "value": "a9db2b320ba223dbd3f20f50376955972a590804659214d35b4e5eee09d5d57bc07dc7f0bb3dd076e68cdccd5bd9c552", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701684616, "uuid": "3085f338-d8e8-4ebb-ad0d-d6dca9b6350f", "value": "T17684120AF682DA2FCC17D430DDCDF5DAD2A8FC9AAF44634B32C5775F85302A14626A91", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701684616, "uuid": "ebbfed02-a461-4c18-a73f-28d79eb8841d", "value": "6144:Sn1m9kdbFW6yGRvNPBvT+ahRq6UXFTmXpJ4aAEFQXioDcEoXloshOpXBV:SOejyGRvTyahRIFI4MQX3Uys0XBV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701684616, "uuid": "4181f0f0-9009-4f1d-8b67-50eb7e2a4d34", "value": 400896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701684616, "uuid": "7b6017ef-a230-4410-8ed2-7d81fc84b929", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701684616, "uuid": "33eb6e70-ffe3-4082-890f-d261f78399ec", "value": "RFQ_PO_december_order_sheet_design_and_ specification_04_12_2023.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43f847c5-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698336, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698336, "uuid": "73f46e3a-61e6-427c-b07f-55f80603c544", "comment": "Malware payload (SMSAGENT)", "value": "725451cc6560bd47ce89e95acb969875", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698336, "uuid": "c27c8654-97db-4823-97de-21a0d42fcdf5", "comment": "Malware payload (SMSAGENT)", "value": "0ddb6591cf169f2c18a56dd830e8b30f701689cf6f352c6c77b359a221fa7001", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698336, "uuid": "0c88022e-571a-45b1-923d-4997cea1b5be", "comment": "Malware payload (SMSAGENT)", "value": "6b368f3eacbb99e988a13c476155b8b526e64bc0", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698336, "uuid": "b3ae9cdc-2ca5-4506-895f-f060bccbcf17", "comment": "Malware payload (SMSAGENT)", "value": "0d6be919a783588bbbd963bdb98ced0dca9eb2dfca2a0797f757d4507565b2595e78c9f6445ab6c983e61a06aa3eb49a", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698336, "uuid": "c6d10e58-17ea-4fd4-87eb-abb772be779d", "value": "T1AC179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698336, "uuid": "34202c4c-344e-4a69-8f8f-a18fecc15615", "value": "49152:1uuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvq:fv+49UBEIIddXHNqjeceCnMI+lEaAW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698336, "uuid": "7faf78d7-8a33-4002-89e0-faeae0ecc4ea", "value": 18568591, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698336, "uuid": "894b2701-956c-49ae-abe9-3e878f306c6c", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698336, "uuid": "ce945a30-fd19-4b0f-967a-615cf2d8e4ad", "value": "AVidChat.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03aa1f39-9266-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701667734, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701667734, "uuid": "00146508-d5a5-43e9-9ccb-b1ef44d540de", "comment": "Malware payload", "value": "688dc636aecdc2fe77a5be31978a515c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701667734, "uuid": "5cb24f27-0461-4f0c-9336-5f18011113a2", "comment": "Malware payload", "value": "0efda0d37bc06ed08452fbdeb16b8a76f26892caf75fd8e46d01f8e5f77d8a5f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701667734, "uuid": "04eb1154-fa12-476b-b100-41c8bbf72902", "comment": "Malware payload", "value": "d8aaa1c73ee98161ea273e6e9e7c380c61340cc1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701667734, "uuid": "74425977-0a5d-4f51-ba64-87b2bd407084", "comment": "Malware payload", "value": "092318ae882b6c6ced20aa2e87f92f762d5d70a6060336de4362840a696b1ae61a5de224a78f703c9104972c84110d97", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701667734, "uuid": "064b942a-1938-4667-bd9b-8a2e7037b8d9", "value": "T1A0836B53B8D18CB0E9721D3158B4D9A19A2FF9114E618EAB778406BE4F302C1DD35F6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701667734, "uuid": "8857aa94-c3ad-43ee-bf60-95d60fa9c748", "value": "9c2487d128efff6de25469d402c83e85", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701667734, "uuid": "33fae98e-5e83-4215-bdf5-403d375b6072", "value": "1536:f8JYIBlXWWPFep6c+FmJRWzUY4eU/mKbcwcfiY3Sen5jpW7HNX2d0sWPPcdeUVTM:fdIBlXWSFeb+FYcU/mKbcwcfiKSen5Yi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701667734, "uuid": "9d319c8a-8434-47aa-a713-198b6441d071", "value": 81408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701667734, "uuid": "9aeb50d3-f34b-496b-80ed-68900158ebf5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701667734, "uuid": "d62186b9-1d34-46a7-a429-98b7e3308485", "value": "SecuriteInfo.com.Win32.InjectorX-gen.2043.1137", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05eaefec-92f9-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701730873, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701730873, "uuid": "f9527998-f889-44b9-9336-ec3776c86186", "comment": "Malware payload", "value": "4effce56541b6465c95212182d4c7e32", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701730873, "uuid": "3eec0018-69dc-443a-9f0a-5e4d1a43327b", "comment": "Malware payload", "value": "0f974de4073e046d4ca07c4cbae873fa5913a795e191b5a601ec2db239d152db", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701730873, "uuid": "74f11692-eeae-4362-b768-e29b56243108", "comment": "Malware payload", "value": "bfd3c438ee7ed6a668236f9ba9970143636e277c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701730873, "uuid": "571b8de4-31c5-4787-b3ae-2cac46abbb61", "comment": "Malware payload", "value": "2882d47dc94b62840ac4f2d04b40efd1380542877b09d245682d817e7bb2214d7bcb986132b8d21e5058338de80b79dc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701730873, "uuid": "b3306f45-426a-41c8-a38a-e8022c3422a5", "value": "T1225408A2D164EB23CD4BD0B5373B9C39190DA526FF7CCF176E0E1AA321B25061295A87", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701730873, "uuid": "775aa10a-624a-4d65-ad21-5f2bbe2d0933", "value": "b6f30f5e7d47b4dde1cbc2055bdcbcdd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701730873, "uuid": "b878f1c6-2aa3-4b6e-af2d-f92149eeca84", "value": "6144:3bRVw6SRfQEtPOGMVzKFC+tSjn7ZcWM2K1:9aBt2LFN7ZcgK1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701730873, "uuid": "20e5e7d5-bd5e-44b1-b215-a5b80758b037", "value": 293080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701730873, "uuid": "38324b2a-b6c0-48e2-a8e3-e8774e1a57a5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701730873, "uuid": "92308cc3-d85f-405a-a759-b82cfe0d74fd", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e92d53a-926c-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RedLineStealer)", "timestamp": 1701670517, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701670517, "uuid": "a0bc6b1a-58dc-4ee3-826a-12ca32dc922f", "comment": "Malware payload (RedLineStealer)", "value": "4686151f066142704cc7cb3e91ef9b6f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701670517, "uuid": "77c514b6-362a-4a91-a616-8e4c9a5d9e6b", "comment": "Malware payload (RedLineStealer)", "value": "107bee5a8a00de48fdf713dee1faf12742b7c7e1df86cc79ae2ecf985ba4c377", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701670517, "uuid": "e65dfe05-6781-41d6-9d72-04efbfbbf5bf", "comment": "Malware payload (RedLineStealer)", "value": "a4b5e3a18499f9576de4aa787be04398c52d576b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701670517, "uuid": "d2ca81d3-6a5d-49a8-933a-ceaec7b83870", "comment": "Malware payload (RedLineStealer)", "value": "fd0044307deaf5a623daec020262d7a1ae3b63658533a11e3fc8eac52537ea55ba8b60d8363eaac02e8b4e65d70c96cd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701670517, "uuid": "50e216f7-d828-4175-8a5e-d3f5e73ef3e2", "value": "T10B46330BB1F9E100DDBA21FB7C75E39AAE2C3E95D595B7C1C9EA38FAC43464C1902055", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701670517, "uuid": "e09d22cd-d688-412a-8239-14266961dcbe", "value": "2e5467cba76f44a088d39f78c5e807b6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701670517, "uuid": "c8f82c97-3a36-462b-81f3-0dea62b0d376", "value": "98304:Qm2AmiFgTrcS+/8wuKLfroFmCrXS931VjQPgfNcLvHcHZpa0/0yP:QHncS+zGU31VjQol0v8HT/XP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701670517, "uuid": "95b1d975-136a-497f-a8df-a055e2a0dcf4", "value": 5813408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701670517, "uuid": "e0422cc1-3dfa-443b-8017-e6e45f0fd02a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701670517, "uuid": "50ad828a-57f6-46dc-9d6c-498685f48479", "value": "4686151F066142704CC7CB3E91EF9B6F.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6ec5a3f-9282-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701680114, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680114, "uuid": "9cd40be4-956b-45d8-a10b-2452f78847f0", "comment": "Malware payload (Formbook)", "value": "8b89a7b23313034dcd2a89aae4a8410e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680114, "uuid": "a0cc6f5e-fc9f-4670-ae7b-458dadb347a2", "comment": "Malware payload (Formbook)", "value": "10883d2d817a21862f9068a7fbaae0d363e16e64d291a291925ba002e761eff6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680114, "uuid": "030743a2-0403-4231-a570-dbf88ae479a3", "comment": "Malware payload (Formbook)", "value": "c7756feae3527ee0f0cffb21f3f11098b1bfe83d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680114, "uuid": "aae85a56-fe05-4f95-a36f-2ce33a3a1df3", "comment": "Malware payload (Formbook)", "value": "2f0f662201ed379257c99cb42314b0685134f087956f996396e37bfdd65c4477995ebfb94ad6697806318aeaf7d24e1e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680114, "uuid": "6feca365-3a92-4fd6-86aa-e76091c4ad72", "value": "T1C3059EAC3210B9DFC867CDB6C9942C64EA2034AB571BD203A11709D99A5DBD7CF252F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680114, "uuid": "7d4b4636-5ee3-4a4f-aa53-478f771a5de5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680114, "uuid": "9cfb9b5b-4278-4777-a853-d204ceaf61cd", "value": "12288:yax+5ijoIBoWMJXaniG/moEZK3PgA1LubSkrqK0wRR0z6JyGAEVIeTDBORSSP/SG:px+5iMS/CoHRub9HRyz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680114, "uuid": "d92f6ace-fc42-4036-895a-55be6de3ced2", "value": 874496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680114, "uuid": "c790e8cc-3664-4720-895b-724523d6ef0d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680114, "uuid": "d8ac2aa8-5d82-4c58-a53b-d0373465e0c6", "value": "cjyp4lJXnPQuRwl.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8cca8827-92cb-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701711343, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711343, "uuid": "b6317f39-97d6-4f5c-9c4c-58b0dcab154f", "comment": "Malware payload (AgentTesla)", "value": "fea76b9861cd494170f5edd89179dbb3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711343, "uuid": "bc110ec7-5027-49b3-81d7-30662bacb108", "comment": "Malware payload (AgentTesla)", "value": "128de5e09d0453bdce3abe943b88c72adb065971c9db3ee6e8075bd6651c356e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711343, "uuid": "1940f981-fa41-4193-8b43-03a0db39aeeb", "comment": "Malware payload (AgentTesla)", "value": "a5c8b5a1aa7c786463609d0bc844a5710d1b4361", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711343, "uuid": "386cc359-5aa0-4fa1-91cb-1677b4db508b", "comment": "Malware payload (AgentTesla)", "value": "93a28cec20ec400e30acff37f1df9fca9a209a24abc9ea675f1bd35c89dd750c8f221fca156bb3a585edaa2a7c1b7f7d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711343, "uuid": "dcfba442-f64c-46c0-a536-cd420816a57c", "value": "T1B2D423CF48AD36C46BE9D5E21B848114747F7129DAFA63CEA1C28F153F276499803AC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711343, "uuid": "450eb654-cbf3-44f1-a061-ab86448e9856", "value": "12288:3H8nfotulgPDaqAc07qzo1n9oCgVrQhFBvyR0mMR:3RtdPDaPqzoF9OVrQFd1f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711343, "uuid": "770d95d6-9671-4ba5-a55a-eb7d4658a5ab", "value": 617163, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711343, "uuid": "bb588873-4bfe-43b8-a845-fc38cf9851a6", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711343, "uuid": "042590f2-368b-4df1-98f9-7bc227af9ec6", "value": "Kviitung_04-12-2023.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8b1f155-926e-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701671473, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671473, "uuid": "efe86e4c-e862-45ba-85c7-998a101f1a2f", "comment": "Malware payload (Mirai)", "value": "0db0ddd50a5a5e83b413063fdb6387d0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671473, "uuid": "565c9992-22ec-4c8a-bcf5-7e37fe1d6780", "comment": "Malware payload (Mirai)", "value": "12924f4dda3c96c18cf8f89bd450772099ba6bfbabd3dfdf5a40f4c68b2df791", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671473, "uuid": "c4372d8e-6083-44cd-a738-c3ec22b51b97", "comment": "Malware payload (Mirai)", "value": "fe9dd9a8da24a14fde9b371a0a5ee40a67e648cd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671473, "uuid": "3e0f4a0a-09f8-43b2-9370-27bcf383737a", "comment": "Malware payload (Mirai)", "value": "dcfd8a375c0216148ec7142befd4e71e6c57a972c96969f1f568aa0e00e3a8facf86d18aeb864ee4f8de4e5aacf9cd59", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671473, "uuid": "581b8065-060f-45f9-b929-3285e56f350e", "value": "T1D8433B02B20C0A17C1A36A703A3F5BD197FFE9C122E4F685356E9B999671D371582ECC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671473, "uuid": "d5f0104b-b541-4370-adc3-78db004ebd23", "value": "768:jW9RXhRmrvmx/3S6zIogmYcGkiVr4LubS97qJOA8zCJcijXWFw6tke1FwhIh:jqb5/3SogmYcNzu47Yd8zCJ/jz6eiehC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701671473, "uuid": "90cc7712-4e88-4f22-afce-4b8f39a47c86", "value": 58884, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701671473, "uuid": "6b7d0c96-f6c9-4e50-8665-007e5bc52ab9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671473, "uuid": "a683208a-c1ca-45b2-ac24-9f75e8da34f4", "value": "0db0ddd50a5a5e83b413063fdb6387d0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6cab8261-92d8-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701716872, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716872, "uuid": "229b4468-f6b9-436d-ab81-f5a46d7fe5d4", "comment": "Malware payload (SMSAGENT)", "value": "a31faedacbdea920a484623c19862a7e", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716872, "uuid": "fb961d4a-2b0d-4e41-b53e-87e89915eda8", "comment": "Malware payload (SMSAGENT)", "value": "1342d5143ad7e6a2350b6adf8fc094e2eef1ab030c4dbe0ab55e6216447cd02e", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716872, "uuid": "039ecc6d-a9a7-4800-865b-156500a00e58", "comment": "Malware payload (SMSAGENT)", "value": "9428afd6d48f70a2e90a6166e12fc00046242217", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716872, "uuid": "be725244-db58-4393-9bbd-dec5dce9babc", "comment": "Malware payload (SMSAGENT)", "value": "016fb67cd390eed7419093835629acd4c02d5a2269acd8727777699a9fe7780bd5b0a2a3b97b4f22ea99d7a5ca2e73b6", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716872, "uuid": "051e03bc-2933-4760-982b-e998238ebc2e", "value": "T14F76011AB71EFC0BE263DA3263728D4B772F85F51251E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716872, "uuid": "ff8b1de0-4ca7-4aab-83b5-a23fe6babff5", "value": "196608:/rzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLB1F3nswU/Q6FKNcnFB:Dw0pdMGbwBAej2T7nswxgFB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701716872, "uuid": "58f2d856-d592-4733-b242-70f213c9fdfc", "value": 7333474, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701716872, "uuid": "f91af0f9-1a66-4a8f-88fd-6d2ee8395cfb", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716872, "uuid": "0f31a0fb-2b0d-4d8b-ab4a-ba2e1fe2291f", "value": "\u0414\u0435\u0442\u0441\u043a\u043e\u0435 \u043f\u0435\u0447\u0435\u043d\u044c\u0435.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9af22272-9288-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701682590, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682590, "uuid": "8baf44bf-c7a6-407f-b16e-f5b155a8490c", "comment": "Malware payload (AgentTesla)", "value": "3a4eb467c8ee5a0661b005aa8f728c7a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682590, "uuid": "1bff641e-911a-4266-a6e7-d1a5d9d2cd6c", "comment": "Malware payload (AgentTesla)", "value": "1354ec56e9bead8a7821e30f3b15578ca803359e9d19746bda9a23b62e1f471e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682590, "uuid": "b1460d38-b444-4dd7-894d-c695f9054ee3", "comment": "Malware payload (AgentTesla)", "value": "1bd83ca584acf1339c9d0257ca00f36800a13464", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682590, "uuid": "c8cf0cee-c5e0-4332-8c1c-69e487bb9343", "comment": "Malware payload (AgentTesla)", "value": "132eb690edd78ecc58219643b2d8a6220b5128156b8bace88f407d7e5f83097dc4f3ff99c3b9c5240934c8952c7b7743", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682590, "uuid": "fcd76aeb-5a0d-4eff-8fc1-92c788563ca8", "value": "T1D4841209B561C70BCD16A471DCC5B0CB92389CAE9F9AE78F71CD771F85316E4812BA82", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682590, "uuid": "18aa564c-c26c-40a5-a65f-e03ea84af62f", "value": "6144:9n1m9kdbtHZetJs0hdMJUXnfoNZBcwZ9E197PUypoohChdLSBoc2p+:9OeBAtqSdLnfMXrE1Nk6KdLCo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682590, "uuid": "27ad9f71-b5c2-4849-92df-828fb74eb6a3", "value": 400896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682590, "uuid": "e6b65b51-2f22-4643-9776-b9041429ae65", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682590, "uuid": "a5af6323-4ce7-41e4-95e4-e1b8b7cb719f", "value": "HSBC Payment Advice.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a860baa9-92de-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701719550, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719550, "uuid": "cc8454e7-022f-4208-96a9-010659dc1b26", "comment": "Malware payload", "value": "5620a20711658b05206dc49bdec81e9c", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719550, "uuid": "9440ec58-fe97-4260-9cf7-037f182a2a0e", "comment": "Malware payload", "value": "135f703ece7e14ce5dfb7feab1782013a1f555fc9d84b786d673d37ad9bc4708", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719550, "uuid": "1ff5d939-d9a2-480e-a062-2793484569d9", "comment": "Malware payload", "value": "48d41f648c6fc139c1d3a0264efa73f14e8212a4", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719550, "uuid": "b761ada8-457a-4b24-8a7c-af17ec73f615", "comment": "Malware payload", "value": "4ad1b34ce187aa721dc9a6ca27fd7aff7b97cbbe2ba71a7a25387f77b743874510f95bc2222469a26384b85176e24144", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719550, "uuid": "294ba072-03e4-4688-8fc3-35be953c8c2a", "value": "T161E36C3BA27154BBD26A7134C9130D49AF71741357728A6F97240ABA2F33391DF29FA0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719550, "uuid": "9f4114e2-ed24-463f-8019-e7f42e60346d", "value": "8af9e90ad27cc2cc9b6628752aa1559b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719550, "uuid": "43aacb92-715a-43da-a1e4-c4872c6f0a6b", "value": "1536:Om7583WEeUVsUVzxFB8AN0jPlNL7F7SDeUNA4IHhrsjkusjsWId09dln5trkHnVH:fqr9nCN5F7uvAHh8kB0MNv0nVRHoFD6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701719550, "uuid": "d2f8b464-4fce-40c4-afd8-c9a1677faf9c", "value": 144896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701719550, "uuid": "82eb9ebf-17e8-489f-9bed-2645762e92a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719550, "uuid": "d3f93d41-39ab-463c-a571-4d1471ce19e9", "value": "5620a20711658b05206dc49bdec81e9c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7f6a98e-92ae-11ee-b7ea-42010a9c0006", "comment": "Malware payload (GuLoader)", "timestamp": 1701699040, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699040, "uuid": "f7b2a3d1-4c77-4215-afa5-4e94dd5111c9", "comment": "Malware payload (GuLoader)", "value": "b56bb86c217f7a77d3f862acf4ecdbe6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699040, "uuid": "99761a6e-cfe2-4e60-9cda-89e1ebcde538", "comment": "Malware payload (GuLoader)", "value": "13a9d7b568ad553f15ab6174f7381c07e1f4d93616d9be70e1b6c3c7c0de69f4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699040, "uuid": "eec3bd34-2864-4d7e-9b1d-2494e71817cb", "comment": "Malware payload (GuLoader)", "value": "665a33c13323e71fd440bb685f417cc279190b37", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699040, "uuid": "e07423b5-3046-4984-8eed-7bf980bdceb1", "comment": "Malware payload (GuLoader)", "value": "f17497c8bebfe61c3e73a6c4b70add9ad7954ca73088d85fa7a4c319e46218fac179cde03acbb30ed68ed2e459c99980", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699040, "uuid": "9f3faaf8-06b6-4b90-a065-dc0466f776cf", "value": "T1167401523703C05ECE6447F198328F658DDCAA30B9236A7A1B613A1CB9311527CEFBD9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699040, "uuid": "4055d8b2-a4fd-439f-88a9-f35842ca8817", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699040, "uuid": "d1254346-f029-44dc-82ab-e08c2fdf7603", "value": "6144:xQ606x4wttB/v/0kI1dwsOtCHbvVdRGxD+wr4ym72BOXIXBeJyFLJ6mN:Htn/H0kI1eCHbvNGVdi72B6yFLJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701699040, "uuid": "b964d219-ebf7-4d0d-a062-4f4b1ef92af9", "value": 349543, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701699040, "uuid": "8e0ddbe5-20b0-4950-82dc-232cafa6409c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699040, "uuid": "a4f968b9-7fd7-4af5-bc37-54a5f6b95de7", "value": "Antndte.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1fcb0a60-925a-11ee-b7ea-42010a9c0006", "comment": "Malware payload (PureLogs)", "timestamp": 1701662627, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701662627, "uuid": "83d02e06-4d88-410b-9eb9-07d868784f22", "comment": "Malware payload (PureLogs)", "value": "249fa2a560a2a8e1ae5a6b114e31afb2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PureLogs", "colour": "#F8D1F7", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701662627, "uuid": "648e4ac1-d733-46c3-adbf-ade99ff34b80", "comment": "Malware payload (PureLogs)", "value": "13e2517eb9d45a3d68feec9d8cec5e8aeeed4b57d63db428f68c54be4224390e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PureLogs", "colour": "#F8D1F7", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701662627, "uuid": "8a18b973-68c8-44c0-a895-d175acd5a754", "comment": "Malware payload (PureLogs)", "value": "3d1cecb12c80bbb4c3d69d25f8295c867a40828f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PureLogs", "colour": "#F8D1F7", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701662627, "uuid": "ef55ad27-cfcb-4538-bd89-9236c0428c11", "comment": "Malware payload (PureLogs)", "value": "193745cd8e8979bb04f387a50af6d6002a14186439ff85f8ab1c519e96805c4e40825b159b2dc2b452f7870108344f95", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PureLogs", "colour": "#F8D1F7", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701662627, "uuid": "bcbc9ec2-65b7-449e-ae06-9e2c208cdb2b", "value": "T149E51284A3E56A42F0FA0F33E8F5574087B5F967A77AE70E4290165D0D67B92CC81B23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701662627, "uuid": "cfcad9ee-6708-4b51-beac-a95d68425441", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701662627, "uuid": "d5c72b52-2f47-4f29-b108-4eebf3cdc5ac", "value": "98304:RjB+06fkx9KWqBDeRTsnBF75riKIJWsHGR:RjB+Rfe7RTsBF75OKjs+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701662627, "uuid": "e711d12e-f786-49df-85e3-9a0b348c0e2a", "value": 3173376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701662627, "uuid": "d737309c-419e-4191-94e2-d6baec7fa2f3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701662627, "uuid": "c8937501-c184-4a65-9cae-17cf2f3194c7", "value": "249fa2a560a2a8e1ae5a6b114e31afb2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d6fa16e-9285-11ee-b7ea-42010a9c0006", "comment": "Malware payload (GuLoader)", "timestamp": 1701681145, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681145, "uuid": "c5315792-8524-4ce5-91c0-51c5c0c10fba", "comment": "Malware payload (GuLoader)", "value": "175656747a014cd0405388c8796f769d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681145, "uuid": "b68217d7-bd6f-4493-bc1a-f52cbc8dc85f", "comment": "Malware payload (GuLoader)", "value": "140cd16c7087789b1bff95f27ef03eef85e37e34362f6676a8eaff268b7c693a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681145, "uuid": "00481700-eede-478f-913a-a56095d03218", "comment": "Malware payload (GuLoader)", "value": "7f138da24c764f6d37b2d690df32481ba686d448", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681145, "uuid": "632a59df-ef32-43b1-8fe0-4d7697b1e79f", "comment": "Malware payload (GuLoader)", "value": "660506c807a9d9c49685ba41a4262328ec9953530c6f0bc362f3a64ee7073c4d4d865e1e34ee9db148e2927d3a191031", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681145, "uuid": "6b19d7ee-a16f-44c9-b302-38da29b89133", "value": "T10AC4F103BB4CC59ED9722B705573EA8A57F0BDF514BA06167E69396F88773804A3AF00", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681145, "uuid": "6457ecf9-597d-4425-9eb6-a60bbe0a5084", "value": "93dfc16ed07ebeb5b405221f10d12c0e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681145, "uuid": "fa0d25f1-57d9-4151-8afe-19f0cc1ac42f", "value": "12288:aS2dfQBQfYfliYNF95lWq5SoASsA6sB20XCI9:B2dfWXflnTjlWrU6420XT9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681145, "uuid": "d80447c9-3bf9-4dbb-92ac-7185f6cfc5df", "value": 572896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681145, "uuid": "21333946-411c-4d0a-97fc-952ad70f41d2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681145, "uuid": "7ad890e6-fe5c-451c-8b3e-1cc94501f79b", "value": "GTE 7000345678.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "048285ab-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698229, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698229, "uuid": "683c757b-40ee-4c37-9593-638e687832da", "comment": "Malware payload (SMSAGENT)", "value": "c24914056914469fc246cd608728df28", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698229, "uuid": "bb27b208-6f47-46d2-894f-fb23519992f8", "comment": "Malware payload (SMSAGENT)", "value": "14407ab5f90e8bda47c8dee6fff1c428aa83e65df60c27d0ac76a5085bbeb904", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698229, "uuid": "9e199739-0a06-4578-8900-3cafdcdc932f", "comment": "Malware payload (SMSAGENT)", "value": "23c19f2cde68a5c2c922e1af6561f030b229a675", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698229, "uuid": "4bc75b88-6c7e-46c3-bede-4c252b99f20e", "comment": "Malware payload (SMSAGENT)", "value": "5befb6b558bb4193e0e8a8064ce0966a3c071145af4079913897bc8375df369e9518e7227da6f7f974b45b391e608f80", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698229, "uuid": "88ef6a50-8453-4b97-95f8-2ae14a4d5fac", "value": "T16B560175731CF40BE073DE316371814F71E185E51A72E312AB07B8585DABDC4AAAEE0A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698229, "uuid": "03a2e006-b960-4f7c-98c2-e2dd9f9f3570", "value": "196608:/6DGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYHq:uirUVis8O/0giAZ9PD2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698229, "uuid": "be2098bb-a1c9-4888-8617-ac57451c2d6e", "value": 6368190, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698229, "uuid": "05bbc74f-27af-439b-80e2-26c1bf0dd1fd", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698229, "uuid": "43649929-dfed-45d0-a6b9-bc4d5d769cb7", "value": "AVC_(AnonVideoChat) (3).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d078c5e-927a-11ee-b7ea-42010a9c0006", "comment": "Malware payload (CoinMiner)", "timestamp": 1701676527, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701676527, "uuid": "c5c72528-bafd-4b9d-b4ae-5aef9cc56659", "comment": "Malware payload (CoinMiner)", "value": "af11859697374640993d814c0ec687e9", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701676527, "uuid": "835e76ef-ae06-4af5-8477-a276187c9230", "comment": "Malware payload (CoinMiner)", "value": "1442c7c7c1ac8bba1b82399c4e53d9614173d2286981e4ebce152892fd073892", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701676527, "uuid": "6a4e61c3-b2ba-43d6-b498-5c2b3fc8ed95", "comment": "Malware payload (CoinMiner)", "value": "5a391a1aab0212a8fccb9fb8d7cce6e308afa165", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701676527, "uuid": "fbf5a377-fb70-4beb-bee5-c0d4a2e59815", "comment": "Malware payload (CoinMiner)", "value": "7e7ebf8af542a287acb958c95dcb15bce1641fb98ec6075c5358acb8a96b3c3eef126c344c64eec7bfd77164bd5c20a2", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701676527, "uuid": "d7037946-1f43-44ae-94e3-89535210891c", "value": "T12BF57C56B9014DE2DD4E11F2D3E26708EF20C8471B01E56B3AD7EBDEB34D2DA458E286", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701676527, "uuid": "e029588c-3ae1-481c-b2d9-d18c4f7ad353", "value": "49152:s1dHXEOD7scUP2Z1aNQ/IUNJ/x+EMw5EuyxMllxaWD/s13BlLDex8cpHhQyl7uGw:ss2ZD9iwQuxpHhSsT45ks/3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701676527, "uuid": "eeb11ddc-74bc-40c4-8e4b-0d2c94772d5d", "value": 3549696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701676527, "uuid": "e1fcf008-8def-4296-a172-a4f8459260db", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701676527, "uuid": "a8230002-9c6b-4fa9-ac2f-3579f8be73ca", "value": "af11859697374640993d814c0ec687e9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cdc2dea6-92f4-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701729061, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729061, "uuid": "9ba802f8-2523-4e87-8570-209749940879", "comment": "Malware payload (Formbook)", "value": "b5e82db74772e2ad8ad797de3b0411f1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729061, "uuid": "94581a7a-2a9c-46b0-872e-f095a39d1c68", "comment": "Malware payload (Formbook)", "value": "144eea27473695352b1dca78911d83a4752c720b571cbe901c74821734736778", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729061, "uuid": "a4503303-21f9-4711-8d19-9c1032894b12", "comment": "Malware payload (Formbook)", "value": "e3cda9e999a1fe0e5a01b0b5157a329ece9a68a8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729061, "uuid": "ec40a4c3-4cb1-499c-b5d3-c814f3ae0bb5", "comment": "Malware payload (Formbook)", "value": "2eaf074df771247c7bbea028d52589f8806795c68cfac7c4c92094c6852077fd1beb0b076683f5870ccdb65bdeee721c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729061, "uuid": "6685d3a1-c64c-4eb9-9927-6dbe1ff71fb8", "value": "T16705E00461F95F19E47A67F58294020007FB7BAA613BE34C6EC9E0C76E75B010E67B6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729061, "uuid": "191cfcd2-073f-4df6-9591-1440fe7260e6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729061, "uuid": "b843d0e8-281a-4bac-8798-8e5eeda007d1", "value": "12288:IfYNr4RRLfxP45+po2xCu4BF7/2h+bHogOkrSSzqI59zHnynJP/sEQ6ZbzcdzmzM:ELfk+pJUu4BFWEO4SO57zSJcQZK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701729061, "uuid": "aa187716-a75c-43c0-be78-32c3e44f0cc7", "value": 861696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701729061, "uuid": "6c10f809-5db3-4625-b427-dda57325e668", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729061, "uuid": "074e4773-a8eb-46aa-95b3-45c70b17c274", "value": "SecuriteInfo.com.Trojan.Inject4.59820.22330.5268", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25e0b0a5-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698285, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698285, "uuid": "ca065872-64ec-41f2-89f4-35b2e852aafa", "comment": "Malware payload (SMSAGENT)", "value": "b2922f70b12ca6f1b2411ed3ded62498", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698285, "uuid": "d2ed7b9e-f418-45f5-a143-173f0b1bc081", "comment": "Malware payload (SMSAGENT)", "value": "1593e1cba87f67eb8042e17cb2e63dcf333a12b573d60e8001528f05c6f61173", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698285, "uuid": "f4e9fa34-9562-4392-bcd0-9d5fdecdd844", "comment": "Malware payload (SMSAGENT)", "value": "874a34b809d0e96a10124bc92b7698252ef5c5ad", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698285, "uuid": "32b181fd-ab64-43e1-9c6d-5a4f20e42bf7", "comment": "Malware payload (SMSAGENT)", "value": "f986b051798cca242143281e2ee2189e8606c939d8b505db61cab9279e0fb560600b05bb1887949359265b92d767987f", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698285, "uuid": "26b20eda-41fe-42ec-a920-0e2fe3c00b89", "value": "T129560175731CF40BE073DE316371814F71E185E51A72E312AB07B8585DABDC0AAAEE1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698285, "uuid": "9bdae4a3-115a-484b-82d1-6f130a9f89ef", "value": "196608:/gDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYpw:girUVis8O/0giAZ9PDFw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698285, "uuid": "35fb025f-c53c-4c4c-be0a-7c5c6092db91", "value": 6364093, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698285, "uuid": "e2e637a2-8c11-4ac4-a1ac-5a1f17213d9f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698285, "uuid": "25fcf5dd-573c-46f2-8c24-1e1f106807a5", "value": "Naked - \u0412\u0438\u0434\u0435\u043e\u0447\u0430\u0442 [18+] (3).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "948b0c21-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1701680862, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680862, "uuid": "11ccaf7c-af00-4de7-8215-9efb0588ed45", "comment": "Malware payload (SnakeKeylogger)", "value": "59368f7ba4bed4898c8b2f8d4733a5a3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680862, "uuid": "084858f7-753f-4722-a488-272f956014ee", "comment": "Malware payload (SnakeKeylogger)", "value": "16146066675c9df7532245c9ae185e23ca948e07f5ecced8747ffa6c400bef61", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680862, "uuid": "ef809e03-6d87-453d-a8a4-5e5cc09866e9", "comment": "Malware payload (SnakeKeylogger)", "value": "f27d60029a8a01c92b61627e9e7867e475f4be32", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680862, "uuid": "f260a7a9-5646-4f70-b833-88a1d4e9fe89", "comment": "Malware payload (SnakeKeylogger)", "value": "fd4dfb1ba98d4c723994e7e5128093a5a7d4514d6220506f6a199a2ff60e2135bdaa77eb37551f30175d2329ddfde23e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680862, "uuid": "44d62da4-4348-4722-bbbd-f54d8580625e", "value": "T152B423E5B04CCB35CC3AF57A886DE39B4379BA0B7119FA696CA1529C2963F0103B1357", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680862, "uuid": "12851add-1c91-4595-959b-a9d22401845b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680862, "uuid": "9015b587-ff6a-40ba-b159-5e0820b08afd", "value": "12288:245+po2dw7eprMXn1fBIPy8t/Eb50BOo/b/deT:1+pJdw6prMY3/Et0XTde", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680862, "uuid": "0d65ca12-0117-4bd8-bf6e-e368806c575e", "value": 530944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680862, "uuid": "41fa7bb6-0b93-4fee-956a-2e85feb79596", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680862, "uuid": "dbdb93d2-ec43-43b4-b9e9-253e8daab324", "value": "Inquiry.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f5525c06-92dc-11ee-b7ea-42010a9c0006", "comment": "Malware payload (LummaStealer)", "timestamp": 1701718820, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718820, "uuid": "e5fec4dd-de69-48e1-b6f5-81cdfdd0aade", "comment": "Malware payload (LummaStealer)", "value": "7ab2b24b9753a02b04186931b7e739d6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718820, "uuid": "fcd60687-111b-45e5-861e-61847fe58f53", "comment": "Malware payload (LummaStealer)", "value": "167637397fb45ea19bafcf208d8f27dceec82caa7ab19d40ecdb08eb1b7d4f60", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718820, "uuid": "98f6c2f1-dcb8-4e7c-9f38-7a7d33dbaec7", "comment": "Malware payload (LummaStealer)", "value": "3443a0d0c460cc304caad401d8b6e228b2c24ad3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718820, "uuid": "3cd9869f-f366-4efe-87db-562adb588dc7", "comment": "Malware payload (LummaStealer)", "value": "a9405572346b625fd87673f58a0ad1360075f2fa884a2c644b07223a95e093aa07f74cf1f3c35738ff379fcde10decd7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718820, "uuid": "83bd3764-d429-4784-8d43-3171cc8e78e7", "value": "T156665BC7FCA145E5C0AAA33185669292BA317C484F2027D72B50FF783E76BE0AE75354", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718820, "uuid": "8f4b1561-7dd6-41a7-adc4-f4de7d423b1f", "value": "5929190c8765f5bc37b052ab5c6c53e7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718820, "uuid": "23ed9dd9-d613-4feb-b92f-36967628aebd", "value": "49152:h2On/42I9OhWqOD74+QOwlQjKAu9chen7wP7vE1w2ltjm5ESE80XTb+nfUv5hLCe:RRI9OEY+24u9cg7m0AEJlXLrKfv7d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701718820, "uuid": "d7c702d8-30bd-4375-bf50-53fc73dc9fc0", "value": 6996992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701718820, "uuid": "f6573958-a7fb-4a9e-8a73-f7afddb3fb1b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718820, "uuid": "6ca6aa73-fc97-414c-aa0d-72ef86716671", "value": "167637397fb45ea19bafcf208d8f27dceec82caa7ab19.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72916da1-9282-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701679946, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679946, "uuid": "e9c40dcd-e1fe-48f7-a67f-2902f4ba3803", "comment": "Malware payload (AgentTesla)", "value": "3e70dd6058713a313d8fa04ba301ba58", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679946, "uuid": "75adb89e-9286-4b34-a73a-b64132d2aa91", "comment": "Malware payload (AgentTesla)", "value": "16aa3dd5d7c847bfadbd4e77953255e834f4630f177cd470065a95454e73fa15", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679946, "uuid": "a5f58d86-d1cb-434f-9040-5a35141aedf1", "comment": "Malware payload (AgentTesla)", "value": "212879ab645505a344ba7c4733d064724611ce97", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679946, "uuid": "884f9e26-3bdb-4718-99d0-ea0f210174ef", "comment": "Malware payload (AgentTesla)", "value": "d0178749bdab48adcf02b806bdb8675d6ee74b481e6fb88a77a9e6346417c9373c3cf251d38559fb9a4f2fad997b90cc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679946, "uuid": "20463ab3-f404-49bf-b646-0a7771f127b0", "value": "T14904796DD34B02698F524336AB2B1E5442BDBB6EF38111B5306C537933EEC39A1252BD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679946, "uuid": "a9b335e6-ac59-4c2d-868d-c246077996a4", "value": "768:qwAbZSibMX9gRWjtwAbZSibMX9gRWjVAv+Dt/UUghUqS6aFd1P4J2kjb7zb:qwAlRkwAlRFv+Z/UUgGqS6aFdtw3jf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701679946, "uuid": "885bf5d1-9366-4c72-a86b-81cd7c57bb70", "value": 175889, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701679946, "uuid": "50c1206d-c4c6-464f-ae42-780396165019", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679946, "uuid": "5f8fc30f-2f97-42c3-8e6a-bff3c886a285", "value": "20230312-00188.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c277709c-9289-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701683086, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683086, "uuid": "eebd3900-a2c7-4431-bf98-4fb71fb47826", "comment": "Malware payload", "value": "a2ae829e6dbeb528006787f759f4b3c4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683086, "uuid": "bc80bc8e-b1ad-4c1e-913d-3f2f18e701d8", "comment": "Malware payload", "value": "16d28b6a01307a32f7f87b62cbff26c5b3f57374fc65da760d6c3a424b0516c3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683086, "uuid": "40b382bf-c564-4ce6-be31-93eb7634173e", "comment": "Malware payload", "value": "176f25047af880f00939f1736b45a0c2b05a2de2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683086, "uuid": "e7d4fa50-dfec-419e-aed8-6f9dd709484a", "comment": "Malware payload", "value": "6c658b7532808319833e9bcfa27bed6160e223f3604017806ea12976acc2cf8b7bbd555ecab95ac6d1a01dd636bda5cd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683086, "uuid": "ae0e5e62-ac84-4876-a226-63b27e0498a6", "value": "T1F6957C7671A16259E06F3533436DB95311F68BD3CCD7DB96342B82A09BA20CD9FA3903", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683086, "uuid": "657c6f1e-91f3-48b5-8aa1-43a805b7a5cc", "value": "52d5086abc1dabd2119b92104f1111a0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683086, "uuid": "bc6a9e01-2247-4572-93f0-a6a4980619bd", "value": "49152:vJR3IvhufwaDVgfGQ7ai7D3xTgOxYwpKPaK2:vJJcufwaxgfD2i7D3xkOxYwpKl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701683086, "uuid": "9edb378f-9085-4028-8e2c-158512c24267", "value": 2001408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701683086, "uuid": "14c85c49-fade-4f96-abe5-7ce3c13a100e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683086, "uuid": "d7f7e6d7-3574-4886-8f98-b04b1556791f", "value": "a2ae829e6dbeb528006787f759f4b3c4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "954ae0a1-92fc-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701732402, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701732402, "uuid": "47ab23f9-c8db-41e6-afb6-06d4e74e1ffe", "comment": "Malware payload", "value": "0e208c1c7e243952f76e07442d76982d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701732402, "uuid": "e87bce16-5e3e-40dd-a115-8a23bea98b67", "comment": "Malware payload", "value": "1761f51b828bff0ff9ebbf10e3f2f3342de8ccb643649d97cd3e0f782528dcf8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701732402, "uuid": "57b9d939-d4e7-47b1-83bc-8940f1443c32", "comment": "Malware payload", "value": "38c35aa5a326af935ed78cb7369fe7eef6659911", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701732402, "uuid": "c50d2f37-4133-4103-a80c-235bb63a3bb9", "comment": "Malware payload", "value": "2cda75fe1e73e2783e6c22ea99c109a4075f6704de35a7041345a19b4c87f2a252ff7d80fd69f233fc768d1f3d851376", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701732402, "uuid": "66c889b0-3e8d-4228-9fef-7306922bc1dc", "value": "T1DB658C31FA08D4B6D09210B0916D6A7B91587A322BAF4CD7F3C05E6E41B52D2F235F6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701732402, "uuid": "bd972f5c-4895-496e-964e-75a96a2ad5c1", "value": "078471ac5a76189ffe465abe0c89c6b7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701732402, "uuid": "0a243f38-a179-46a3-a8eb-3b171148aa6b", "value": "24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WBI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701732402, "uuid": "b7439d5a-ec65-402e-90c0-6da202c66bcd", "value": 1540220, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701732402, "uuid": "dcf59159-5dc0-4fbf-9ccf-09f191451c34", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701732402, "uuid": "2ea67d32-c8f7-4d28-8da4-dbbb50875a3f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "12dc1783-92cb-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701711138, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711138, "uuid": "5266a7a4-0538-481c-8019-843fe2ef22d4", "comment": "Malware payload (SMSAGENT)", "value": "9293a6753baf12544ac7e779ab907f30", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711138, "uuid": "97f81e01-7f71-45f5-aa5f-f672dc7402bd", "comment": "Malware payload (SMSAGENT)", "value": "179db64d6a1f955c10cc18334935164a7c96e5abb9a610817b1c32893afb78a9", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711138, "uuid": "5ea2c383-14ca-4280-a146-9cf348bf78df", "comment": "Malware payload (SMSAGENT)", "value": "56ab9b178e93d7371eddf942a9ee55d5dd98deae", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711138, "uuid": "9310ecb0-e200-41f0-9991-a112a5f123db", "comment": "Malware payload (SMSAGENT)", "value": "045cb19bfb5264925442d8ed1b4522b8a324abfd1f80c16652f396b23e3d3b44c73f449fa24180723812dc95b79dbc1b", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711138, "uuid": "7082b7b2-7102-42ab-9333-b8ffc4ccc609", "value": "T1D4179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711138, "uuid": "ab3dd23d-112b-4147-9d81-6180e97b43b5", "value": "49152:TuuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgve:Bv+49UBEIIddXHNqjeceinMI+lEaA6j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711138, "uuid": "99653518-ccdc-4660-93b8-b06f43de2ae2", "value": 18568488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711138, "uuid": "791205e8-3d4e-4477-8554-8184ecbba763", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711138, "uuid": "83c7ccc1-d601-4905-8c38-d7a39abda81c", "value": "Lovechat \u0412\u0438\u0434\u0435\u043e\u0437\u0432\u043e\u043d\u043a\u0438.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de3b4302-9266-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RemcosRAT)", "timestamp": 1701668100, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701668100, "uuid": "52f7ccee-2ad9-4cc3-a112-5506f2cf7043", "comment": "Malware payload (RemcosRAT)", "value": "6a9957dd2a19a1bf4af05ca7be1694de", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701668100, "uuid": "eeb1b264-f781-481c-a4de-8c52ec6913ed", "comment": "Malware payload (RemcosRAT)", "value": "17d18a7a41119c12455a644fefca70b4504db83e0122d6dc2652f46f98de8992", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701668100, "uuid": "3ced4495-9906-48bd-9b08-06dd6db189a6", "comment": "Malware payload (RemcosRAT)", "value": "72c945a8acf762df42d5d5ae1a281a2e5c3d9196", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701668100, "uuid": "06ec1472-19f9-4cf4-8837-7864f2baf870", "comment": "Malware payload (RemcosRAT)", "value": "bef116acb5fc6e7d10d5ee549e878362ed5f2a4bd95d825e9290149eb5a060eb3f1cff3e4b83bf244651a63c99af19d0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701668100, "uuid": "77028538-9343-41c3-a9b9-6efe6cf3b58f", "value": "T1B3444A002391D9B6E5A31A730578BA2D496CB8F11F6F8EEBB3C40D5ECA785C16630B56", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701668100, "uuid": "4a9a2f3d-b587-4194-9c2b-0372eee32a72", "value": "11abd75b2ae0d9d34200201cc7efdcfb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701668100, "uuid": "c585ff88-da8c-44dd-99ea-d22a5d69ed2a", "value": "6144:7sGckEKnZ9WIUwBjbXB2PwpD1l0FxFAZAO4adb/oN:AGcbKnZkIUwBjV2PwpRzu6oN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701668100, "uuid": "644be591-0e0e-4ff8-8403-6f19ae964a5d", "value": 274432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701668100, "uuid": "67c8735e-f58b-4f42-9725-35d4ef6f54db", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701668100, "uuid": "e8647e8a-ad84-4e69-ac14-ab81c31b4ab8", "value": "6a9957dd2a19a1bf4af05ca7be1694de", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "276969d7-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698288, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698288, "uuid": "95121069-a8c2-40bc-9ded-44093b682d84", "comment": "Malware payload (SMSAGENT)", "value": "ea3e3b28a550257e328ce82649bfde3b", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698288, "uuid": "6accd647-fc5a-4578-a8db-b93a9c9796d6", "comment": "Malware payload (SMSAGENT)", "value": "17d1f773a5d84c894213542ddc6432aba6d82648ee4e7aa54058f97e9075dc4b", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698288, "uuid": "78956f95-474c-41c0-9db7-49f71bd06643", "comment": "Malware payload (SMSAGENT)", "value": "91915dd4a3cb8d80cffb6207b61e9c14d80b3d55", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698288, "uuid": "679c9ee0-ad29-40e3-af71-e85d62c15fb8", "comment": "Malware payload (SMSAGENT)", "value": "c3dee950a73a9aaf579cf07c39e6bcd4a5aabeaee207893c136678bc27976e1482a721930e9e33386f95e7db4dc7eda5", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698288, "uuid": "1ad963e4-432d-446b-b79d-d385c0e93553", "value": "T110660126B71EFC87E063CA3253768D4B772E95F51260FF516A06B0782EABD408D1ED09", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698288, "uuid": "a53c27e6-fe2c-4913-b391-8382a7c2158d", "value": "196608:YIwTQLxeffSTHbdNTluzn29mZkZ79AYylzj8/sV:YIwTQVQuVuz2sK9AYgzj3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698288, "uuid": "3caa649d-3e94-429f-b357-972b6e4f5b81", "value": 6682884, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698288, "uuid": "d52b5fa7-47d6-4ff6-a75d-33505d8ab1a8", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698288, "uuid": "4a760fbd-1da6-4821-89ce-7bcc204f0f0d", "value": "\u0422\u0415\u041b\u0415\u0413\u0420\u0410\u041c\u041c-\u041c\u041e\u0414 (5).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad24df43-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Loki)", "timestamp": 1701680903, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680903, "uuid": "0878b623-3fe9-4e90-888c-86d85d2f38b6", "comment": "Malware payload (Loki)", "value": "24f72ef632e95db550f1a0d2ba502ccb", "object_relation": "md5", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680903, "uuid": "520c1681-dff6-4e02-8f52-771bf6558eaf", "comment": "Malware payload (Loki)", "value": "187b178d65a73669c252ae6ddfe89bed8e136872d3016349a2da8977d9cc01b1", "object_relation": "sha256", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680903, "uuid": "41eb7c25-6e04-45e7-ac4d-3e31222d7f7e", "comment": "Malware payload (Loki)", "value": "cf64c1ccb94d9548eeb04a4f2f54c6a4f5194f1f", "object_relation": "sha1", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680903, "uuid": "27f6a65d-838b-4c0f-a60c-e535c91a49c1", "comment": "Malware payload (Loki)", "value": "61d4bf179b3b109121fa578aeec868f4808ae7a24fa50d236887dbe544032f7b50bd09ee77897e393e07ccd04cd20017", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680903, "uuid": "8237ada9-d7ca-4473-9ca4-3ff52a8ec5a5", "value": "T1E155E0039804CB93D54D87F9BE4349E91F0A6F19E89579DF206A3FCF3A35A620D9A10D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680903, "uuid": "544ab067-2d2c-46b3-a151-08f2f5034869", "value": "24576:kw6/UZyoCfg8W+cw6/3ZyGCfg8Wl3g2+0QPA5H7DKJ/lnbt2svwfLA:X6/Gh/ev6/JF/K2+jPWf4/lnbEsvk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680903, "uuid": "65a1c758-9391-4420-aeac-2b7f2a774a76", "value": 1334784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680903, "uuid": "2b630ba3-ffe9-4739-819b-a2b6178fd8e3", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680903, "uuid": "cf11aa6e-0312-4150-bfbb-9679671f4ba3", "value": "shipping document.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a74bed81-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload (zgRAT)", "timestamp": 1701682182, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682182, "uuid": "36afa6dd-3a6d-48a3-aa76-12c4d3eccadb", "comment": "Malware payload (zgRAT)", "value": "ef78419a3a50ae488c7ac679d313c59b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682182, "uuid": "1e6c6b5b-a02d-4c94-925d-f955cdbac325", "comment": "Malware payload (zgRAT)", "value": "189051c29319fac6a96fefc8158f9d27d61a55b668f3c8e3610a48617649518f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682182, "uuid": "c7bd3307-4eba-40fd-bf77-3da083014a1f", "comment": "Malware payload (zgRAT)", "value": "3cc0a3cc384828cd07dee105cdedbf6210e3c534", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682182, "uuid": "1a43e7a1-33ab-4685-804a-9e60c35ce915", "comment": "Malware payload (zgRAT)", "value": "02c1cacb63d520f70e26bd5796f4d353d52fe91649ee10d7b5675ccd77db2221aa548c4cefc2d1d26480a3697dddeb4f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682182, "uuid": "ecc648bc-9a5b-4363-94ed-f19a87c9bbc4", "value": "T15265231F7A8742E1CD08677BE3F67B641359D5B1E147E33F3C090A8926433A5ED260AA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682182, "uuid": "7298acab-3555-4238-b365-a935e07bff96", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682182, "uuid": "cacf4337-fc5f-4e58-ae36-194298c9e78a", "value": "24576:zmOFTBiya3dtiTSk0tpbiSz9B0mbu9CU6M4ZdtP+8xBKgtUOVdgRt:zmO+t1Np5Xpbxptm8xBK6gRt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682182, "uuid": "22c0a641-014c-41fe-ab1d-0d1610f6e4ec", "value": 1425408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682182, "uuid": "27f7ada5-d9b3-4041-b34b-50fb7775dc7b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682182, "uuid": "92e5257b-ec7f-4be9-b0fc-e2f54aca467e", "value": "ef78419a3a50ae488c7ac679d313c59b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99b054fa-92a9-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701696762, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696762, "uuid": "af1d7169-dd06-4382-8c1b-e9332c709cb3", "comment": "Malware payload (Gafgyt)", "value": "ed9ac93a456c2ca33fef3c799f46cc2b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696762, "uuid": "5ded11f2-c4ea-4e1f-88d2-4baea4d92fcc", "comment": "Malware payload (Gafgyt)", "value": "1923d5b5cc32bb467ecfee2bf1936aadd62e6ad1a7506d746cb75e98c3c14017", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696762, "uuid": "237ba6a4-d7cb-467c-8d3e-a2ade456f489", "comment": "Malware payload (Gafgyt)", "value": "74c5044ba81ba4465af2cc618d635d91da488466", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696762, "uuid": "4995c418-a309-468e-b5fe-fac217c57fc5", "comment": "Malware payload (Gafgyt)", "value": "4eb586a02d49afe2233e68cfbbeecf0b31e919250e5d98cbf5dd594bb190021af3c53ab8f7aa3693aa7501ab3d47005c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696762, "uuid": "0ed84921-04a6-4ae7-a691-bd5136bd99be", "value": "T197E30934F0518357C2D31379AA9E5A9D3F321BD663CB33155A34AAB82FC27C92D29D24", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696762, "uuid": "61b1f1de-b0f8-41d2-8c93-ec9f52e24b2b", "value": "3072:JUJgOtaEHmTOnedjrrfUGleZEfkbmQQnXQTs9:JBIaEHmtrMGlepbmQQnXQTs9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701696762, "uuid": "b9d9ab89-8cbf-43b9-958e-3060825aa940", "value": 155252, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701696762, "uuid": "06c4244d-6947-4a93-b6c9-ec1abe8a7530", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696762, "uuid": "9b1a09f2-9dc9-4e1b-bd13-aac1596ba594", "value": "ed9ac93a456c2ca33fef3c799f46cc2b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1be05c3a-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698268, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698268, "uuid": "af6c34a1-f70b-4cb3-8a71-24c198bf216d", "comment": "Malware payload (SMSAGENT)", "value": "6591016a091692dbf37b713e15d5f8ec", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698268, "uuid": "59983fc7-c1bf-44be-b42e-4d7392948c84", "comment": "Malware payload (SMSAGENT)", "value": "197b4ad2f75135d9967d2ce13d906a9f68ea892a45d4e0421535a9b62fa00dc3", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698268, "uuid": "535aa941-1273-4833-a304-84a632cb044e", "comment": "Malware payload (SMSAGENT)", "value": "3c52534ee5e2b5d88c6e364077ad5c7c24cdf0af", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698268, "uuid": "ade76e94-1b8a-4219-8078-76f58fbe7762", "comment": "Malware payload (SMSAGENT)", "value": "f534eeb21467ab4729ad9158151736bdeac042f369e30969acf7cafad831cdea901c2edb1ce7cff340e713066ae262c1", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698268, "uuid": "4115ea82-37ed-468b-84da-9f417596d683", "value": "T1F7660178771CF40BE073DE312371814F75E185E51A72E312AB07B8586DBBD84A5AEE0A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698268, "uuid": "f10261c0-029f-45d9-8e39-012cc398e216", "value": "196608:nyoEI25FawilQcbk2fwDBCiAZ9J9DCJYlq:nZG50qIkjFAZ9PDhq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698268, "uuid": "94a198b7-09cb-4d3a-ba0c-0211b00ffb86", "value": 6691764, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698268, "uuid": "1b37dc5d-98b3-4884-ab91-a96bb42723fd", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698268, "uuid": "d9ed6394-63d4-45d5-be0f-183d34e47979", "value": "VideoChatRU (2).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36970342-92c6-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1701709051, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709051, "uuid": "c3f2d676-cedb-43ce-8568-561ee4e924cc", "comment": "Malware payload (RaccoonStealer)", "value": "904d8ddb10daab8aab1f71681960afc3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709051, "uuid": "805ac3fb-a077-430a-9570-1e442a87dd99", "comment": "Malware payload (RaccoonStealer)", "value": "1a3e64d705e25e2208d95541cc73cd37d19b931bd878f27fb42e31dde0a74065", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709051, "uuid": "af467bdd-49bd-4e1d-ba88-e50e3b073fb2", "comment": "Malware payload (RaccoonStealer)", "value": "3ac095103b91af6cf2f16d7d9e22bec51539262f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709051, "uuid": "079d71d6-dd0a-46a7-a533-6e0ba17e416f", "comment": "Malware payload (RaccoonStealer)", "value": "f9a1bc9826a7648e68586556d95a0ef79d09a8ed307b61531ad47529c49c569a4ec6f02c43a6c4b364948e86419d4f6b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709051, "uuid": "f3ec12c4-e534-4e9a-8f1b-f4c3fd031224", "value": "T13D7633B362651082D5E1CC3A902B7EE4B1F703D98A01DCB95997BDC12E358EBE727643", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709051, "uuid": "2964808e-10e2-4037-b196-a1aa183a4c18", "value": "3df067da2a1f77ab4760dd59e63b6946", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709051, "uuid": "e9ef7afa-5f8f-4173-9934-59d73803c631", "value": "196608:VOOFKFtt3JEzJsXADNkCtMxzJfRp0DT9xL:Vx8tqmwDN+xTY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701709051, "uuid": "41fb0a26-dcc5-4f02-949b-9f6879d2cdfa", "value": 7669144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701709051, "uuid": "44719fad-c0fe-40ef-a739-e7d7dee609f4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709051, "uuid": "0c9f0fb3-bb72-4762-a3a2-ef0fdee4e8cf", "value": "ukeyzxbg.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d78c1d6-9241-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RiseProStealer)", "timestamp": 1701651912, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701651912, "uuid": "df9b474c-0fbd-4f0b-aebf-4d8efdb5b2a9", "comment": "Malware payload (RiseProStealer)", "value": "1a7df2056ac9b7609f1911623d0669bc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701651912, "uuid": "d4d22a12-0b0c-4df3-a180-bd6fa0a43ed0", "comment": "Malware payload (RiseProStealer)", "value": "1a7f85d52066d21c888b5ae2869950d8a44b61ec32a5e9fec5a106c0d2a17543", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701651912, "uuid": "8f3234ff-66e4-4afa-bac3-ff6d518b1d0d", "comment": "Malware payload (RiseProStealer)", "value": "247ba04c41a2ce8b23848888f4ef24ae34f6422b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701651912, "uuid": "e922a8ec-1ffc-4a6c-8530-61bcb4cbe733", "comment": "Malware payload (RiseProStealer)", "value": "49a8490b138449d98a7b8d7c1fca94172d557f82e82768e2f030b0362946dc8d2884aa5c5045279d422eb656b9ad6eb1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701651912, "uuid": "83fc1ffe-77d1-4b8f-8ec6-f32d620f0b61", "value": "T143658C31FA08D4B6D09210B0916D6A7B91587A322BAF4CD7F3C05E6E41B52D2F235F6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701651912, "uuid": "66affa71-a52c-4efe-8564-273ffb2548f6", "value": "078471ac5a76189ffe465abe0c89c6b7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701651912, "uuid": "c6b8bda4-1cb3-49ad-9b24-c4f8bbd859f6", "value": "24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WBI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701651912, "uuid": "a924c655-833c-4145-8524-d1208de8d4fe", "value": 1540019, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701651912, "uuid": "fadf506e-1790-4a89-b8f0-99962d0c4eed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701651912, "uuid": "0cfb495e-16fb-46fd-81cb-3b128188e106", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ad87cd1-9285-11ee-b7ea-42010a9c0006", "comment": "Malware payload (GuLoader)", "timestamp": 1701681087, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681087, "uuid": "0c573870-9ccf-40b4-ae5d-220febc002fe", "comment": "Malware payload (GuLoader)", "value": "43156564b8b2d8eb90d0efdbbd0645ff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681087, "uuid": "86404af2-e0fe-4c92-b9d0-80a06b51fbb8", "comment": "Malware payload (GuLoader)", "value": "1ad1428fb0f50bf5e044e2d7ac93b7444df64af53394538b349623348c024f5a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681087, "uuid": "48a434a8-c36c-495d-96b0-5f631d0af2e8", "comment": "Malware payload (GuLoader)", "value": "fed3a41c82585ca973f9695399d52bc5fc58b9ab", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681087, "uuid": "6ffacb58-441d-4c7a-8824-a0d7c14417b1", "comment": "Malware payload (GuLoader)", "value": "5f7b9c9e07582734e0df3e14d5fe6bc45a1ec891a329cc72cae43a45a341ce13c49e26b96a7bd993528d40e453a29f61", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681087, "uuid": "603766af-66f1-4caf-beb9-e54f97e73d11", "value": "T1C225F14DE762ECE8FE665238657159273F419C1E61D828AD318CF6263C3621250AFCFB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681087, "uuid": "e26e45e1-da2a-4bff-aaa9-c05d8ce27eb0", "value": "e2a592076b17ef8bfb48b7e03965a3fc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681087, "uuid": "fd33a0f4-974f-4288-a495-24d9f3295636", "value": "24576:X2/jObdf42moCUDvg6rkPB3hoHEJZB/OH:Yyi2mFUDvgZhoHEJz2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681087, "uuid": "5b3f776e-6b33-474d-97d6-ccdb6b638384", "value": 1033632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681087, "uuid": "4af9f018-5c33-4a7b-aad9-42543139a990", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681087, "uuid": "9023b03a-a830-4621-b0f2-f43048f7b9d1", "value": "Purchase List.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9fd6dddd-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1701680881, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680881, "uuid": "0f2b2c67-20cd-43ae-b2c6-8de7cce3566c", "comment": "Malware payload (SnakeKeylogger)", "value": "e54394c1c30d9dfe4ad5c402231fc839", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680881, "uuid": "d7d14641-acf3-47c1-b4c7-06a99d7f793e", "comment": "Malware payload (SnakeKeylogger)", "value": "1ad43e485e56645b2bc6d13b3bcaf2dc1eeb8601c0399f0b0077e80b66d54a35", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680881, "uuid": "abff865f-09b0-478b-a145-5017c0adab69", "comment": "Malware payload (SnakeKeylogger)", "value": "f912f80dcfa02d8e1c9a9b4205cc74ab8089c416", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680881, "uuid": "7f2924e8-2090-4f77-9ad3-2f17764492aa", "comment": "Malware payload (SnakeKeylogger)", "value": "faea25d472c01987a53663aef41a4d7f276b3cb556467473fe030b19963c20646086f88561611a46b120494f1e299ce2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680881, "uuid": "e9287aee-10e5-4842-b438-06e8cdec99ab", "value": "T1E1B42316369A8B50C47BE6F7F0D12B45DB83B9C8A212EADD3CF271DE5901F14074A267", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680881, "uuid": "3070e1ae-e84b-4e4c-a0a7-d3fd90e8665d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680881, "uuid": "eda810f5-e7f1-40a5-810a-2f09dc1e8558", "value": "12288:G45+po2W/0THYr0MvBqRB3ix2QvbdHzXaP4LNJO6f/z7:F+pJWMTHY5BqRBSxJdz9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680881, "uuid": "4a965845-791a-4f85-8ed1-f8cc03a4be4a", "value": 530944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680881, "uuid": "639d8676-2b0c-42b4-9800-7aac8ab0e3b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680881, "uuid": "abc679c2-189e-4aa7-8dcf-14c0590ebd05", "value": "08A347B6-6FB3-4B5E-9A49-9EC1E49DF8F1.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "827a29b7-92d8-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701716909, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716909, "uuid": "faddbcf1-be7d-48fe-8891-d7cdd89b5d9e", "comment": "Malware payload (SMSAGENT)", "value": "2ca270c11b8bdf2c8c8ee7f8ec39709d", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716909, "uuid": "a23df224-3a60-4205-91fc-e3b743ae111c", "comment": "Malware payload (SMSAGENT)", "value": "1ad454a8fe2d084d88d3297822707ebb84facfe6f6d1b67152fd6595e4daa4da", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716909, "uuid": "2d5f748b-afc7-4c26-8792-d34000e5435b", "comment": "Malware payload (SMSAGENT)", "value": "1b9ef20348f652524c0f373a35894decf732154a", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716909, "uuid": "ce8ecff4-4229-451e-8373-ea53d1ce64e3", "comment": "Malware payload (SMSAGENT)", "value": "5b739be6aa82e29c5120ab10ecd7a1be93a70d12c0340ecedddc41159c0f9f780b071ec7e4d8bb4c0be035b0205ffba5", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716909, "uuid": "c216310a-f2e4-48ac-aff7-64eceb247eb0", "value": "T1D776011AB71EFC07E263DA3263728D4B772F85F51251E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716909, "uuid": "2392ffd1-b726-4871-b626-b3c130825be2", "value": "196608:8rzkzfZDmwyU6d1mGbDXSTBYP/uA2javUML11F3nswU/Q6FKNcnFJa:iw0pdMGbwBAej2n7nswxgFM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701716909, "uuid": "d47e1cf8-cf94-417f-bf76-d961c0d55588", "value": 7345733, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701716909, "uuid": "c44e2259-5249-4030-b9e4-1829baadd84f", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716909, "uuid": "7e2bc0ec-f7d8-43bf-9727-0999314e62e7", "value": "\u041f\u0430\u043a \u0444\u043e\u0442\u043e\u043a 16-18+ (2).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87b11f0e-92aa-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RemcosRAT)", "timestamp": 1701697161, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697161, "uuid": "30a33173-7db7-4830-831c-8b086d15b223", "comment": "Malware payload (RemcosRAT)", "value": "df81d83530d3312f8ce32a277f77a12d", "object_relation": "md5", "Tag": [ { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697161, "uuid": "aa7a9761-8a0c-4ce9-adf4-c4d24fab0507", "comment": "Malware payload (RemcosRAT)", "value": "1b0dfee4e9951c9ff433cc67fd54c322ba68780c7b63e8de9b261e24fad6bcc9", "object_relation": "sha256", "Tag": [ { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697161, "uuid": "75e7029a-d50e-4b82-a577-1897122de4b7", "comment": "Malware payload (RemcosRAT)", "value": "54cee4272bbd4bdd774214f76143331f374201ed", "object_relation": "sha1", "Tag": [ { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697161, "uuid": "9ec897e5-ce96-4e65-ba32-d7fa8bad0372", "comment": "Malware payload (RemcosRAT)", "value": "970fe8baa4a8c435c7331bcefbdaef3dc6fbb0dbd6dca3c8937d74a8c66a1d660dd4bcf25b5f304ce7b7c858ea63ba7b", "object_relation": "sha3-384", "Tag": [ { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697161, "uuid": "eb7c5eb9-937c-498e-bf22-95e8d74017c7", "value": "T1EB253328CCC5647EDDFC79E28658FD1719C690A4908BBA0145BBBDD707E8C28DF08E65", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697161, "uuid": "b804fbb7-8a69-4f29-9efe-f09c0ca99606", "value": "24576:Cc0oT8BEPAF/51iN3Wmpz2F1AtXCs/ypTnFXIuvt07P2B2x1:vTWmmBimmEQtXCjFXB27uI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701697161, "uuid": "3b9bd82f-61b4-4ad4-b7d5-40dcaaf2f835", "value": 1002021, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701697161, "uuid": "d7f5bc22-30a8-4db0-aacd-8b7259815730", "value": "application/vnd.ms-cab-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697161, "uuid": "a7a4c713-5b69-4377-a41a-e4d2dd7f0aa1", "value": "nRFQ 2024 order.cab", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dbfb0d11-927b-11ee-b7ea-42010a9c0006", "comment": "Malware payload (DCRat)", "timestamp": 1701677116, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701677116, "uuid": "8f9b508f-84aa-47da-9206-3efedccdebae", "comment": "Malware payload (DCRat)", "value": "a1055620142988c87ddaa814a673a192", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701677116, "uuid": "9d8578db-afb9-430a-bbe6-c7df040763f7", "comment": "Malware payload (DCRat)", "value": "1b76c862491ee6fa0be99ac8b47bbdcbe7556ea9b7e9f94321e92954581ca786", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701677116, "uuid": "82894304-9a5e-4f6f-9d86-c5275c6741f4", "comment": "Malware payload (DCRat)", "value": "067d98bf06b557bc12923b0fd5e46fa5a868a105", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701677116, "uuid": "6ba32dc0-8538-4278-86c0-e7b61b922499", "comment": "Malware payload (DCRat)", "value": "86e1da5fe996db02468377b206b8c1de8936fe0386f4e448c60584065ef1617db3c571a1ee23e0337e3a4779040f91b9", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701677116, "uuid": "e4033c22-0fcd-44b6-94b6-c68e8ec78183", "value": "T1DBD49E907BF85931E17E2B72F472612867B5BC19AE39DB1F9B81909D28313C0D920F67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701677116, "uuid": "349387d9-1074-4719-a093-c2a8f502e1f3", "value": "fcf1390e9ce472c7270447fc5c61a0c1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701677116, "uuid": "d0fcf136-a4f6-4586-813e-fac0ec4686fa", "value": "12288:oRZ+IoG/n9IQxW3OBse03NQbow2N7gepSioYuZyZSdxYZp:y2G/nvxW3We9qow2xkxZBxY3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701677116, "uuid": "3ac04892-9c6d-4bfe-87ff-a7ae2a36edba", "value": 647395, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701677116, "uuid": "8962d9c9-3ddc-43f7-bfc4-7501858e593d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701677116, "uuid": "c028338e-ea8e-4555-be84-0a784c6bce31", "value": "a1055620142988c87ddaa814a673a192.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f868b989-92b8-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701703363, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701703363, "uuid": "1ffe0105-2732-4d89-9eba-1ec29fa07c11", "comment": "Malware payload (Formbook)", "value": "20118cce06cb7867e2c763df1456b4da", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701703363, "uuid": "15890047-bcad-44df-b721-d9d98caf2ad6", "comment": "Malware payload (Formbook)", "value": "1bd8ad93b52df351872ea5b0010cccdad88abd65bc88595a95fbb6a85a26c9d9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701703363, "uuid": "a8fcacfd-2be1-458e-9dc7-d192cf4c8178", "comment": "Malware payload (Formbook)", "value": "84c40f672e18f964fa250e777babb612ffe104cf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701703363, "uuid": "95309976-3ba6-4db4-9838-c894c199bc7e", "comment": "Malware payload (Formbook)", "value": "baa18d55bee749d41b0e790d0e147e1f058aa9e8079be8233950d4a634b72d2967aa00db184b39faa0742dc233162e92", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701703363, "uuid": "d3fc70c3-06a5-405e-b3e6-45de96e2bc62", "value": "T1EBA48CA279C9666FDC2F4674035FEAB22B755CE0B782096D4F80360D5C36A4680EDEC7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701703363, "uuid": "c68ba375-70cc-4fde-adb3-46189414ddce", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701703363, "uuid": "20596f64-8364-4d5c-b927-69533d3bd349", "value": "6144:xQ606xGPZVheNA+ff0E4lts8+v/qI41EQBOtLmCaN0G61ojF0vdapTEORx0m8oBQ:Anhe2eV+tz+HU0tHlG61cEsD8q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701703363, "uuid": "bc0c505d-e824-404f-94a0-2436d9dc6c09", "value": 474497, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701703363, "uuid": "e266977b-9a6f-46fb-85a4-fcb2bca04122", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701703363, "uuid": "db557c7d-f4b8-4189-a405-d718bb1aceec", "value": "transf LAB.REALpdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca45ab19-9273-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RiseProStealer)", "timestamp": 1701673650, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701673650, "uuid": "8ad8957f-cf73-499a-b6c9-964e5bbe2603", "comment": "Malware payload (RiseProStealer)", "value": "c1e176772a979d271cb6b4503b2139e6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701673650, "uuid": "83500ce6-b318-42b5-864e-fa07c535cca2", "comment": "Malware payload (RiseProStealer)", "value": "1bf8ca95718f9daa5f87390443018aa5ded63dd9588e387c44d26cb3ec06d29f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701673650, "uuid": "e950e4bb-2713-44a8-8344-d127fe1e4088", "comment": "Malware payload (RiseProStealer)", "value": "975b1d8f9195ef154402a8ac1c63a0baffb49407", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701673650, "uuid": "381d79af-6f1b-4602-a0e8-28e1b5343843", "comment": "Malware payload (RiseProStealer)", "value": "44caa59bb2d179bf7bd2afb7372cb11daf686799bbc06889f67532c7a86b56cecabc427b64c5b6bd20aecfac2a4a6c53", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701673650, "uuid": "4e62530e-06a6-4384-ac08-64167cca9eab", "value": "T1DB658C31FA08D4B6D09210B0916D6A7B91587A322BAF4CD7F3C05E6E41B52D2F235F6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701673650, "uuid": "8ac9d9ec-0d6a-480a-b1c2-b1d52767c0db", "value": "078471ac5a76189ffe465abe0c89c6b7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701673650, "uuid": "4eb41e21-0f44-4688-800f-32ba94721ce8", "value": "24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WBI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701673650, "uuid": "118a8dfd-6845-4699-90db-b994a10da411", "value": 1540074, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701673650, "uuid": "0954540c-d686-4717-95e0-5fa86c80a43a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701673650, "uuid": "889f5cda-756e-475e-9164-f2ace99e239d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "329efa2b-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698307, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698307, "uuid": "655345f4-2249-4592-ba8e-4e57cdb09d68", "comment": "Malware payload (SMSAGENT)", "value": "21c386c623ea20fb79e99509cfc937e5", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698307, "uuid": "248c66aa-07ef-46bf-a655-610ff7ac4beb", "comment": "Malware payload (SMSAGENT)", "value": "1c526a02250a01ea9c009060bca4b5e992c14809fcbd188c1a476fa1ca0ed523", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698307, "uuid": "1542e793-1902-455b-b5bf-25263871b923", "comment": "Malware payload (SMSAGENT)", "value": "b03a603b279ed2df3f505228b4612acf8862f958", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698307, "uuid": "1006dcbe-4a37-4f01-8011-1edea004788f", "comment": "Malware payload (SMSAGENT)", "value": "ce2a14dc0a74886f48604ec49bb8fc4aa1b8be597c466d7468b0ee3d8c4635a3c92656d2d95dc18da4ce38cf58767a20", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698307, "uuid": "3ac05f26-7dcd-48b6-8bae-c97b81613297", "value": "T18C560175731CF40BE073DE316371814F71E185E51A72E312AB07B8185DABDC4AAAEE1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698307, "uuid": "5374fb50-3840-4b5a-8ff2-8e37e9a6b169", "value": "196608:/YDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJY+:IirUVis8O/0giAZ9PDq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698307, "uuid": "f0e83e07-fe61-4eed-8f25-556199b1898a", "value": 6364091, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698307, "uuid": "76d4a54b-f145-4275-a8d7-a9f4fc515749", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698307, "uuid": "eb082b42-1421-4139-9011-a81afc7c3eaf", "value": "START - \u041a\u0438\u043d\u043e.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "491d4fc9-9294-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701687607, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "07df9f18-f659-45a2-bc30-264f735f2d4e", "comment": "Malware payload (Gafgyt)", "value": "b624ceb9555892f16ec197ae4bedd393", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "f0d6efbd-8a8b-4b7f-b0be-7eb72a38ba4c", "comment": "Malware payload (Gafgyt)", "value": "1e1c47e09a469c0d05cb95b36bf69cc4cba62b0f00d561bc4dfe4c8899551b26", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "76e1ceed-8164-4d1c-bf48-3644e36345b7", "comment": "Malware payload (Gafgyt)", "value": "d3a022b71616af6aa411ab0d8e9c476dbf2d68a1", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "6ba81a72-2c79-4141-b45f-c29e9106ad53", "comment": "Malware payload (Gafgyt)", "value": "a28a2d6bd9ba97ccf7979496d6ae3110c9cae5ae0068fcdd3e3fb30e4e45c2388596efb1f9ab7cc76496113cab9eac5d", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "b1f6b32a-89b2-48c9-add8-ecbcd75a28cd", "value": "T1142465355A26DE77C89EDDBB6ED57982004CF1874AC99B07B2E0D00C9BE6D4A14DBCC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "53bedefe-badf-430e-bd92-d31900a3b548", "value": "3072:sMJ10m4MM3tDowT7cCRfFIEBmMUb4F0soMcXV:ss10dMyt/TBfFIEBmMA4F0soMcXV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701687607, "uuid": "c4503b35-0bf8-4ffb-8fef-c5bd787ff704", "value": 223210, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701687607, "uuid": "cf9b3208-3d33-4c94-b20d-6caeda19ce61", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "64b243d5-ff04-44c5-8a4e-3ec45f8d2134", "value": "cat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9d6deba9-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701680876, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680876, "uuid": "ffa95407-7599-4e51-a7f3-e95218d44a68", "comment": "Malware payload (Formbook)", "value": "f7b4cc41cda23249c51085e4cf0d3ef1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680876, "uuid": "0babf5eb-3f76-4c43-826f-0682f0270880", "comment": "Malware payload (Formbook)", "value": "1f92a8f73f872a9f016a80c61c829734abfe89e1148a8f38e885a534b64b3141", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680876, "uuid": "050730c5-63c5-4ff9-94fe-7bde3be663ac", "comment": "Malware payload (Formbook)", "value": "ceaf910842d0ad8c8eb3990409752589a1974dc6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680876, "uuid": "11d8b701-a76f-467f-8ae4-56b02d7edbff", "comment": "Malware payload (Formbook)", "value": "df6d131f493d65402d002009d3f1099ce1a69066ad2f90a4f83a6210c5701ff07fe691cf1ac0cd064d38a504f798c175", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680876, "uuid": "91d6d1ba-9c3f-4c77-bdef-8b520200bc81", "value": "T1B4C4234B36CDCB42C937D3FE616C6B844799B683B258D74D1C6831C41942F262FE1B6A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680876, "uuid": "c0d6a0bb-6ea5-4dcb-a8d8-3e5da9501c5f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680876, "uuid": "40507850-fcca-4ea2-946a-58b78e575cf5", "value": "12288:Zn45+po2Sla8IubPvI3Mm1SvQsU4+6x8jJyo8z5iSErJHDK9:ZG+pJS08/T2MmZ6eQo2YJu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680876, "uuid": "0554e1b2-db5b-4c28-98d1-395b4add266f", "value": 587264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680876, "uuid": "7f327f8f-ea8d-4871-a0ff-39c545624d16", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680876, "uuid": "f56a5d77-0ed9-4272-b8c2-53941dd5b3de", "value": "PKilXFAtx18XC3J.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2c8cf90-92ba-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701704078, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701704078, "uuid": "26864db0-e23f-466d-ad6d-01e88dfa514b", "comment": "Malware payload (AgentTesla)", "value": "0167b00f658c04b84b22927a449106eb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701704078, "uuid": "0e5df673-1c68-42c3-931f-72f58e033cd2", "comment": "Malware payload (AgentTesla)", "value": "1fa497fd2ea5004a12f885d7dac2b47c0494aae2fbe45eb70f96a7f3bb03cbd1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701704078, "uuid": "5caebf20-b995-4d6a-b405-6714fe82d54e", "comment": "Malware payload (AgentTesla)", "value": "177e099d9470f371f53d063b9c68703cde2b6977", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701704078, "uuid": "c45e11e3-5398-47ef-bc7b-41b7250f95f8", "comment": "Malware payload (AgentTesla)", "value": "2379ab0169df91f0cd637309f6ade20098055c769adceeaec99fcc2eb5a5f5e4cc7db12858fe904062e423267251323b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701704078, "uuid": "01f49921-5fb9-419f-8c1d-f66420de9811", "value": "T11415F14853E84296FABB1FB8A8B20A844375FEA55C75E34D2AC078ED7677B009D10373", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701704078, "uuid": "5d8fe9fd-b40f-48bd-8329-c5e0bb3eea6c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701704078, "uuid": "e90712f1-4160-4632-a25d-bbe6e0ca5c10", "value": "24576:9Tm4Qyr3+0Dda+2GBxy0QbiU+XL9XKMvO:xm4Y0DtvBQbL8LT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701704078, "uuid": "4f90dbd4-da3d-4e5a-a98a-977748d19690", "value": 930816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701704078, "uuid": "f0e21e29-84bb-406d-b15f-d87b0664bde8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701704078, "uuid": "f70237fc-88e5-4fad-95ad-e28fbc9a0d19", "value": "STATEMENT OF ACCOUNT.pdf____________________________________________________________________________________________________________.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "852efc8d-92cb-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701711330, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711330, "uuid": "a75b0e77-1460-45b9-8db7-a8bc7be24eb2", "comment": "Malware payload (SMSAGENT)", "value": "b0765652404ccf23fc26bbcdf83c00c0", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711330, "uuid": "496dfce9-1a8e-4092-abd1-fc9e0e7815f2", "comment": "Malware payload (SMSAGENT)", "value": "1fb08b7fdbe2acff3c46acdbe77b14d2c131350add63054366c8ffa9eba9cbd9", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711330, "uuid": "c51c1a8b-8d3e-4ffc-a3c8-9e51ab88df88", "comment": "Malware payload (SMSAGENT)", "value": "5a44f1f4aeb6c449961abf641668c1baff84da07", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711330, "uuid": "26f6b231-58c5-4dc5-9f68-c1c85e094b27", "comment": "Malware payload (SMSAGENT)", "value": "26c755dd409d03fdf96d5e72374ba3e22f145f926242dbf0755f8055efd94f96818e9a13b7adc980003c29a2d363a515", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711330, "uuid": "feefbe21-9b50-45ca-b618-b35e1a12b63e", "value": "T1C3179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711330, "uuid": "b5e67d8b-198d-40d0-85a0-b5e3f38db9e9", "value": "49152:QuuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvB:0v+49UBEIIddXHNqjece8nMI+lEaAL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711330, "uuid": "6777cb38-9d46-459a-8181-8bd910b54aa4", "value": 18563889, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711330, "uuid": "f10d776d-bff3-4a7b-a007-c2384d5a5bc0", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711330, "uuid": "89267c74-57ac-431d-b4e9-cdf0fad1cd6a", "value": "GetContact (2).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e232f40a-92a8-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701696454, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696454, "uuid": "4b223513-d992-40a6-9f9a-7b73e6d85851", "comment": "Malware payload", "value": "95e917c848ba73f8adae85cae6090ac3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696454, "uuid": "67b31d62-20bd-4e35-9716-fd61ccb1dff9", "comment": "Malware payload", "value": "1fe1cece08fef19448a32a746f5c8f77521db757c2b345103834a5f617101f15", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696454, "uuid": "7690989f-8061-4c74-a656-b0f8f2465d40", "comment": "Malware payload", "value": "46a3a93b78407c3da37df414377babb5b5e0b078", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696454, "uuid": "c6c8dcf3-eaa4-4c31-b8f5-718a157f08f5", "comment": "Malware payload", "value": "ada2230107074c4c975f21bfe32533d3f513aecf70d93e87e2d47455f56bd84de793be536ecc2fa4393094ba5362e63d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696454, "uuid": "5a889d42-dd25-4789-b4b2-97559b0a5e7a", "value": "T1F1A3AF35E181ADA4D8171AB870B9C4744F25D9B80BCA24C9F7FEC9DA4193EC439EA371", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696454, "uuid": "370db921-0e63-4958-8a2a-b35afa92f35c", "value": "1536:jJf485JJReF71Oqoi/Fusz1lmVHYHJGMpSE0clhpYFWnkFpck:9pUekFueDS4HT0clHYFAQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701696454, "uuid": "7fcd24f9-85d7-42bf-9236-b7865cbcf8c3", "value": 99380, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701696454, "uuid": "7321705e-a890-4378-ac19-1269c05c4b2d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696454, "uuid": "968f0d9a-eede-4966-b7f0-398148460526", "value": "95e917c848ba73f8adae85cae6090ac3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "012d1d68-92d0-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701713256, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701713256, "uuid": "1c6d786f-7b38-472a-9f6a-c339a1805400", "comment": "Malware payload (Formbook)", "value": "acd04306f9838fb1b154c2a42e072ef5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701713256, "uuid": "1804d3e0-dc32-434f-875a-6b8727085232", "comment": "Malware payload (Formbook)", "value": "201b3143e9e4ba28c3dacba060233db540cce934825d05f91165bc50a3e2c996", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701713256, "uuid": "432b3ac8-fdd1-44e1-aef0-1e607276faf5", "comment": "Malware payload (Formbook)", "value": "5fb94f6e77ecd9f3f3baa523f332bd5c75db73ac", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701713256, "uuid": "f92bc511-5774-4775-9af9-325f3d208ca9", "comment": "Malware payload (Formbook)", "value": "664026a69d6cf0770f7f0272be49e1f9a1a29b9d1c43a61b18d2888d6c0ab7bb8f0bfc68644862d7c2cf7c74dd0acee6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701713256, "uuid": "9295b3d3-024d-4aa8-b498-6d98ffe3581c", "value": "T12AD4238773DA4F01ECBAD7FC35C956645773CA596224FAAE0E7121DA5302F011E80B6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701713256, "uuid": "d479c970-4934-488a-9d36-599defefa27e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701713256, "uuid": "308b9ec9-fc3f-41d9-8526-6ba742a85c27", "value": "12288:+a45+po2d1pgIyS8+YI6fELRCQce6S5cJc4ZuNqFsU8dZE:+5+pJrISm3sLRCHFMcC3NksU8dS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701713256, "uuid": "89eaf8a1-484f-49f6-8678-e5ba6a7a4457", "value": 650240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701713256, "uuid": "edbc89f4-4657-4610-9497-7968cd26acf7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701713256, "uuid": "21e94b2f-cf39-48a5-9df1-df3006f9d6b3", "value": "Advice Ref.[G91222721471].exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6c9110e-9286-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701681859, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681859, "uuid": "83d7f333-9bd9-4b41-9e8e-5500ca6d4864", "comment": "Malware payload (AgentTesla)", "value": "e67873770015c2808b7d9846571ba391", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681859, "uuid": "7eb2bece-1536-4c36-b947-8ad87de8e8a6", "comment": "Malware payload (AgentTesla)", "value": "2091a13a7a8053bf245ba38b61cbbfc4b383f7503a121e178fb250112f99bd44", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681859, "uuid": "30349bf1-47f5-4c66-9b52-4b1554ac1bf2", "comment": "Malware payload (AgentTesla)", "value": "bddeb7bdcbc046d37706eedd102823cfc6203e4b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681859, "uuid": "6f3b545a-5742-42c0-9d4b-e19b9d0d59dc", "comment": "Malware payload (AgentTesla)", "value": "e19da59e9694b46284e9aaba4a07031874e1ece5e7386c889b467e2f6f5437e6e9c6a64f6e0b804047ef2a4a35ba07c4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681859, "uuid": "476e6d38-8bff-47a5-b142-4ce2a2e3a9d5", "value": "T11BD42317B1CF8220C9AA87BA345CB994D37BE696623DE60E98A052CB5353F410FC5B17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681859, "uuid": "6709b476-9aa8-4c0f-ba50-9d39e64a8b23", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681859, "uuid": "f96b33f0-af33-4d3b-b404-9ec159290551", "value": "12288:T45+po2Lq7tPqu6+o9RdE4dLRb5AdT9TTx/cHxUxSGlZmaasToK58R:S+pJW6Ly2JCpTmHxsJlka", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681859, "uuid": "84743f79-ebe4-4586-9cd0-9c63a4a0da21", "value": 641024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681859, "uuid": "91ca190d-a4d6-43e1-936f-2cf31dc1f481", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681859, "uuid": "c9cdb44e-e1c4-45ac-bfa0-d760d5555bba", "value": "DHL Receipt_AWB#2287582982.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6134d393-9271-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RedLineStealer)", "timestamp": 1701672615, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672615, "uuid": "1deaf3c6-0d7a-4cfc-8eac-4ce395abe8ca", "comment": "Malware payload (RedLineStealer)", "value": "8c470c14fed50a3c4f3d686c5054dfe2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672615, "uuid": "f7bc6836-269e-4e50-84cf-200e8e5dbebe", "comment": "Malware payload (RedLineStealer)", "value": "20a3737245ed1fb3613e55c9d02dc0655dacd3da3652fe7a41bc9404c376f22d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672615, "uuid": "f4fd588a-ce09-4a3e-a749-1f36b140df20", "comment": "Malware payload (RedLineStealer)", "value": "63db01e3de84fa6019cd952868046e22a531c3f0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672615, "uuid": "ae9d9b0b-90b4-49bc-9c33-eec8f8196e89", "comment": "Malware payload (RedLineStealer)", "value": "a25395e23145ededd3b12bc6d4f77fb9193f684695ea64ef9316d84431aa94d86cf57b99b484e3976b0227068083939c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672615, "uuid": "db2df0f4-9f42-4210-b4b3-358be1c17682", "value": "T1F965E65F63C2F487D08AE9B672079AF7B43127342B9E640363466D396E3035A91FD932", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672615, "uuid": "04003242-d347-4766-826b-02b37b0a7637", "value": "a50f567b444f0fd10ba692c0c049b476", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672615, "uuid": "0f622874-db5a-4f5f-8416-0d50690285f9", "value": "24576:IPUoy0FnHglfwI5IEEf8eWqueqFMcRpvnf+pUI+6ROfv5Mbvf:IPUDIEfNacRpvnWpU56m5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701672615, "uuid": "6e838aec-c2f9-4299-9132-b8728cbded7e", "value": 1448960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701672615, "uuid": "ec142b25-c223-43b2-8525-c0f22e740c4c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672615, "uuid": "7bc0149a-e036-4fe7-91c9-2f3fbf9f56a8", "value": "8C470C14FED50A3C4F3D686C5054DFE2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6431de1a-92e9-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701724160, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701724160, "uuid": "b800433c-deef-4b62-a199-bb7c0717b0ce", "comment": "Malware payload (AgentTesla)", "value": "5821694b0d82baab7a73cfa23a47743c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701724160, "uuid": "a988ee50-c48c-49d6-9fb8-c9e8b5eea011", "comment": "Malware payload (AgentTesla)", "value": "214de679f00845231238252dc3295762b74c77b7a2ddd7d7eb38f04321bba1dd", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701724160, "uuid": "692869ec-113b-4d91-a725-9c6e0db6278a", "comment": "Malware payload (AgentTesla)", "value": "abf662eee6d640057b3a94087145501755e427bf", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701724160, "uuid": "ab018f68-cb74-49be-8e22-6d4c00c3b807", "comment": "Malware payload (AgentTesla)", "value": "2427378698f259d78de951c146442ef69f3f04fdefb4805580aba4c8b3f23d8e8f826d2c9d8c28f9fc07378e1400d775", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701724160, "uuid": "fa04c380-222e-4c2a-8418-4a5874584bf8", "value": "T173655BAD3650B5DFC857CD76CAA81C24EA61A8B7530BD203A01716ED9D4EA9BCF140F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701724160, "uuid": "bea305e1-9287-4122-bc0a-f8b459f3bc04", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701724160, "uuid": "a9698458-ead3-447f-b138-cc30a1cfc0f5", "value": "24576:peDHy9z9rmu9+pJsexc/51hxPINlUI9OiZ1017zUTOqYfIlhChgdgm:ismuOJsOchuUoOj17zUT7YfIlohsgm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701724160, "uuid": "f9279694-5f9c-4f91-9376-0c24785626d6", "value": 1538048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701724160, "uuid": "a7e1784c-5620-473c-896a-998c0915b59a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701724160, "uuid": "55632da4-f511-4836-8632-c038adf677cd", "value": "purchase_order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a3b3775f-9276-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701674874, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674874, "uuid": "a8c98938-c57b-4911-ba06-016a2d9408e5", "comment": "Malware payload (Mirai)", "value": "4594142fb8f6871daa5ed59f283f4bf6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674874, "uuid": "ee652ceb-0a5b-4f9e-b60b-b950ffc2aae3", "comment": "Malware payload (Mirai)", "value": "21efff8f17215354362ca601290be4d8e396c97af5666db2abf9a6f20752aa92", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674874, "uuid": "24b2011f-6adc-47df-b41d-a644f39309bc", "comment": "Malware payload (Mirai)", "value": "e207aed4e59119da1b5af440c2dd9bfbdc273b46", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674874, "uuid": "6abf6988-f7ef-437c-bd6e-29daa2f91021", "comment": "Malware payload (Mirai)", "value": "00df88b2967a9fa5f773e98a4d401cd307d9db1ae137316b6feb95f58ed6d85cb16328c757973de4e78b07c2deb506ce", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674874, "uuid": "f42da2d1-031e-478b-bbbb-0d0ed08c0893", "value": "T154534B32F9762A27C0E1A47951F78B55B5E517DE21E8CA4E3D730E8AFF206406502EF8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674874, "uuid": "b5c539cd-dc64-4971-9464-69ffed5dd004", "value": "768:5/oxEJfFWmDHrWaLYAziS5TrxJHXt91e5CPZ2O+7Vyl7wIJh+lV0Uz:5/1JfcmDHyaLBziSR9B9reIURNIfiV04", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701674874, "uuid": "bb7a8304-5b62-4e60-a5f6-41cad992cb25", "value": 63080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701674874, "uuid": "125642dc-f451-4d98-a6b6-f3e11b64f880", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674874, "uuid": "98078827-83e8-4c11-b7a9-1f205ff70bd3", "value": "4594142fb8f6871daa5ed59f283f4bf6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ee2190b-92f8-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Smoke Loader)", "timestamp": 1701730566, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701730566, "uuid": "7979a5ab-adb9-465c-ba59-17f873a7090f", "comment": "Malware payload (Smoke Loader)", "value": "8bbbf0659b05fb86991bc1c08b61289b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701730566, "uuid": "536a7e78-d8f5-42c6-8549-55de40999352", "comment": "Malware payload (Smoke Loader)", "value": "2277d35849e73c839852026e23cf324a1c7bdae27bd5f399ee2ca01781924b7e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701730566, "uuid": "59228dbe-e9f2-4137-8a0c-6b7e4770b39d", "comment": "Malware payload (Smoke Loader)", "value": "c6f8338275b214b34541363a54e5fe6261743a42", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701730566, "uuid": "e3661f9d-285f-42db-b07e-28a2d3d5fe94", "comment": "Malware payload (Smoke Loader)", "value": "11fb322297fcde89adee5cc175acb8c02d567446faf09fbb74b376c24608e062c88de04613b71004d06d82ef0a3cd716", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701730566, "uuid": "279348b6-5c59-4e8a-8440-fc152ddcff7c", "value": "T11F54175382E07D45EA224B729E2FD6FC761EF6418E2DBB6A2118AF1F14B1173C663740", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701730566, "uuid": "e755acae-bb46-4706-8961-a1f317c10b50", "value": "f93900f7ca0f03abdf4da6da510ee5cc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701730566, "uuid": "df0eb981-8803-42db-a84e-18b8ed2e0ac0", "value": "3072:xBgNfhUhXfOSVrz0JthDFbQO8wOF5d+FQVZkTkI:XkD2z0PhlQOzOl+F+iT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701730566, "uuid": "5e1ea430-bac2-4660-bde3-874e5e2a2a1f", "value": 296960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701730566, "uuid": "91f2efb7-e5b8-4a68-9055-679fe9c15205", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701730566, "uuid": "e64e79c8-c180-4488-96a3-be9286787fa2", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f170a09-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701680879, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680879, "uuid": "dac60080-889e-4163-8c12-bd021a6fc5b8", "comment": "Malware payload (Formbook)", "value": "b3da8c754693d396ea6855b34fcbf15d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680879, "uuid": "ef18bebb-570c-4cad-888b-d83bc62248b8", "comment": "Malware payload (Formbook)", "value": "22831628191c902a9ecd0b30822a80fd61cbf32ca11996cc77f3faec57a2f750", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680879, "uuid": "05880912-1e83-4d04-8326-8acdd5892b4c", "comment": "Malware payload (Formbook)", "value": "0fc574d55744106f7d26308f7e0975fcc3600727", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680879, "uuid": "d4cfb99c-210d-4571-bf93-db7ad88114d6", "comment": "Malware payload (Formbook)", "value": "4da36dd80847d01eb854e49db8d3e46eddff7ffcd734bfd862ea216f22e0dca2e9cc9324311f014c98fa0f3c82f31894", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680879, "uuid": "26dc2e49-4dcd-49ab-9ea2-d6349f1416d9", "value": "T1DCD42383B3A98716D8AD43F9B1E75C948732AA5BB020DDDD1ED270CC1977F111E81AA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680879, "uuid": "5b7d3954-4cf2-47ef-921d-5824116a6c3c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680879, "uuid": "032d57cf-4a3f-44e4-bad8-16c1ddf6c64b", "value": "12288:rT45+po2/ts/2fxEyV4vneNeiMmtYjugcbIQMrNB2:rS+pJO/2JEyhEjJ/QMB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680879, "uuid": "46d5211c-1455-48b2-a9dd-d71247df1c7f", "value": 653312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680879, "uuid": "22831f9f-68a4-45a7-8f99-a93d42e36036", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680879, "uuid": "c1d533ae-ba86-4176-8c51-069480d27a99", "value": "OUR RFQ DETAILS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e65e0197-92ca-11ee-b7ea-42010a9c0006", "comment": "Malware payload (zgRAT)", "timestamp": 1701711064, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711064, "uuid": "1383fe13-3f41-419a-9df0-d9961b1e86d7", "comment": "Malware payload (zgRAT)", "value": "995763361a75d3596a930c0e9fa0e783", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711064, "uuid": "39fa4c56-d3d5-4e49-a0b4-06039cc6183c", "comment": "Malware payload (zgRAT)", "value": "229a604d0902798037ac4535c9cb8c5577861d6f5b9bfa2e96395fd93e71ca6d", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711064, "uuid": "b5384e06-8799-44c1-8052-629fe667aa09", "comment": "Malware payload (zgRAT)", "value": "a6fbba9267a5d20a80f9b82050f647652a399e34", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711064, "uuid": "5ee4a829-cbbc-4201-985f-d9ffd8826e4f", "comment": "Malware payload (zgRAT)", "value": "e050b7fa1a5b27634c1d39b6ef41622e454dfefbfcf5cd7212d14c90b14c50c7c857cba0d3a3d5153bcd67605c1c335a", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711064, "uuid": "4a6d75f0-aa79-4192-aedf-b39e77e00e34", "value": "T162A423D6ECF2C564E89F1F71C054E34002E07C378ADC972FDA61EC0BA69561BB959B0A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711064, "uuid": "a950ee1e-3176-4546-ab21-d43ae0b7ef29", "value": "12288:NUgZqXW91r/adcWelx5fQbB1k8cWgGRaBG3c2Q1XvntD7qKC8k8d2:jqGDSteTluDw0ZQ1Xvnd7qz8rQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711064, "uuid": "c28c8b22-c709-4f05-a782-7bf0374f469f", "value": 492502, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711064, "uuid": "6f0d2e09-ce34-4ac0-b51f-a54e8d0697a1", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711064, "uuid": "3d300031-e07a-4607-8649-fe9a28448cdb", "value": "1250232-00-Customs clearance information SHP2311-A4A1120-440pcs.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5830160-9286-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1701681749, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681749, "uuid": "940c224d-271c-4903-94cb-2a0aca04adfc", "comment": "Malware payload (SnakeKeylogger)", "value": "68dad6c2a60a8bebee578d4025665a72", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681749, "uuid": "9b4f8f41-f47c-4723-a61f-3546b9d8ec72", "comment": "Malware payload (SnakeKeylogger)", "value": "22a20cc4fb75f63d3fbcacdd53ab54824ce0a38b8fcd931eb01fa4313596a483", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681749, "uuid": "c6825603-1269-43d0-8944-172d81594e2d", "comment": "Malware payload (SnakeKeylogger)", "value": "986cdd50eb71b4a587f2b07757cb50af5eaf6688", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681749, "uuid": "1c9ed6ec-253b-4ecc-98c6-418a529a253e", "comment": "Malware payload (SnakeKeylogger)", "value": "b3b2ec0b3a9490fe3e8845caa3dd0b84426fe241221d16e7da9db60182ea6aa0353d4af81283134dc92b00d10524b30e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681749, "uuid": "9ce2ee96-dffd-4ae3-ae1b-63981d457b03", "value": "T19AE41251B2A0DF1EDC7D83F4E82A959483F1BC393861E64E6DC332DE1972B012A41B67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681749, "uuid": "ae877ef5-482d-4b33-85e9-c6e0086760c4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681749, "uuid": "d47cfb2c-6fd4-45c1-8e39-e738543390c7", "value": "12288:/WotW8G34/uK45+po2SlDeJr9IvUhTfXZTNFQhDJNF43j53YQU+cFKU+:A34/up+pJStex9Iv8TxRqhDJNFqjNYTq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681749, "uuid": "0fb5a23c-e9ed-4c6b-ac10-0d068aaa528f", "value": 720384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681749, "uuid": "1cf4c256-ffe3-4a19-b04c-7eb1eced7202", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681749, "uuid": "e9103ae8-800c-4c7f-9d46-4f5e70bf72a8", "value": "Halkbank_Ekstre_20231201_123551_458551.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a44f37a-928e-11ee-b7ea-42010a9c0006", "comment": "Malware payload (LummaStealer)", "timestamp": 1701684925, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701684925, "uuid": "114dc6a8-e8b4-4c14-88d2-fff5b0b1354a", "comment": "Malware payload (LummaStealer)", "value": "a49b98e2093f3fc1fd8770cc252b48eb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701684925, "uuid": "8760b628-30bd-4f7f-aed3-fcb5b856cb94", "comment": "Malware payload (LummaStealer)", "value": "22e3bed07edd05b614599bc5c0bef17b412359480d788dc213ed8461cce9f4c7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701684925, "uuid": "2f55ad13-7a96-4183-b7d7-166740f077c2", "comment": "Malware payload (LummaStealer)", "value": "d0cbc8fff5b25e4de86c0854306a70002b8297bf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701684925, "uuid": "457dec06-2eaf-474c-b989-46739255e990", "comment": "Malware payload (LummaStealer)", "value": "85a74c5455b85bd5b7a170307a205335e194684d608715f8d74cc3b4a4eaf732fdcc8fb90b359b43783324a59311c206", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701684925, "uuid": "3b9c04d1-5431-4772-8421-6d8a8d5dc097", "value": "T1B1F412D9C6B17C46DDAC81FFCC8217D311B2E4579A2BE648CD4CB51538082DB6EF2A19", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701684925, "uuid": "380cb8ec-205e-483e-bf50-61112be40794", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701684925, "uuid": "09bcb98a-f97d-4b5e-8607-b1758c0d5a11", "value": "12288:Sq7UV0907J2XEvWYsQft67xJVEXgT6HnciKuezWLUbrfItze9u+MqFVDnCANEw4X:Sq7UGWYXELse+xoXgJiD0WYbrfqz0b1q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701684925, "uuid": "66185af8-3b2d-4c91-869b-2a87a710ea42", "value": 739840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701684925, "uuid": "4c5994a8-c22b-4725-9a62-6b605d2d0a41", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701684925, "uuid": "89790032-22eb-42f5-8480-f61737e429df", "value": "22E3BED07EDD05B614599BC5C0BEF17B412359480D788.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "043051a3-9282-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701679760, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679760, "uuid": "79b1ab2a-44b2-46e8-8755-aaaac9d7bad1", "comment": "Malware payload (AgentTesla)", "value": "6fd58c0999a96de060ad3ab30ae96f66", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679760, "uuid": "ccfc32fd-aac8-41e5-a789-1800255b5300", "comment": "Malware payload (AgentTesla)", "value": "2387d52a300ae750ad5355ebd55261d3d67ef6ee6227c43bcfe09031bced5276", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679760, "uuid": "d5abda1a-5d8d-4ac3-806e-639523b1fc02", "comment": "Malware payload (AgentTesla)", "value": "8b1a67969dbcb5ef5deb3a6692125fa297ce87dd", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679760, "uuid": "1e3a708c-c158-44ce-9c2b-26d02cc39928", "comment": "Malware payload (AgentTesla)", "value": "31063c4d2496cda5174e41f6019a4174526410c973a7f576ed94db46f8b6fbd7ced15e71a96b9250d5af6038b66e17b1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679760, "uuid": "e55945bd-598a-46c5-b47a-54303d797b20", "value": "T16C933E0BB96982ADC95EA732CC5631841261DFF1A182C3C66CDDB21D07B27BB6C05EC7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679760, "uuid": "4fbf5b7e-37cf-4a17-b783-8de3df4f4724", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679760, "uuid": "170ba0a2-6624-4ecf-9279-f61c368c5cbf", "value": "768:CUV3CZnantlidfvVjwsPYzjRNV2OO2dv7ntUwoS0INTuunHxPxGxOuCMJvbc:qcfeilvjtpoS0INdnexOuCMJvbc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701679760, "uuid": "97a0f9b1-c134-497d-b035-cd39e65c85e4", "value": 93696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701679760, "uuid": "138f313d-d825-4fce-a53e-5f154cb0b8bc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679760, "uuid": "eec2ae63-9efc-4f49-922d-49c4c5c24bcc", "value": "S\u0130PAR\u0130\u015e 21110278 03.12.2023_pdf .exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d7cb4ff-92cb-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701711344, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711344, "uuid": "b2303eaa-04e1-48af-ad19-7af6f1c33680", "comment": "Malware payload (SMSAGENT)", "value": "a03fffade687951b32bc79d9e7b5c181", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711344, "uuid": "95af7a75-067e-4048-972d-3e36281df7fc", "comment": "Malware payload (SMSAGENT)", "value": "23b74fa8b317349071408bcfd0cf23372b1a914a3f91609df83cffed404fceb5", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711344, "uuid": "5dee7492-1022-4b3f-96a5-2906bf00684b", "comment": "Malware payload (SMSAGENT)", "value": "992aed3807a83ceb8f93e09978476c1782fb6797", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711344, "uuid": "f681aae4-6e0a-4d70-bee3-d99a692c5c89", "comment": "Malware payload (SMSAGENT)", "value": "15818312b162d2064d8a6a5ae6be9bdb40aaa4b9b8344fd345c42ee98db8610ce3e1af09c607d196ea29d8ff0c796ccf", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711344, "uuid": "4b07a2b5-a845-469d-b9a2-f50a2ec82651", "value": "T1BA179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711344, "uuid": "67eb6504-81e7-4909-b177-9a04825862ec", "value": "49152:RuuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvG:Lv+49UBEIIddXHNqjeceEnMI+lEaA0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711344, "uuid": "68819881-d1db-4be1-aad3-2ebb2b10c575", "value": 18580176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711344, "uuid": "2508003b-cf5d-4934-b080-f8f09f509126", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711344, "uuid": "70d70656-95b1-452f-81ba-fa9e27407074", "value": "Myphotolife.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef99a16b-92e6-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701723105, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723105, "uuid": "093665f1-d427-47fb-8ce7-ce94ab4f3a1d", "comment": "Malware payload", "value": "be1b29928e326468f378be27f5f3b0a2", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723105, "uuid": "21c47dc7-022f-450a-b1b4-47b3365a4be0", "comment": "Malware payload", "value": "25428ee1ed561aed58fab23dc9e512266a9d4f24f4b9401088bbc6c6ff3a4919", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723105, "uuid": "8d9a21cb-9bfa-410a-b871-9654a6afeb9d", "comment": "Malware payload", "value": "10e38a551493fce2489630820d89c0941e7c2cd8", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723105, "uuid": "cdfeb374-61da-422b-952b-75269118aeeb", "comment": "Malware payload", "value": "8ad817df54609262088db1d0453ea036e60099e725639372e8f1e67d7e1b01bb1e2774dc08f5c04e76a7afaf4058f9bd", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723105, "uuid": "c8d21b06-c2ac-4f30-8d2b-e63b440b13cb", "value": "T1DA76011AB71EFC0BE263DA3263728D4B772F85F51251E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723105, "uuid": "24b44339-8971-47fa-badd-d974d508a354", "value": "196608:hrzkzfZDmwyU6d1mGbDXSTBYP/uA2javUML41F3nswU/Q6FKNcnF/:9w0pdMGbwBAej2K7nswxgF/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701723105, "uuid": "cb003cca-b17d-49f4-aba6-0db19a1332af", "value": 7329723, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701723105, "uuid": "0724e12d-6907-4908-87ff-816423829502", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723105, "uuid": "6edb9a95-3d4c-4f87-a593-e4c883dbc9c2", "value": "Coco - B\u0438\u0434\u0435\u043e \u0427\u0430\u0442.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94934a2c-92a2-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701693747, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693747, "uuid": "a9c803b2-bcaa-4263-8eaa-498b24a618ea", "comment": "Malware payload (AgentTesla)", "value": "9ba6135bde4371e031c1c8482cf85585", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693747, "uuid": "5d7cd36a-3c4c-412c-bf60-6505724c8284", "comment": "Malware payload (AgentTesla)", "value": "26120c68123e019a9549b2d79c3392854425a24ee6840a965d4141bf5bd0bae8", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693747, "uuid": "66be03cf-75b1-4b18-8e8a-996b659dd6b5", "comment": "Malware payload (AgentTesla)", "value": "2b6b2536068b243d664ec53b4f9ff725e497a53d", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693747, "uuid": "bd48123b-8eec-4517-b997-e390a497676d", "comment": "Malware payload (AgentTesla)", "value": "0b45d36d2800cc8675735f94477aac62b3ef18e79cfaf9293f3a43589bd1804d6170a2d2c7bd967445cec46e9550b88f", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693747, "uuid": "d16cbdef-3553-4b75-9eb4-9e4f7c0cd9b6", "value": "T108A423CD9EF8E69CE16B18EB36E4F9CD54C089411A1E8123753A9A90F3B536DFE440C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693747, "uuid": "70f63f51-de11-4617-94f3-710248086a72", "value": "12288:5CbkaPtXp/xZnylQ6JOPlHpEL9lAD5jjD+zypy01UR2F:wbkWZn2xcoo5j51UIF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701693747, "uuid": "008f3ed8-33fa-4992-a8f3-4cc673a100f0", "value": 467645, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701693747, "uuid": "09a4bea4-b575-4c13-be82-6139fa0ee034", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693747, "uuid": "16e95042-5099-4753-a16c-61cf777d9508", "value": "Payment Status - NAMI.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5b032a4-925b-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RiseProStealer)", "timestamp": 1701663281, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701663281, "uuid": "c21b57d7-f0db-4807-a4c7-0cb671340db2", "comment": "Malware payload (RiseProStealer)", "value": "084b901157aa0bf27d01721a3653b09c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701663281, "uuid": "f69cc685-2549-45c2-9ab9-5ac9766f0427", "comment": "Malware payload (RiseProStealer)", "value": "264624e9792db7d56752fa5ba1f1eb16f7c4b618c35381fdef2c194a11d1c959", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701663281, "uuid": "2e99437c-d745-4fa6-b752-6b812ec72cc8", "comment": "Malware payload (RiseProStealer)", "value": "b9a57e6791d02aa08bb588f3dfa3eb695cdbf867", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701663281, "uuid": "84c0c47d-bdfd-4df5-a816-26173c2c57fe", "comment": "Malware payload (RiseProStealer)", "value": "03e8b57cce404355d92126fc90c77d8a860b35820bf2ddd2a4e51e3767c21568bf6e65828b9b752fa3e10900752ba647", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701663281, "uuid": "ab5c29f0-08d8-4f6e-bca9-f0d74c47f8b5", "value": "T1DB658C31FA08D4B6D09210B0916D6A7B91587A322BAF4CD7F3C05E6E41B52D2F235F6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701663281, "uuid": "3b3bbf33-a944-445d-ba6f-155789dbe558", "value": "078471ac5a76189ffe465abe0c89c6b7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701663281, "uuid": "2fea40e0-49fe-4542-9f2b-3b1cf147a228", "value": "24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WBI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701663281, "uuid": "31dd4d8a-a56c-491e-935f-a61c3437b73b", "value": 1540048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701663281, "uuid": "7e6cc4cb-c7d3-437d-93b4-931e6649a4d4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701663281, "uuid": "11960c98-de75-42e0-b94d-f8d776d5742f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3248dbaa-92a3-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701694011, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701694011, "uuid": "4b48a44f-8177-474a-ad8c-90610d3e56a9", "comment": "Malware payload (AgentTesla)", "value": "9ccdd282a8896cce587a869e2ddeaa0b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701694011, "uuid": "bcc4f5c2-1373-4c0f-830a-0e5a18af86c0", "comment": "Malware payload (AgentTesla)", "value": "282698e5a19ee6121597b9715a72e3d71630d71cd44d6873316c4d23f63095be", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701694011, "uuid": "e416f1bb-3134-4a91-89b1-1f6004f225a2", "comment": "Malware payload (AgentTesla)", "value": "5bbe8916b487136a4ff8f3f0141c72566e8113bb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701694011, "uuid": "fb8c274c-6a87-4c71-a5c8-e29a340918f5", "comment": "Malware payload (AgentTesla)", "value": "946dde1d7f0c6bba66cfafb7f719ac5147dec02a541ce11593b72a38696658b9904582aab6c06400029d671817959a9a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701694011, "uuid": "3604b0e1-4e25-48e8-8e53-2342b1d4d171", "value": "T1CEA42323906252776C8FF8036ADD31ED08F87D8921C57B74F1C41AD27E49EE97E6860A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701694011, "uuid": "685f4eac-3464-4d15-8e1b-5c2dcebe7d65", "value": "6144:LqVYZ/K8vk0qeBlnyVBd7oPFgptSSwHYwARPHvt+hna4TLW6mWVFXfubARjQ:EuyP0lnW0QSSwJAhYTLxFXfubkQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701694011, "uuid": "7ccb0ab6-0bc9-42d8-8560-a44d76d7e5e4", "value": 488897, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701694011, "uuid": "aec8e626-c8ff-421d-a273-87a4b8ce8db1", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701694011, "uuid": "542d243f-97a5-4866-9deb-de51149a40bd", "value": "NEW ORDER--GO23B005--DEC 2023.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0b066e48-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698240, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698240, "uuid": "1c6f7afe-dda6-426a-a16f-36ad93f4de8c", "comment": "Malware payload (SMSAGENT)", "value": "464d78051e96855eb0134190d50dc918", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698240, "uuid": "4676fdfd-04c6-4280-9242-e2d751242337", "comment": "Malware payload (SMSAGENT)", "value": "28638dfd44617d3fc3fa519f96484f80493879e68ecd08c63640fb436aaaaddb", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698240, "uuid": "d3ccc9ec-0544-4792-9d4d-80720dc98ee7", "comment": "Malware payload (SMSAGENT)", "value": "e4410f64e08177145a4bccfe1857b3c57f47eb63", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698240, "uuid": "2561a0c4-1498-4021-9ae4-c07777c086ef", "comment": "Malware payload (SMSAGENT)", "value": "4dad7d2542442766bee644978032458aabb98b5e55e600d5c354cd9239fbe5cf682942fc1d6eddb03e75d55cb6ae580f", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698240, "uuid": "93842fb4-c49a-40c6-9b9f-eaeb3e64f9f8", "value": "T1DA66011A775EFC0BE263DA3123728D4B772B85F51360E3116B06B0686FB3D448D6AD1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698240, "uuid": "7e67439a-3cac-4f59-89da-6cfaca8159e2", "value": "196608:1yoEI25FawilQNbk2fwDBEOAZ9J9DCJYH:1ZG50qJkjTAZ9PDL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698240, "uuid": "ad3de9ec-b4db-461c-a1e0-afe1d310832e", "value": 6691766, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698240, "uuid": "a5dd7b76-f4c0-40b5-8c6c-a2ad58610caa", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698240, "uuid": "aa035791-385e-4839-9eea-42dbe51b7c92", "value": "\u0412\u0438\u0434\u0435\u043e\u0447\u0430\u0442 (2) (2).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a836abcb-9286-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701681754, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681754, "uuid": "b67b15df-c2e8-4173-b88c-10a7e77a6897", "comment": "Malware payload (AgentTesla)", "value": "85dc33964b5b4df2be2527fceb845bdd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681754, "uuid": "ef5e3f4a-ec88-41b2-be1f-563945386d65", "comment": "Malware payload (AgentTesla)", "value": "28ead7588848700eeb6c5ca4d1aa5f6f781b50128c8b7f660d4fb5f8d6c42dc1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681754, "uuid": "056930e9-55c1-40aa-8185-fcfb3c9afdaf", "comment": "Malware payload (AgentTesla)", "value": "57645b51f80af2436a094e58464cca9a50065a6b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681754, "uuid": "914baebe-0f90-48b2-8c76-e2d28a7653b8", "comment": "Malware payload (AgentTesla)", "value": "1945c1b1beb29a261956b0cad76fba907a0b241e59a1f82f947eb248bf35c51ba9585cc1e1e429d0798c9d47c82de23d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681754, "uuid": "ac6d9ba5-7856-4380-a3d8-5e1658495355", "value": "T185357ED1F150899AEC6B06F1BD3BA5302493BE9D54A4810C5A9E7B1B66F3342309FE1F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681754, "uuid": "254ed395-6c7b-4f23-b383-4f57e07e2c25", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681754, "uuid": "121b84f5-241a-42b0-9834-298c17cd27de", "value": "12288:MWkrvtW8G34/uK45+po2ctlUMpH7v6QnbC9GIWph/JxKBJjYXMXB9jZUYWHSuI9p:yu34/up+pJctuMpuQnbC9GRnx9c9A18", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681754, "uuid": "677fd77f-8672-42cd-bc21-fdf680073bec", "value": 1129472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681754, "uuid": "cdaa40cd-1962-43f4-9844-c7ee1c5268a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681754, "uuid": "04aa49e8-0dae-4f13-a4cb-628b6470ac0a", "value": "Halkbank_Ekstre_20230426_075819_154055.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18a44245-9277-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RemcosRAT)", "timestamp": 1701675070, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701675070, "uuid": "442405de-9e86-4d74-8997-2d2d5a5aa014", "comment": "Malware payload (RemcosRAT)", "value": "2897ba645bfca773eab9e060737109b7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701675070, "uuid": "659500d2-a70e-4bfa-a99c-b1462db4a08a", "comment": "Malware payload (RemcosRAT)", "value": "290438510b39d1bed591f205153bcdd1eb5772610de350fbadb751afeb431b49", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701675070, "uuid": "12190986-9a08-464a-acd9-f66d340b89d4", "comment": "Malware payload (RemcosRAT)", "value": "7584f39c3c6ad1ecff07349ead71c7f38d8ef2d3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701675070, "uuid": "ad9cc636-1b75-41d6-b9dc-219b25c24f75", "comment": "Malware payload (RemcosRAT)", "value": "99e82d2862afa0e42be15d556c50078316f8842524006337d3429153a2a41d7893ebf6f299ebc14b618e46488343044b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701675070, "uuid": "53dc228a-9470-4c60-bb2b-1ed2e27f52c7", "value": "T1A415018C7550B29FC917CD7ACA582CA4EAA1657B530BD307A413218CD94EBEBCF251F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701675070, "uuid": "c336251a-0e11-4271-99f9-2b80e40b99fc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701675070, "uuid": "2a1c0a71-ff1c-4ea0-8889-375d109bb5b6", "value": "24576:d+pJCfiG0MUmlXcaR7serR23Ins2OYQMokCMuUe:uJCK/MU0MQ7sersYndOn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701675070, "uuid": "5d3f7849-5ce4-48b5-9c6a-addd4773166c", "value": 961024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701675070, "uuid": "0d2d23a1-9aa4-472e-9ef4-46b2b4b1a519", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701675070, "uuid": "36dc3610-2124-4828-9cff-1013c3786a20", "value": "SecuriteInfo.com.Win32.PWSX-gen.24780.31199", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c405028-929c-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RiseProStealer)", "timestamp": 1701691129, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701691129, "uuid": "8ec170ce-8c93-4f2b-8b9b-71e0900340d5", "comment": "Malware payload (RiseProStealer)", "value": "b8ddfb64b38065c2ff67cde37bad24b3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701691129, "uuid": "bd1dc97e-e2fc-4494-9051-5ea09c860307", "comment": "Malware payload (RiseProStealer)", "value": "2922fdceb5d931d1492d4d8d7c7206d36aa18659cad221667fcb0b53ee0ae4dc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701691129, "uuid": "c14b54cc-446a-47c9-8e52-418d95517dba", "comment": "Malware payload (RiseProStealer)", "value": "b77958e678c4df568a2423b2630513eed16d1a71", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701691129, "uuid": "aecc3c14-fe54-4c1c-bdbf-d7c81815e24f", "comment": "Malware payload (RiseProStealer)", "value": "c5ff2fd20ac0f2b08956ef5c9e90398038fc5788ec1827968ea676fb4b932e09bd373b5ab8542e1e27dc58bf8db8fc0b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701691129, "uuid": "17f6f1c1-06ea-4e65-950e-22ca926b8dc3", "value": "T110E5234A9BC12588C05EA1760602BE7C77F2BE3A71198F1B6058B7EFCCF66927935053", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701691129, "uuid": "e7cced96-f9d6-4d00-8b0f-6430e7f1e6dc", "value": "ddfa2d0883ac7fd205ef7f07d30c86ae", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701691129, "uuid": "e234f3e5-7999-496c-ad3c-fd2d89a54d00", "value": "98304:Rh4750V2BjpchSA3UtM1HSb1rjs52o3SFz2i:RSVZEsA3uM1KW52mSFzr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701691129, "uuid": "8cac7171-453c-4047-a314-84c5314115ae", "value": 3182592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701691129, "uuid": "594a725a-788a-40b2-8ee0-068ad5f999ad", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701691129, "uuid": "6f5c55d8-5e6b-46a9-b3c5-6253f5f8d14d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92f20a11-92a9-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701696750, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696750, "uuid": "32a33076-67b5-47fc-81cf-d9f1d57eb6db", "comment": "Malware payload (Gafgyt)", "value": "8ab31274d28647de8b6dfb31118f58a9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696750, "uuid": "a1dd3c17-5d66-4f68-ab89-671428ffb93d", "comment": "Malware payload (Gafgyt)", "value": "2932b530c13fd4fe1d76f14b16c3c9e283cfbd1d73969695c222c8352bfd9d9b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696750, "uuid": "a88fe818-6aa9-438f-9c49-c89ae3958680", "comment": "Malware payload (Gafgyt)", "value": "4451af80e1984905601771018ed689baa5172ac1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696750, "uuid": "5e7be431-870b-416d-a3d2-dbf38ce3327d", "comment": "Malware payload (Gafgyt)", "value": "063ae77aa97c66519af3d5ee141a8f51da2240cfee0e4d32653e881dc4363f828e869838ed9693bfe72fd260f34bcd18", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696750, "uuid": "96c85ce9-13fe-468e-8dbe-8a82093cda97", "value": "T1FEC30837F61C0793C49B06B11CAB3FF25F68B7E323D7618522299A9406739F12816F99", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696750, "uuid": "89d0dbac-dd78-4b25-b78e-321d58ef98eb", "value": "1536:nQtFIGbnHczzdsYovc6o3CFcp5iRp2BH8/Ar9cGmOtbmWoV7O/5uRBTE:n6qrutc6o3YUdihOtbmWoV7OhuRBTE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701696750, "uuid": "8f456313-9ea0-45d5-8595-001271783a70", "value": 128320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701696750, "uuid": "df0ca31f-b090-4189-8b88-99d37c11d50e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696750, "uuid": "5415a11d-aa07-48a0-aac9-74fd470d5eb6", "value": "8ab31274d28647de8b6dfb31118f58a9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "12b7f79c-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698253, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698253, "uuid": "4f639e74-500a-413c-a6c5-3c1966b48933", "comment": "Malware payload (SMSAGENT)", "value": "c52a9c15d3951c2139ed50350bbf2079", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698253, "uuid": "8346d937-5a86-491e-b01b-8afb185be4fa", "comment": "Malware payload (SMSAGENT)", "value": "29648ee751f47b0296b855e3cd0fa43120168d578048ea300c3bb294d34abf8c", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698253, "uuid": "670ef586-928c-4514-a1fe-2772f2da9084", "comment": "Malware payload (SMSAGENT)", "value": "1833060e53e7a98b90e73522f49e94e3d7a7194c", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698253, "uuid": "24f1da53-6cbe-496a-a3fc-74c9f8c8f9f6", "comment": "Malware payload (SMSAGENT)", "value": "43d34489a1ea7bb401a05cb05ed2b7c2b51ed92ea7c38690d69001fe20b2b34005d7442bcc1957d2d872d84496bb7858", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698253, "uuid": "b73442cc-8a00-4a14-9e5b-26796cada6f2", "value": "T18566011A775EFC0BE263DA3123728D4B772B85F51360E3116B06B0686FB3D448D6AD1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698253, "uuid": "49df6f47-7774-48d6-bd68-c19fdd907ff5", "value": "196608:cyoEI25FawilQNbk2fwDBEpAZ9J9DCJYu:cZG50qJkjkAZ9PD6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698253, "uuid": "cc71aa59-35b8-4fa7-a61a-c90e4d8a6d71", "value": 6699955, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698253, "uuid": "7f0595d4-4c29-409a-8ef3-d2043866f4b7", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698253, "uuid": "055d2167-ab1c-4e26-89d9-b70bdaeacc07", "value": "KinoPlus Pro (5).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "063b3a0d-925f-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701664731, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701664731, "uuid": "f34b21b7-9f56-4804-ac61-112705e9b7b4", "comment": "Malware payload (Formbook)", "value": "ee5145b840c593061b4b96628a1914e3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701664731, "uuid": "12ea0c88-e2cf-4822-9a53-74715aed0db3", "comment": "Malware payload (Formbook)", "value": "2a0883f81fa813b247ae1243050bc720926599286a213725a86a50ced42c0ead", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701664731, "uuid": "5fdf966e-6e04-44e0-bbbe-5e89306e4858", "comment": "Malware payload (Formbook)", "value": "7d4c50964e792b682a5a78c4fd9c33da613f77bc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701664731, "uuid": "fb6c6c99-b4cf-4bf5-aaca-760d6c7fcdb4", "comment": "Malware payload (Formbook)", "value": "fcebbe836c189af2df47723c0546b321d9017d5220c2fcf917ba358b080f4220f19c507a8c8acb6295f897753b0da270", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701664731, "uuid": "ebf2f7c9-7d12-4eb9-83c1-bb3a7aa578a1", "value": "T105E4BE4EA7214293F0082B75CA7D7E5902201C7C75C5E7D4BAA57A1BFEE1BA7583302B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701664731, "uuid": "26f20d34-3e7f-4b18-94ec-f387d82541ea", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701664731, "uuid": "f3b1cc92-302f-4f3f-b16e-e54b3eb2e854", "value": "12288:U45+po2b0+6AhZ2wgFxBUb5BFAyXStkOgtrWl5THfFa9pE3bvPoAYTA:X+pJ4+JhZ2wgFxObJXSCrWrFarcnkA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701664731, "uuid": "405bdcdf-a48a-4c2a-b109-9a2f44fbf315", "value": 676864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701664731, "uuid": "501ded2f-a401-42a1-a9b5-8dc91367ead4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701664731, "uuid": "f90bc775-6ad3-4c99-b1d7-1a3d8d573223", "value": "SecuriteInfo.com.Win32.PWSX-gen.10739.14206", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d540cf7-92aa-11ee-b7ea-42010a9c0006", "comment": "Malware payload (GuLoader)", "timestamp": 1701697170, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697170, "uuid": "0c827415-bdf3-4788-9417-be6e27a973f6", "comment": "Malware payload (GuLoader)", "value": "bb7da2d2fa0c3751a57e560213b30192", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697170, "uuid": "510611c6-c034-4d65-ab30-69acb0a0443e", "comment": "Malware payload (GuLoader)", "value": "2a31e2226be97afc5f3d9d793c9bb9a611e11f839c0a6bd6b89f5077bbc22969", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697170, "uuid": "2c3df537-8b3d-457e-8e2e-3c88e3180865", "comment": "Malware payload (GuLoader)", "value": "394ac41e2ddc454c9206df5a8124adac01781336", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697170, "uuid": "05a457a7-b991-4471-aae9-18ffb2bc708d", "comment": "Malware payload (GuLoader)", "value": "204daf5358524cd88614c36fd2614099535b9f4d1a804e82401b59ff17d0fe4a07b3a7ba904394c1d07c390c3f0d3a29", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697170, "uuid": "62a6f0f5-12e1-4d0f-b9f3-70c09b25eb39", "value": "T17AE423046B60E557E4AE4971C9E92AFF8B645F05E8710B8B2764BF9835332938F0C7E4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697170, "uuid": "e44c4009-89b5-46ab-bac1-0a2f0ad1a6d7", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697170, "uuid": "fb38812a-2632-4bc1-8154-8693e7cfaf03", "value": "12288:xsNQ1IbHxUvQ0JeXqJ5kVZoHVHGRW77PxsoIzaxuuWpbrESL0lHlzzqRHIEL:xsa+r5m5J5QiMaS9zuoitlHlXqRp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701697170, "uuid": "b57d2620-b61f-40af-8767-5957a9fc009c", "value": 703984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701697170, "uuid": "eec415b4-2cd3-4e87-97e3-02990abed1b0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697170, "uuid": "dd794822-a872-4c13-9d0e-d5760e193e14", "value": "rMikeGathergood_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4b224a3c-9285-11ee-b7ea-42010a9c0006", "comment": "Malware payload (GuLoader)", "timestamp": 1701681168, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681168, "uuid": "4059a45b-8057-4e43-a293-c53d16886b4f", "comment": "Malware payload (GuLoader)", "value": "33f1ac98f66d9401e29e95fad2aeb4d3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681168, "uuid": "136b6139-6991-4376-b4f1-5486e5ad1dde", "comment": "Malware payload (GuLoader)", "value": "2a6653ae72f38620dcd1d53caa82bd341b82be633ca1be99ecf372480d972f0a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681168, "uuid": "6b1f3940-761a-4b9b-9b8b-0aa609bbd557", "comment": "Malware payload (GuLoader)", "value": "b4262fbbdb496538b9fb6a1d7576f368406916d5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681168, "uuid": "73f99647-ad08-453f-be2a-3c1e95175af6", "comment": "Malware payload (GuLoader)", "value": "ff99517966897cea1bae5a9acd46774bb8819f87b7264b3e1dbb38215577f6b84b90fe9bdeebe06f342e4e81b18afa01", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681168, "uuid": "0b08f6cf-c3a9-4485-b3ca-bd84bdcc8a1e", "value": "T1F8D4F103B78C898FD9621BB051B3A64B57F0BDF515B502167E28786F9D3B3811A3AF18", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681168, "uuid": "47547e97-5575-4e6e-8796-4bd805fef554", "value": "93dfc16ed07ebeb5b405221f10d12c0e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681168, "uuid": "fbbf1236-da05-43c3-8343-1fbaad54b1c5", "value": "12288:AS2dfQBQfYBzJtHdw8bTKrw/Ox4ZUoH/3VI+4:z2dfWXBzJZDWKZZ3S+4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681168, "uuid": "02021535-0fda-48dc-9e23-9f219d7383f6", "value": 613880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681168, "uuid": "fc599ee6-7ff0-4936-a1bb-c030929a5cf0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681168, "uuid": "5858d0a1-376f-4458-ba3b-6aa7a3896f16", "value": "RFQ 10769.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f2edd4b-92b9-11ee-b7ea-42010a9c0006", "comment": "Malware payload (XWorm)", "timestamp": 1701703401, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701703401, "uuid": "4f9b06ee-a334-4043-911b-b4506441512c", "comment": "Malware payload (XWorm)", "value": "ad76c09fbe3d4e87ac9d7ebc3456fc38", "object_relation": "md5", "Tag": [ { "name": "vbe", "colour": "#90A20B", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701703401, "uuid": "777949e6-e4eb-40a7-8544-327514b49aa8", "comment": "Malware payload (XWorm)", "value": "2a7167b6f024296069afe5a25fa2e7fdc1703269bef56b6131f41f24df1486e0", "object_relation": "sha256", "Tag": [ { "name": "vbe", "colour": "#90A20B", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701703401, "uuid": "c70b2fc5-4500-4f89-b10f-7c10d6fa9ee1", "comment": "Malware payload (XWorm)", "value": "5329d8f7ee73a100b6ddbf9bd55dd07f174c8f57", "object_relation": "sha1", "Tag": [ { "name": "vbe", "colour": "#90A20B", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701703401, "uuid": "cf1a0b03-5de8-4880-b55b-897b0c91b59e", "comment": "Malware payload (XWorm)", "value": "ea86b3fb8f24f2d10d5bb5dc628da3cc36d1cff1963f27844cd6e86ff6806187c861971f966a14d17a738adc8373c213", "object_relation": "sha3-384", "Tag": [ { "name": "vbe", "colour": "#90A20B", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701703401, "uuid": "3056e556-0d34-42cc-bf14-77bf93f733cc", "value": "T184F32A6079DA9248F3F3BEA359D8BEA5DB9BF7A33758804E7440430B0B175809D95A33", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701703401, "uuid": "2c5235ee-d474-45b8-954f-c777d222e13c", "value": "384:kfl1bBIbkXbkdbgtb3vb1lb3bqTbL0LyfwGG9:01bBIbMb+bgtb/bHb3bqTbL8l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701703401, "uuid": "06ed5786-3bec-4cc5-b8e1-e8250e045328", "value": 162844, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701703401, "uuid": "e23b4916-eca8-4f7b-b38f-950f1435a8dc", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701703401, "uuid": "d43334d2-50f4-46dc-918a-f8e7c210c60f", "value": "Liste des articles.vbe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19fbf2b2-92c6-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1701709003, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709003, "uuid": "2e24b070-fd98-4856-ba10-461e3a0c7646", "comment": "Malware payload (RaccoonStealer)", "value": "c7908f08f9c526520cf5d1292688a98f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709003, "uuid": "4e277a1e-5962-4227-ab36-d1f690749851", "comment": "Malware payload (RaccoonStealer)", "value": "2aac02c5bef87c05551992fbbe2ac321186b59fbbb653391f34b021e18d9a622", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709003, "uuid": "d6e03a1e-e94d-4f8a-b8c6-d0cec9b09c33", "comment": "Malware payload (RaccoonStealer)", "value": "a27c4623998f88a4de7e13a97565b946de3c0286", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709003, "uuid": "62f2f7ea-de13-42fb-b4fb-baf1d433a6f3", "comment": "Malware payload (RaccoonStealer)", "value": "d82eec25a995551a98d8b751a3f05c32f0971fe6220f082c4aff7e2eb0cd51aae632e53fab837b5aa4f445f19844a7e2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709003, "uuid": "14a521be-5e02-42ef-9690-c370fd80282a", "value": "T16986336363A34109E8D5EC36C537BDE072FA273B4A82A8F415CEACD225254B5F613E53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709003, "uuid": "e41ba44a-e4f5-40a4-ae8d-7bd15e6f473d", "value": "98ff18fb0433db6942f9a5da4c8d10a8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709003, "uuid": "a0544365-dcf9-4406-9c51-b8bd27e8ab3d", "value": "98304:yO/upfZ5cDYkLuTI1c4MbISDSDaYkWTt5gROSwtQWW28jlexcDtPTN/ylSOZ5fBI:2fZ+9XsDSDaOH5W284Q5ROZ3tX88yP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701709003, "uuid": "9ecba03e-c50f-4cd4-9c65-8d505b7c1464", "value": 7892480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701709003, "uuid": "fa45de40-871e-4ca0-a7d8-aa0f0805afbb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709003, "uuid": "670e0d5f-67bb-4b29-bb2e-4347e47308b7", "value": "zxbg.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2f8352b-92c5-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701708830, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708830, "uuid": "c668613d-4804-4976-b14b-abbb35a5fe4d", "comment": "Malware payload", "value": "48ab16c4ebb4ead631c34eb721f6f58f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708830, "uuid": "152e246d-cac4-48b3-94bd-d5836e262690", "comment": "Malware payload", "value": "2adc83adaa4d63ab4771ac67c21f5cba04bd330ed62bd032ae2317cebfeb4fac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708830, "uuid": "262232b9-2d11-4d24-8a4d-25def3685959", "comment": "Malware payload", "value": "b899d02774c69f7f29411fa79272c32d6e94ba01", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708830, "uuid": "e3bf6339-d67e-4d4c-a761-26a5f29c33bc", "comment": "Malware payload", "value": "228d7aa4f01a7c9137da0654c1dda629e06083685b08e8dae3b2cbbeacaee0533c579a65ee055e56acf2227549e17f8b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708830, "uuid": "15510626-12aa-4230-a4c5-0a645dd24103", "value": "T1E222D906BBA25537D2A342B41479CA92F92FB42623F14D054E2C047EDF633C396BB74A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708830, "uuid": "616f954c-75bc-46dd-ae02-103dcfce97cd", "value": "192:nZOls/KRn4nnnnnnnnnnLuuKYQkltS2hhtHhyjvDIvCnCy:nZOlGFuunSAhuzDIhy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701708830, "uuid": "a39ad065-fe39-4f88-b5b5-3d7cca54450d", "value": 10744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701708830, "uuid": "3bc05225-01d1-49a4-8e97-8f4ccd4479ec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708830, "uuid": "a48111bc-44e7-4142-b9ce-e61f49baa00b", "value": "48ab16c4ebb4ead631c34eb721f6f58f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38638f23-92cc-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701711631, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711631, "uuid": "889199d1-c871-409e-a2eb-8af49fd32c3f", "comment": "Malware payload", "value": "b8a5e6e2da6b080b65fb9a7617036e02", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711631, "uuid": "24c735fb-16fe-4a1a-bc83-575f51c72e64", "comment": "Malware payload", "value": "2add2729d0adfa410ed237dbf911abb52f167609cea0ef2517cd61de7555b8cd", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711631, "uuid": "1b576638-4b9c-4483-9d7d-018b466940c7", "comment": "Malware payload", "value": "7ff1fb59da61853d4a393441d54d7be96b9bed3e", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711631, "uuid": "4a5e2504-aa20-47b6-a62c-08145433b826", "comment": "Malware payload", "value": "1c1514e8692e5c6e4d79017384c95cdb3ad3b6aeaaf50ea45b0c3274a8310f145fea77b9d887b97088fed9f6609d0267", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711631, "uuid": "c55268c2-6212-4a5f-97ab-9665cae0e040", "value": "T1510144DD1E24595AC907D470566E8AEDC8351D0F843FB88A2EB428958E69E923F3D8E0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711631, "uuid": "b0848d5f-adeb-45d5-bb4e-a2cda1ad0629", "value": "12:+35TwIFH/9gEsMzg7bKIZ4wHQpw1dxJTbtO4svVcjsUt0kM83xa8:+35Tww2EsMzlIRQe1XJ/kBvVcjsUfM8v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711631, "uuid": "6aee3d49-3750-4820-afd7-36787c61bc18", "value": 729, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711631, "uuid": "4271db85-a9a9-4b02-9ee4-7ee1192bafd2", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711631, "uuid": "a62c5637-a980-4c07-bfb6-5e70a160701a", "value": "FacFiscalDigitalenmi6Q8V_C(549).rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98871dfc-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701680868, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680868, "uuid": "6d9e9836-c70a-4b71-b303-26cc548fcd83", "comment": "Malware payload (Formbook)", "value": "9ed6e4ffa0ab98b8698e534a9924275c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680868, "uuid": "9ffab9be-9174-40cc-8600-c47cde6a563e", "comment": "Malware payload (Formbook)", "value": "2adf12374473a7fd42a48cd30a1e59f4668ac77b82e4b0c02ffd498f57f0520f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680868, "uuid": "01ddd6b7-8100-4d79-9f53-136345a3e8be", "comment": "Malware payload (Formbook)", "value": "3f1335316d8c8f73c08f283d2efe88dc6a398041", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680868, "uuid": "bc955eff-1fb0-4ef6-b4e0-272495938649", "comment": "Malware payload (Formbook)", "value": "81c8179c30b5126a75ac316ad9c79cd64aebd91defa6018d64b59a9bc1d9d1942a503e623b2c8cefc05ab5c7d1489e79", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680868, "uuid": "5400c29c-73c4-4202-af8f-d4d682545961", "value": "T1E6D423B7F35C8F12CEFA91FFD42DAA4003775E079621E9165CA8A2D918C3F5A1A81317", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680868, "uuid": "fba703a5-0751-4c75-9246-4f4716b476fa", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680868, "uuid": "196caa6d-455a-4c40-9479-743ef413a4f4", "value": "12288:Z45+po2nO9otUWBVPzCgMphz5hLRnSE8La0Z65Ar:k+pJnO9otF6gMHdSE8w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680868, "uuid": "c2d24ec1-28f2-437f-b20e-20a852c60d2a", "value": 651264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680868, "uuid": "772debe4-c486-41c6-9215-64611e3db747", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680868, "uuid": "0ba247f4-23dc-4934-ad9b-31136e318294", "value": "RFQ# RE-S327 Supply SA-19.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c43c2561-926e-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701671493, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671493, "uuid": "b0b8fc7c-ce52-4f33-a815-62fcb4b31d31", "comment": "Malware payload (Mirai)", "value": "ea61062b480cba239937d56e4362b75e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671493, "uuid": "4ad0cb2c-2e6e-42fa-95ea-8d18770f3edb", "comment": "Malware payload (Mirai)", "value": "2cb34f3a5ed9411ec6fe58fcf1d515dc82643a09746505722e147bc143a01ea4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671493, "uuid": "3ee8d47f-3b0d-491a-aa81-f05cdc93c119", "comment": "Malware payload (Mirai)", "value": "86f2bbac5d99d9462026be8cecc605b72bee14d5", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671493, "uuid": "6cc152f2-90c9-4edd-a536-c460cd6993cb", "comment": "Malware payload (Mirai)", "value": "67a20fbfaaff15424ff0446720100272f71e90f2364edd43fe1fa76b667e6ccc3cea0c1c32e52821a559ebef1117056b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671493, "uuid": "4bcdedb6-6a69-45e1-9996-73dd23e1f87e", "value": "T16F533855F8815723C6C1127BFA6E028D3B2613E8E2EB72139E225F21378796B0D77E45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671493, "uuid": "d5e704d6-3174-4caf-833b-dda9885533e0", "value": "1536:NjhVhOLnTU6fuSnxoBYP7rWnZRxvv0Q5:Nj4YmxoBYPMZn55", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701671493, "uuid": "12164e7e-138b-401f-abd8-f7d91b46d6f0", "value": 62980, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701671493, "uuid": "d6732f05-f7c0-45d9-9b97-a74096720a1c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671493, "uuid": "f6801317-0282-432c-bb92-898ceebad219", "value": "ea61062b480cba239937d56e4362b75e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "759875bb-9240-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Smoke Loader)", "timestamp": 1701651604, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701651604, "uuid": "e4bb60b1-adc2-4600-a5df-e6c51acbd6bf", "comment": "Malware payload (Smoke Loader)", "value": "72f0be04d85e8eb1898436deb07a3628", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701651604, "uuid": "a90753b8-071f-4802-a8e7-8488e547270c", "comment": "Malware payload (Smoke Loader)", "value": "2dd2b9077c3a54871007f04de5e91f3f6d12fca99afc77ced44da7aa3268ba26", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701651604, "uuid": "ffbdee3a-ef0c-4a61-b950-de1f2f98066c", "comment": "Malware payload (Smoke Loader)", "value": "9c4f3297fbedecf3f71dfae2489e5a8aad9b5f07", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701651604, "uuid": "468d4f45-f767-4371-8afc-98150a2bf44c", "comment": "Malware payload (Smoke Loader)", "value": "69f0fe6dbf7f5416dbd43e411c6aa96f0211093231fdb4e1bb68339a4687bb6549f81475ebbc54884c4508d7185d3a99", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701651604, "uuid": "1e7d8ed2-bdeb-4bb3-a6ff-49055fa23eb5", "value": "T18B44AE1273E1D471E1530A798E6AE6F52B2EF8614F916ADF23946A3F0E703D1C6B6301", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701651604, "uuid": "ad0ce8d6-a1a7-4f7e-bf3a-ed54af3ec872", "value": "5fb506b70643f37b65928468364d30e4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701651604, "uuid": "1cb54346-7454-4e60-976a-da18e8091592", "value": "3072:XvhWDSDFGgcUQoNZXA1+gXrW5B+MNyeNttkX9vK0GyJgGa0Cl3cn:/sDw1NZXAggXIBdyQbkNvKQJs0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701651604, "uuid": "1f755b41-121f-4f03-9e24-05fef96b3632", "value": 267264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701651604, "uuid": "e893822e-e8e7-46e4-b9ca-c9f03c46cb43", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701651604, "uuid": "bb93a29f-cff3-477c-a97d-8e9015a3a84a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4704b4d2-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698341, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698341, "uuid": "4107b06e-283c-4698-9b01-0a06e3841a70", "comment": "Malware payload (SMSAGENT)", "value": "f0c83a3fbebf3ebe6ccc6a145e0480fa", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698341, "uuid": "830ebb8f-d588-4381-92a1-ef799d40410d", "comment": "Malware payload (SMSAGENT)", "value": "2dd9af91dd4a712e8fe4db95f854e977f774dd3392e56314de48f058704afb32", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698341, "uuid": "94f1b62c-2d9a-4a84-b7f6-b6b4cdcb81e8", "comment": "Malware payload (SMSAGENT)", "value": "1b99aebcb93ff6be94cf77dd748cf23a98653e7d", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698341, "uuid": "661f4232-8f82-424e-96e3-f65c6c9256a4", "comment": "Malware payload (SMSAGENT)", "value": "aa2a0a3dfdc30401b459e1551ba7d30f5897cf3da7df372df328aeed4bcb6a087ee430296eb834c1d1e0666643eae040", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698341, "uuid": "302c3a62-92a7-434d-869a-a0ef886a2749", "value": "T132560175731CF40BE073DE316371814F71E185E51A72E312AB07B8185DABDC4AAAEE1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698341, "uuid": "c67c5c40-8052-467f-85be-b8e0ccb29baa", "value": "196608:/lDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYC:dirUVis8O/0giAZ9PDm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698341, "uuid": "129a27c5-42d6-4790-aa89-0786a3e2dd01", "value": 6368186, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698341, "uuid": "10ff9fe6-93f3-4b5a-a169-7caab78d5d69", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698341, "uuid": "e8287d2b-c0e0-4c67-8d79-4abca14ce739", "value": "\u0422\u0430\u0439\u043d\u044b\u0439 \u0421\u0430\u043d\u0442\u0430.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8450464-926e-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701671499, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671499, "uuid": "c162e34b-61b5-42f1-a9f0-90895108efb5", "comment": "Malware payload (Mirai)", "value": "214ec8af0b041670eaff8c6077e3e635", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671499, "uuid": "bbdb33df-a5ae-478a-8b94-4de1cdc6fd4c", "comment": "Malware payload (Mirai)", "value": "2ef6b1b47313fa42f80267c27c962fb6cb572945ab01fdfbec516e66f8473ed8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671499, "uuid": "ec18e2b2-fa3a-4abb-8a6c-e6e17b213bc2", "comment": "Malware payload (Mirai)", "value": "4232c590c7f6c1b2f6b166ec4df5dc64b5eed600", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671499, "uuid": "3da16525-1c49-4db6-89f5-2e3119045e17", "comment": "Malware payload (Mirai)", "value": "f5bec17f7c507660f793f3f5ee61d9bfe14420224f851642543bb97dccc1817b5505e7a6daf7c15e77a11c0feddcd0bf", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671499, "uuid": "d92cb3a4-3219-46a5-984d-769601a6aabc", "value": "T16473985A6E218FADF759873047B78E15AB9823C627D1D642E29CD6002E7034E641FFEC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671499, "uuid": "2f633649-e4a2-42e8-812a-7d1ded4ecc8f", "value": "1536:NXiH3Fz6c5CqbFzWYtq1lvWtne4ThnTaO:NXi1HbdQ1ZW5nTaO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701671499, "uuid": "a2c177e6-db04-4564-b575-44611bcb00a4", "value": 76524, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701671499, "uuid": "2dd618ef-ccdf-49ae-b4fe-f005e427ee29", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671499, "uuid": "4504d52f-3ebf-43c7-b434-37db7140d4a0", "value": "214ec8af0b041670eaff8c6077e3e635", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5870f2e4-92bc-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701704813, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701704813, "uuid": "254a98cb-b82b-4979-a43d-f0e428a56da2", "comment": "Malware payload", "value": "aa82c709f5863c5e167d419d45e11670", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "tag:screamer", "colour": "#B68FC7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701704813, "uuid": "065344c9-5cbf-43b6-8f06-3ecf8f599a46", "comment": "Malware payload", "value": "2fa3229fe01e0615861cd8f4d03aa64ed6640b4c9f84dc395e25c91002c07a12", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "tag:screamer", "colour": "#B68FC7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701704813, "uuid": "416f8ddd-da5b-4e1e-9ba2-75521e6a8559", "comment": "Malware payload", "value": "b3e81da648b43c581f7374e1a54a20b9c6831e13", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "tag:screamer", "colour": "#B68FC7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701704813, "uuid": "6068742f-5df5-40e5-89e2-803c3e1016b1", "comment": "Malware payload", "value": "8ed8ca60c3aa5a2973671eaca8ec9a726b9f9adb640382bff783ae7cd08530c63571cd1560d4adbf3641ba80b7f51472", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "tag:screamer", "colour": "#B68FC7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701704813, "uuid": "1df7044f-f760-45dc-af00-95893bded3cc", "value": "T1C6C51276BAADE01AD953E4399061B50BC808301C454AFAD71FB5C78C8FEBD889746ECD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701704813, "uuid": "342282e2-7025-45db-93f1-96a052982009", "value": "49152:AA+VHmypbx2Pc4tdrqok6vFIRjTg3RLsM1CjwBoAyC9a0W07zPNywYV7KHe:AAEGylmtdr93vFmvgZsHcbyhSzah", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701704813, "uuid": "cc472e8e-e14d-42ae-abdf-ce4d16448e84", "value": 2691199, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701704813, "uuid": "5801e055-8278-41f5-a920-902f2a372338", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701704813, "uuid": "610a757a-0a29-423d-b7e4-ec51b27cd09f", "value": "Sex Virus.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab6ea9cf-92a9-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701696791, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696791, "uuid": "a3ea025f-a7c3-47cc-b024-891efdb8a674", "comment": "Malware payload (Gafgyt)", "value": "2d9e754ade572ba7c1d1133ae78d8490", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696791, "uuid": "3b92d7ef-3d60-43d5-8b7c-d774f1b28cfe", "comment": "Malware payload (Gafgyt)", "value": "3074ea92b7997421402ba0890db5e9275846c5c78ad2315c1b8d7b94b77c27ea", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696791, "uuid": "2cffc8cc-517d-4486-b4f5-93eb893383f5", "comment": "Malware payload (Gafgyt)", "value": "e1a33c9f8cbd7459d39981ccc7e5b34b4a50441c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696791, "uuid": "bf3b1443-f981-4945-85ed-6a1131c9dc3b", "comment": "Malware payload (Gafgyt)", "value": "356192c7dba7b3999b68e73620c055950dd32020d745c1b8ee8474555901d1c534b15df93ca0dc3e1483f658833c8e85", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696791, "uuid": "19f1e63f-88b2-4b0a-82b9-036f2ae74a07", "value": "T19CD3D6B6F501DFA3F04BA63204D79E256E70BBE31B83612A332635A69D721D53C13E49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696791, "uuid": "7e548c2e-6bb8-4320-a89d-b0f33fb896b1", "value": "3072:2q6JxNw7P2oMqXp1SbCyFHfBn5/bs5mWoV7OWIRBvE:L6W7P2oMqdyFR5/8mWoV7OWIRBvE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701696791, "uuid": "d5dbb308-4bcf-451b-9dd4-e7b92c7991ee", "value": 131451, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701696791, "uuid": "9cd4e21e-f465-408e-a968-42b4c01fe76b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696791, "uuid": "fd549ba2-91c9-42b0-89d9-b7f62ea459ca", "value": "2d9e754ade572ba7c1d1133ae78d8490", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4b85cc79-9294-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701687611, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687611, "uuid": "b9f0c408-531d-4de3-a4a8-a26e646d0fdc", "comment": "Malware payload (Gafgyt)", "value": "49064d0cb171261a25bdb335e963e2d3", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687611, "uuid": "9eef4430-756c-48c5-b35a-7ef73ddef03a", "comment": "Malware payload (Gafgyt)", "value": "31aab02979f10733df406eaa72180a161960f605bd64b17161140b5ece25597d", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687611, "uuid": "f9aee6d0-49f1-4bea-b8e6-d9d1f407b420", "comment": "Malware payload (Gafgyt)", "value": "08ce29fb3f0b8b271584bff0101dc158c0cedc44", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687611, "uuid": "337bbb7e-8934-4989-aa40-982debd9d774", "comment": "Malware payload (Gafgyt)", "value": "9eb94d718ebee5cd0427893bcfa61ef7602c061c9fbe4ffaadd17be660cfbd87df2b7459f85a3e40cd53e7d37e6f0f1f", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687611, "uuid": "75f0c8ea-d5ab-4c23-bee1-d6e5ef981518", "value": "T1D50431275A1ED217C49BEDF8BEE27BE2874DF1934AC6824271C4518D0AF5DA1201FEC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687611, "uuid": "75d0e21c-f79d-464f-867d-f6d7bd2dced1", "value": "3072:XDlPhngB9kvNmT+cCyMrUdmbxVlw3THv4+:XDlPtgB9kFmTvJdmbxVlw3THv4+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701687611, "uuid": "2cec8508-4aa7-4636-bc71-918b077853ac", "value": 181663, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701687611, "uuid": "e7b262dd-6a8e-44d9-8665-81238e470b99", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687611, "uuid": "a4d78f56-0d3d-4d28-94f5-2baff5cd50eb", "value": "hajime-like-20231204-1100", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29ec5567-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Glupteba)", "timestamp": 1701680683, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680683, "uuid": "5b94624d-02c4-4519-9ef0-10c756bfbaa5", "comment": "Malware payload (Glupteba)", "value": "16e53eac528705fdcee96056298b5fc6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680683, "uuid": "0a4c5331-a9a9-4a69-b534-b1db3b144e55", "comment": "Malware payload (Glupteba)", "value": "31d7d289f6d86cdbb78a89b8195692d22a5a32ef579de1538e2f1977ca744ae6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680683, "uuid": "5a1ea8f9-dfca-4844-ae76-3b9d04eede57", "comment": "Malware payload (Glupteba)", "value": "3a2f766f8d64ca95e621cffb1595eaf2ba810940", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680683, "uuid": "cb68d0b8-5941-4b91-915b-0b98d88f3f66", "comment": "Malware payload (Glupteba)", "value": "732508655500fdfd607c889deb19f08cad6937b973a783215c4b457d94a0369fc3ee7523ae0097ccdbcbc631f09d976c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680683, "uuid": "d863af26-9ab0-44c3-815b-f1848cfe6a83", "value": "T19F16332373E19465F113133A699BCBF05B19BC879F30A2DFA394542F4DB42B295BA381", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680683, "uuid": "ec006fd9-e6e7-400a-9563-9c79d8d8cee3", "value": "ed0cc8ddf488e35ca7481edd4055aafa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680683, "uuid": "752e37e2-af47-4eff-ab4e-d18607fa8e07", "value": "98304:ID6d3Gn6M502hTbTVT8r290Woe6HHn1R4I6MJ3YOtB3nFxmkGtQec:ID6dLM5vbTVTuWh8Xnf3YyB3nFNX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680683, "uuid": "207288b8-d151-4bbf-9f39-9fdb44d4114b", "value": 4341656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680683, "uuid": "7f982b2c-aa6c-40ce-83b5-427ca972f45a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680683, "uuid": "901354e5-b894-455d-a4e1-685600a72e85", "value": "16e53eac528705fdcee96056298b5fc6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc4037bf-92c8-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701710241, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710241, "uuid": "836d14e2-d672-451b-b69d-651bde9be481", "comment": "Malware payload (AgentTesla)", "value": "019012e11fcf33bde064894821cd84b7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710241, "uuid": "5ebf5827-07b0-49db-acac-60bec63b1dbb", "comment": "Malware payload (AgentTesla)", "value": "31dd42f85893cd5e7db1645bb8eae25f792c11be8eeeb602ac89148afb60becb", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710241, "uuid": "1a4c06a4-b410-46de-ae10-39c94f3630a5", "comment": "Malware payload (AgentTesla)", "value": "082751450a7064dfbfeb43f34a34be2ba3b24eac", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710241, "uuid": "6ab06c3b-bebb-49c4-90ac-a31b2f1ef336", "comment": "Malware payload (AgentTesla)", "value": "ec6bf45a44d2ca92d420b09823712e427d5d50ccf22c2d3bea4989c81a89f7036f566c75e6d8a5857fa9b580bcbcc9c5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710241, "uuid": "09578b8d-30ca-4547-a7ce-f6a179123a0f", "value": "T1C174E069EBC69452C0641A3B69F77F9237589EB6F06BCB0B015C3CAD29333A03D261D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710241, "uuid": "b7952fc6-fb61-417c-ab79-25535548c105", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710241, "uuid": "3a29f563-a0ba-4ee2-b815-b04d9b268b6c", "value": "6144:kARcM3CjleuEn1IETITGx5PmCyxq70y5BDG9DnSgiobI+H5/8b:VRcM3CC1zZXf70nypi2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701710241, "uuid": "4617811f-1083-450b-9f08-99db0e88fffd", "value": 366080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701710241, "uuid": "a680c087-8c52-4120-b628-d6294ca82891", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710241, "uuid": "f09747d7-9f87-44ae-a436-f8ee8476d4a0", "value": "FT23194060101821.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "312d8b17-92cb-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701711189, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711189, "uuid": "9c1475ad-685b-41b9-be28-5994f48570aa", "comment": "Malware payload (SMSAGENT)", "value": "ebaf7a99284d1a5e1ea6b4ef89060fe2", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711189, "uuid": "4621913f-76eb-4eaa-9676-f401c0ddfe59", "comment": "Malware payload (SMSAGENT)", "value": "320032c9f9527f6f77535f7c018978e75c69c27401a3500054f133186796cfc3", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711189, "uuid": "69fd7742-081d-4fe9-944d-cfcfcea72e75", "comment": "Malware payload (SMSAGENT)", "value": "76ffe34f32190d594400e2db0742fc322d839888", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711189, "uuid": "1a69d9e1-dd32-4d48-a1ee-6df8897d3c62", "comment": "Malware payload (SMSAGENT)", "value": "919f2d0d29e721a145aa403644eded36977bf89645affc06d1fad37f3cdecd44770b45fcebb5967d667728695c0456b6", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711189, "uuid": "97771fab-04f0-4b85-91a5-aadb1792dff8", "value": "T132179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711189, "uuid": "d824b95a-3189-46a4-8227-c904f6ae6c01", "value": "49152:LuuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvb:5v+49UBEIIddXHNqjecelnMI+lEaAuB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711189, "uuid": "fe35e40d-3d2c-4c58-b253-a30be3a3b616", "value": 18567973, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711189, "uuid": "bb50622b-ccf8-45bd-a2a2-72bd18558024", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711189, "uuid": "67420a8a-d347-4ed0-8963-3d85859c4240", "value": "CartiFlex.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7375c969-9247-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701654607, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701654607, "uuid": "031e0995-11ef-4ebb-9d81-be4ee2146b45", "comment": "Malware payload (Mirai)", "value": "cecead4737ac528767b87049e49b4079", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701654607, "uuid": "7755ed50-afe6-4668-b5ad-358c99f34e97", "comment": "Malware payload (Mirai)", "value": "3255f7011fa996abe0fb5ca26dd410cdd799b8819ebe39125b9fc9ff713d3b4b", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701654607, "uuid": "d7cd3c92-b7a9-4bdf-874f-da64a4c3dfdd", "comment": "Malware payload (Mirai)", "value": "90a03d30e662f65c5ca39eeba3833512ce968f34", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701654607, "uuid": "a61c07ef-d8e7-4c35-9cf7-9436dcf92857", "comment": "Malware payload (Mirai)", "value": "bc7809e7c13bda8cd8e8251441b80e47ec004c025b01166cc85d2cdaeaaf15e45bb35a3dee8e77c82fa184f764052ecd", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701654607, "uuid": "6184cb7b-f705-4500-b8a7-b38b4b4c118a", "value": "T16D531886FC819A63C5D452BBFB5E41CC732123A8D2DF7217DD116F643B8A82B0E6B641", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701654607, "uuid": "128fe48f-ae69-48cd-a0ac-f7d371155d36", "value": "768:bbR2lYEuSuOisDV50zjIEdXiOmEqtPUok10bGqXReiXRNAU2/DaF3TITrMCI6OzS:bIlPu9jIqyjHCqheHU2Kmnctb3OR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701654607, "uuid": "599a54b6-6b52-49d7-97c7-7fbd53aac667", "value": 63140, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701654607, "uuid": "a6c250ea-5f17-48d4-9fbe-102bf7182a9c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701654607, "uuid": "7c9b28fb-c971-4086-938a-cb98fb5614a8", "value": "jklarm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b9f0ee9-92cb-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701711287, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711287, "uuid": "d01bfc83-0215-492c-ac85-556d7f5c7830", "comment": "Malware payload (SMSAGENT)", "value": "13069daf5392ebfc1d7d7b8f195bf290", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711287, "uuid": "85856d7e-c140-462d-86b5-4986481b4595", "comment": "Malware payload (SMSAGENT)", "value": "33c3173e3a4a7a25b146de1a334457a79b91c8ba8e88688d2a077a5b4ddc8267", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711287, "uuid": "2c9f78cb-b48a-4a36-84d2-b58c7b9f87b4", "comment": "Malware payload (SMSAGENT)", "value": "76c422fe6665460d507d4133c19cd63bd9d27f7c", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711287, "uuid": "1a1556e9-9382-470a-b401-1ac9bc318d3f", "comment": "Malware payload (SMSAGENT)", "value": "038b764b1ea78a6cbcb5864a4792c588eef699fd2b27a9a6d84f0ad70b7251911fbd1df128305de40937a51f6909563f", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711287, "uuid": "fdea5614-1fc7-47f9-812c-255cfe9810cc", "value": "T127179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711287, "uuid": "400174d8-aedd-4e7a-ac0d-f0b3bfdacad9", "value": "49152:suuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvF:Av+49UBEIIddXHNqjecegKnMI+lEaAwP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711287, "uuid": "f77bda2e-56aa-4095-92a3-920173e70df5", "value": 18572127, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711287, "uuid": "ac846672-8230-4abc-bd62-17ea4a3070b0", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711287, "uuid": "03a815b1-f436-4074-bc9d-a5bfab7818e1", "value": "Messenger.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9afb138b-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701680872, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680872, "uuid": "b4c9278a-e27a-478a-a270-4629398297c7", "comment": "Malware payload (Formbook)", "value": "ce436d249b3dc5f16b9e84b3d44ec26d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680872, "uuid": "aa5a851f-da48-4e61-b3cd-d06f577bdb09", "comment": "Malware payload (Formbook)", "value": "33ff334a0bf2e8a1e899ff47a87edf30e6e8ebf05ce6fc5a1d6e7a7b5bd672df", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680872, "uuid": "be0ea887-1c6c-4b17-9a15-b91ec55742b3", "comment": "Malware payload (Formbook)", "value": "6794e758e48f42c93680004d2b5dda14ab4c9fcf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680872, "uuid": "aaaebf97-49cf-4c1a-8fe8-c3a9d9073a86", "comment": "Malware payload (Formbook)", "value": "f827841b5972f5e24cf35df90cbea2869fba0cb0a210169d433db20c161e7333a4461339564f4e1ed4e8638e5ccaf02b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680872, "uuid": "d0fd55b1-2427-4fc8-86fb-d63425d3fa4b", "value": "T179D4E19D7250B2DFC817CDB6C9A82CA4E650647B531BE313A05311ADEA0EAE7DF051F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680872, "uuid": "906b95de-a45c-415f-92c6-66ecbde21db9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680872, "uuid": "4fe199c1-a15d-46ec-bf58-7ad26b8d89e0", "value": "12288:6x45+po269GxhDkANw4cyzilmTpqLzj4y0QS17UMlPCMgFgZ:F+pJ69WDpQSA4y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680872, "uuid": "b3105e14-b439-4753-9ed0-5d80a17995bf", "value": 650752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680872, "uuid": "91e448e7-0641-41d2-a1e9-306339b73220", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680872, "uuid": "b672f7a3-07c5-47ab-ae0d-19e3786d843a", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5715af9-924f-11ee-b7ea-42010a9c0006", "comment": "Malware payload (NanoCore)", "timestamp": 1701658207, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701658207, "uuid": "daafbd76-e519-4768-953d-3487044b0d90", "comment": "Malware payload (NanoCore)", "value": "0c9f292df5bb12a2384a0fd2d62a363c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701658207, "uuid": "095a1161-977c-4b6f-bff5-2ec93c725f87", "comment": "Malware payload (NanoCore)", "value": "340afda65e77e299379392aa25dd7dd040d1a87e51f2249547d083a1d85641df", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701658207, "uuid": "b86de55d-4492-4260-aadb-f8dd69488b3b", "comment": "Malware payload (NanoCore)", "value": "ccc4c864a64a4a1945eef4d36a1b3ce208173880", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701658207, "uuid": "8bb2b7eb-bfc4-4f0d-863f-5652f61d2907", "comment": "Malware payload (NanoCore)", "value": "34869c8f35d81a7ab869c0b86e17f024f87240bf13b68390114935dafc41f95d04e47d6b099faafe93a21410fbf041dc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701658207, "uuid": "ad50587e-c137-4d78-bdd7-c9a1a6b77c8a", "value": "T1DCD423D7E7DCC702CA7BBB78A0D9A2158BF55B2AF020D70E6CE4A0DC1506F128761E56", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701658207, "uuid": "80ba62d9-20bb-4ac5-b0e1-9e9d527b3f88", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701658207, "uuid": "5629f74a-64f1-406c-a15d-4769dad768c2", "value": "12288:I45+po2sccCAQVStw6wYyBeMSIUJwS+RTbfl+RRiXp2kxtK9Wd:L+pJsbCmyp0JwSjRxkxtK9u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701658207, "uuid": "35ad1397-eb8b-46c7-bd06-02af130e2bdc", "value": 609280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701658207, "uuid": "66e92aee-4c37-4d10-9399-a18472d6a31a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701658207, "uuid": "67197b5a-ca12-4205-9631-72f004b4fee4", "value": "0c9f292df5bb12a2384a0fd2d62a363c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6ccc254-92a1-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701693348, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693348, "uuid": "6cfd8ed9-487b-4326-9ba0-dec9039b3cac", "comment": "Malware payload (AgentTesla)", "value": "0eca1ff62f8625aa1c0489462855d6fe", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693348, "uuid": "e2c8419f-c7f6-4015-8aa6-109a4d8b926e", "comment": "Malware payload (AgentTesla)", "value": "340d16854967a7c5d1b613d471f0b0c0ace3c88e26a38318b754df75a5638f33", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693348, "uuid": "956aade3-cd00-4631-99d9-68eb8226c66d", "comment": "Malware payload (AgentTesla)", "value": "4d9e6bb1d05523c70ed92a94eeed74c034aa2086", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693348, "uuid": "e44e5b0b-19a5-4f78-bcff-de1b4a780d09", "comment": "Malware payload (AgentTesla)", "value": "e10a341f2173c14339d8d2d953ffbc2ed9a6377d638d4814e76d2b1c7e82de2fa9aff8e78741742676906e9a556a8194", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693348, "uuid": "291ae534-5d36-4dfa-807a-e9970679c1a9", "value": "T19A0522A5B6749B2BCD3A83F0D63B606453B27D393851E14C9DC232DE5770B820E21B67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693348, "uuid": "38c3e3a0-fdbf-4c71-a6df-ecccc6a86eb1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693348, "uuid": "6f4a0e5e-2fe7-484b-b6fa-32b876c9922d", "value": "12288:e3WDtW8G34/uK45+po2kCMe96riKpJlnbRL/m5UogjGD2JzxeHloX3lKX5JIr0:C34/up+pJkfriKPS5UoiGiByuX1KX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701693348, "uuid": "291fe04a-1fd8-4344-9200-5bebe9f07f9f", "value": 831488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701693348, "uuid": "3bd35e7a-d410-4a39-a31c-722bb6b27671", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693348, "uuid": "f40cca34-3714-44ad-9de4-034becb7912e", "value": "SecuriteInfo.com.Win32.PWSX-gen.12243.29200", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc2f9e9e-92b0-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701699933, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699933, "uuid": "1288fc4b-1eaa-4726-bb7a-4de81db5470c", "comment": "Malware payload (AgentTesla)", "value": "12ce994a7771f557860a1dd0a6d7fa86", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699933, "uuid": "6f1085ba-3e63-40c3-a00f-7f5458a836e1", "comment": "Malware payload (AgentTesla)", "value": "34cd5a3fe4b96b4fd09ec6ea72ee1cd3924d5a69cd1a27c894c44cc705e6b5f8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699933, "uuid": "cb42123d-eed5-48af-827e-f5a7c1441031", "comment": "Malware payload (AgentTesla)", "value": "02fb55374e6fcc35838a86f61be0d1777c5b0ce1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699933, "uuid": "0947e176-a882-4460-9817-b1a3f3a56213", "comment": "Malware payload (AgentTesla)", "value": "be518ae2056801d105a8be9932b2c656803d7581fbb261f9e3c8df976d53afb42a38953f58e7f4a9347f57f9da4dfb2b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699933, "uuid": "257a0dde-cb91-448b-a799-4103a81254be", "value": "T1CD05122632E5CB5ACC3E53F0E83AA48493B1BE243925F64E6DD376EE0670F415D41A93", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699933, "uuid": "7fc2d0cb-e0a6-4ebb-8bcf-bfa4c01748ee", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699933, "uuid": "6bdaf2b4-5042-4ab0-b271-3a290f2eb957", "value": "24576:o34/up+pJcQ52CON7+xxPBeGVWtbU5N7:o38PJyN7+xWMWtIj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701699933, "uuid": "3c38b3e9-3be2-4900-a107-36b17cbcdd83", "value": 830976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701699933, "uuid": "95a19ec8-70f3-47d6-93fa-9df4ed19bf04", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699933, "uuid": "c93bd6ae-ee64-4ca8-a0db-f35033a42d68", "value": "SecuriteInfo.com.Trojan.Inject4.59820.14948.26378", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d34d69ca-925d-11ee-b7ea-42010a9c0006", "comment": "Malware payload (DCRat)", "timestamp": 1701664216, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701664216, "uuid": "c752fda4-f191-4174-a357-a74d941e6aa6", "comment": "Malware payload (DCRat)", "value": "280568f45143f46f51bde5e6e158ded1", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701664216, "uuid": "e8d8744f-2936-4620-95dc-f189ff034c88", "comment": "Malware payload (DCRat)", "value": "34e740ecbaab29c15536abd6409bd10e1880a77eeb8a5a88e787051d4fd916a9", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701664216, "uuid": "edcf18db-6018-4e77-ae37-d04e8a143cf2", "comment": "Malware payload (DCRat)", "value": "338bb0b0c25df43c3a65f2d326c3c5fa09427f2d", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701664216, "uuid": "06a3c826-7a37-4840-931a-f92f4e0fadc4", "comment": "Malware payload (DCRat)", "value": "e4effe166584dde03c718ecb251defdb20fc5fe3f6e9633a945a5858c8eca80eb28f92b8a7af46a364cbf25e67f8767f", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701664216, "uuid": "c85a4185-7079-4cfe-8f40-f66f30d3a362", "value": "T1C35627342EEA502AB173FF6D8AE47596D95FBBA33703985D10A2038A0723E42DDD153D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701664216, "uuid": "d97c5133-8e7c-4bc8-8f89-ff9c09a60293", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701664216, "uuid": "9ab3790d-006f-4577-b486-459157d586e8", "value": "98304:xyeUxPQ0JMLyWIvqrhH05I8TderKjHDFUh9HkEXJfw4:xyeU11Rvqmu8TWKnF6N/1w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701664216, "uuid": "f6708645-cf61-41bf-bb68-08fb6fdd7373", "value": 6140928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701664216, "uuid": "d8de1651-4add-4374-ad06-bb8725d757c1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701664216, "uuid": "758e02fa-3eb2-4b75-8290-7ced8d2f7ec9", "value": "280568f45143f46f51bde5e6e158ded1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9e2a8d4-92a9-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701696816, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696816, "uuid": "0187d949-7737-49fc-8454-6bc70ff6945e", "comment": "Malware payload (Gafgyt)", "value": "8897c21552cd66c6a803075ef6515dba", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696816, "uuid": "7600e901-f2dc-4583-83dc-23110199dec4", "comment": "Malware payload (Gafgyt)", "value": "35dfb5d78e05a8fa17106085d2e432d071d6ac595cee0a223516a6798f8699cc", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696816, "uuid": "b393e24d-36e4-4ce3-a491-c0c443f4256e", "comment": "Malware payload (Gafgyt)", "value": "c275c135ce95093b30192d5788d92f53bfdb3d30", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696816, "uuid": "4e05973c-89ba-4908-bddb-f964b1ecc3b9", "comment": "Malware payload (Gafgyt)", "value": "284d01c7ce4655b0c859aca1f95b5e331b55201d8ff8ee6008f39d18201e0c2165c31e5fba36fa4b51457e60dedd6625", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696816, "uuid": "152f7406-7b52-4f0c-ac52-9fc8da52ecfd", "value": "T1A2D3D574F8858367C2D323B6AA8D8A9D3F3156D363C733156A385EB42BC5BC92D25D20", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696816, "uuid": "2bb11a60-3781-4c47-829b-09691ff29b30", "value": "3072:P5+DpiwRuSj7FPFDPGKgSuJCsTXmtxqQ16L7hpQE:w9iwcs91PGKVsbmtxqQ16L7hpQE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701696816, "uuid": "28645210-f0e6-4f55-92ec-ef46cb68806d", "value": 135204, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701696816, "uuid": "48d97290-852f-460c-89ec-e29228a7ed65", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696816, "uuid": "abd82e71-67f4-47c4-a712-9166bcc0253b", "value": "8897c21552cd66c6a803075ef6515dba", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b8c8974-9271-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701672605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672605, "uuid": "a6e1e1cf-af2b-4d2e-93ef-e8dc828b32ee", "comment": "Malware payload (Mirai)", "value": "8820b9cabea38626c192db4d82b641c0", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672605, "uuid": "15b611df-eb3e-46e3-a689-65d687701b13", "comment": "Malware payload (Mirai)", "value": "3619741c30943748bfb03854545de93281d8e17f8c47666afa757b00bcca8893", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672605, "uuid": "75bf7a8f-f713-4e90-a67c-45e355264e08", "comment": "Malware payload (Mirai)", "value": "40ec25cbebbdfa2d167c0b8444b71e1d1311c68f", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672605, "uuid": "1f8762ae-397f-475d-a234-0601e4e473e3", "comment": "Malware payload (Mirai)", "value": "402936f4e953f3ad1a71f03b0cef9d16dbfbc1823079e6a8c4247275b1734468671983c01398dacd1d214f55d254d557", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672605, "uuid": "51ef1fb7-ba48-4a30-a322-8b4ece03d53b", "value": "T172331885B9869A06C6C0537BFA0E83CD3B2A73D8E2DE7303DD156F5127CA92B0D67152", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672605, "uuid": "275b2348-2cb8-4562-96fe-2176d5a60d6b", "value": "1536:7yMC9bSfbKTmJTQm7o/WNpVG+N+jQD7jvn:rC9bSjJkm7o/lcPDn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701672605, "uuid": "c66bd077-287b-4d83-84b7-11406ebe40e2", "value": 54272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701672605, "uuid": "18f2d1a2-3554-4ad5-a15f-e63d3da33fed", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672605, "uuid": "2e762428-9efb-487a-a8eb-d2927471dadc", "value": "arm-20231204-0650", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3fc0d82d-92d8-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Stealc)", "timestamp": 1701716797, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716797, "uuid": "5664d5e4-82ca-4175-b2c0-af09bd47d0bb", "comment": "Malware payload (Stealc)", "value": "11256c0c9cbe83a9c24f810812ddbe81", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716797, "uuid": "74dd5e1a-cb19-4b5d-937c-f4212b9c85d1", "comment": "Malware payload (Stealc)", "value": "36cbd1a77d3e33408109053ddaa12a24f8ec7c6f3660cf5c42705c5018a722ba", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716797, "uuid": "f010106d-227c-470a-8e82-df3b10eaa9b3", "comment": "Malware payload (Stealc)", "value": "51d7a81ce503d5602e64519e834653b04b926b6f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716797, "uuid": "b375f3b6-cba5-4efe-bf01-4a8def016506", "comment": "Malware payload (Stealc)", "value": "cf8404320d4442d989d937a2b69c5e3d70e8e77b3320a33d6143c4cb545e694c5254a25b327f8614786830bf905d2ada", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716797, "uuid": "c81ed79e-f681-424a-9e92-c0f752f5da92", "value": "T1DA55F1085E40C2ABC078F3745B86E17857602EFBD70486467FF66CAB1ABA5DF215E80D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716797, "uuid": "add057b7-3860-4f5e-9840-a80152a00cbe", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716797, "uuid": "f03fe9a9-b2ec-4ad8-b2b0-5de27224f4af", "value": "24576:a6iFa51LsZwt1dZWAKc8bUKDNIEJNUk1yj30ivvE/4U:biFuVZZjKRIETHkjki3E/4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701716797, "uuid": "eb111f85-1dbf-4612-805f-319a1909cfea", "value": 1292160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701716797, "uuid": "edd30a0e-d82c-4b71-ade5-15074d526c7c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716797, "uuid": "45fdaaeb-e5c9-493c-b6dc-006406bcf29b", "value": "11256c0c9cbe83a9c24f810812ddbe81", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6491b2c4-92c9-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RiseProStealer)", "timestamp": 1701710416, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710416, "uuid": "ee221ecd-ec68-46f6-97ea-493529d51354", "comment": "Malware payload (RiseProStealer)", "value": "77e08095bb34defcc49723c18bc74a29", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710416, "uuid": "b937bc38-bbf1-4ab0-a1c6-5b93229bc613", "comment": "Malware payload (RiseProStealer)", "value": "374eae251cc483c76451fbddfbe124a7e414ebd3e13a6aa2c7cbbef5001cf19c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710416, "uuid": "f992e439-2e57-4a19-9b58-b3b1b015a54a", "comment": "Malware payload (RiseProStealer)", "value": "25cc39d9b4bcb9090cfab1744348081c6d8e2b90", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710416, "uuid": "d661175d-c0d3-4d4c-8eef-05d14d25500d", "comment": "Malware payload (RiseProStealer)", "value": "fdefcc846aac59c896fc84eb58d978aa941fa5c581f2c28246f856f168455960c4adf2473b2a1e51cc33ce51a7abd13f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710416, "uuid": "b7e44c3d-a6de-4338-8dc0-0ad2ba202959", "value": "T143658C31FA08D4B6D09210B0916D6A7B91587A322BAF4CD7F3C05E6E41B52D2F235F6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710416, "uuid": "d4641d50-6d6c-4f44-8c3b-10f5759a50fb", "value": "078471ac5a76189ffe465abe0c89c6b7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710416, "uuid": "9adde0e2-ae41-4a04-994d-f4c4e8e9a1c0", "value": "24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WBI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701710416, "uuid": "5aaed045-ff65-480f-94c0-a246e7dfe0cd", "value": 1540165, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701710416, "uuid": "869c7291-23ed-442b-8a54-4dda382e38a5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710416, "uuid": "44018369-3ba4-43e7-97d5-4533bdb98358", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "715c5c1c-9255-11ee-b7ea-42010a9c0006", "comment": "Malware payload (DCRat)", "timestamp": 1701660616, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701660616, "uuid": "c87bbe6c-852b-43c5-b010-df365dda8a09", "comment": "Malware payload (DCRat)", "value": "115185cf7af582ac2fc2fe681a4a142e", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701660616, "uuid": "5f681663-99c0-40f3-879b-76d9e792c208", "comment": "Malware payload (DCRat)", "value": "377f3033cdfdcf4b2bd6b9c2949abcb8d7973c2ade4115d1c622db274bfac687", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701660616, "uuid": "fcf6c9d3-2500-4ccc-b6fa-1b00a4b3809d", "comment": "Malware payload (DCRat)", "value": "fe1be50829297758777a380d94f5b9f369ea4284", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701660616, "uuid": "040921c7-db4b-4db6-a6f5-f2369bff1a11", "comment": "Malware payload (DCRat)", "value": "e4869151a3b8487e7fa745c9ae3e62d88f6bdd6e4df3232d2b0a6233f85a77ab4f59891b89cfd1e34cfb43b09bd57d1a", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701660616, "uuid": "8a285958-86b2-45a6-9c38-c43baeed557e", "value": "T1435627342EEA502AB173FF6D8AE47596D95FBBA33703985D10A2038A0723E42DDD153D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701660616, "uuid": "6872707d-e3a0-4847-92d9-4a2a7fd09036", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701660616, "uuid": "e9020a4a-10f0-4780-a927-bf2e6a1dbf7c", "value": "98304:ByeUxPQ0JMLyWIvqrhH05I8TderKjHDFUh9HkEXJfw4:ByeU11Rvqmu8TWKnF6N/1w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701660616, "uuid": "2e699f43-83aa-41df-88ad-b8e2b084f77e", "value": 6140928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701660616, "uuid": "e5d58304-ad4d-4454-b413-8fa13e26a67e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701660616, "uuid": "ed862ed6-113f-4aee-864a-95ea16dc9131", "value": "115185cf7af582ac2fc2fe681a4a142e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5182e55-9271-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RedLineStealer)", "timestamp": 1701672783, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672783, "uuid": "b610d333-e909-4fba-9664-09b99bda0e98", "comment": "Malware payload (RedLineStealer)", "value": "5b35a461abe74fd7af3331054d680671", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672783, "uuid": "27b989c0-5aaa-4357-84fa-25c8f042bd53", "comment": "Malware payload (RedLineStealer)", "value": "37a99d710fddb47317231a3717387f98d7a0d37ca172b7ad327a9b4af3c73851", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672783, "uuid": "bf764254-d193-4081-94bf-7ef29d4bce65", "comment": "Malware payload (RedLineStealer)", "value": "421cedbc26d138969409a856c0658ac3bc070c5a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672783, "uuid": "f0882510-f170-4ea8-a15e-1695f613c281", "comment": "Malware payload (RedLineStealer)", "value": "58ff8a705b5b5fc34d56efccb0cdd027495345b87e62a347910d35731067c12dc72df4733eb0a87f3fd9866183402a21", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672783, "uuid": "9d97ed9a-edc8-4ef3-ac5f-499d1d86774e", "value": "T1CD569E56F3A02134E4ABAD71393C5F660C283D679B318ADF99D83C681F705C12A39B5B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672783, "uuid": "bd47f7bd-777c-44d6-b99f-3a7f6ba0e988", "value": "5205db193dd7a34e164fac50ec726915", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672783, "uuid": "9ed612ec-4f99-4b71-b8cc-573437fa0227", "value": "98304:+XSeQ6666666666666666666666666666666x666666666666666fwwwwwwwwwww:+WFzeft2SyBg7VqV7/l6iFCf/m+H8yXD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701672783, "uuid": "3a4120b0-dc4e-4a2a-9606-f07c51ca6f7e", "value": 6016768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701672783, "uuid": "39f211ba-d867-442d-92bb-d815da956b4c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672783, "uuid": "a8eccf03-6aef-4b7f-a4b6-bd8bf458d1f7", "value": "videofile-hotel2023-confirmation.mp4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad7d4ffe-92c8-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Smoke Loader)", "timestamp": 1701710109, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710109, "uuid": "d83292dd-b569-4b19-bf22-0724d88d8b27", "comment": "Malware payload (Smoke Loader)", "value": "cb86d4e1383196f58a7f09f7ac04661f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710109, "uuid": "42c92689-7927-42da-bfce-814149b4b654", "comment": "Malware payload (Smoke Loader)", "value": "38850ebcfa36fdfe0041b5bf0b37b28b0a94b828e2107cb947bbd74df3731fab", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710109, "uuid": "7d8d625b-7d40-43bc-bc2b-0a13a532b714", "comment": "Malware payload (Smoke Loader)", "value": "5b1fe15ba6ca3d64f463da94418f4e45b4a4171b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710109, "uuid": "5f7bfb1e-6734-4613-9bd4-fd551fc1efee", "comment": "Malware payload (Smoke Loader)", "value": "e77aa04993c2dfe1b73d194296761caeec53650d90f6814c7f55a82858d42a7adfcbbd2054b7493d6d3bc50b824df0ec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710109, "uuid": "360a5a0a-da97-4bdf-bb59-f9ce34c7fa58", "value": "T17554185392E07D45EA224B32CE2FC6FC721EF5418E697B6A2128AF1F14B11B3D663710", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710109, "uuid": "e03b19e4-6ba1-4451-b344-e025feab08a0", "value": "01f6fc978b1d93c9a83c4aab7e4e75ac", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710109, "uuid": "1054a851-bd62-4f7a-a864-1ba51c6900dd", "value": "3072:FGCPuYXdIDxoNBy5DWImUQBb0HNrABi6BlM95UaTrVZkTkS:cB/KNg5SOQB2pAM6B6EaTZiT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701710109, "uuid": "37e1a755-8d72-4ef7-9c5a-93f86c6eca2a", "value": 296960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701710109, "uuid": "5c9c3677-d845-4231-9184-f79e09edaeb8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710109, "uuid": "46414787-a064-4e1e-88ed-51caf5cf64cb", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7db2c31-92d8-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701717052, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701717052, "uuid": "029b5a67-98b6-4ce5-bdfb-cae36245feac", "comment": "Malware payload", "value": "0d0828ff326f479feb41b6fa5b997d25", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701717052, "uuid": "d8efe271-e99e-4867-8375-197edc2372d3", "comment": "Malware payload", "value": "3904409534d72f057e2805fb140a4a29c90ce2fe7592b67d2f8dd5c869d66768", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701717052, "uuid": "8875851e-4356-4c30-94e8-7e7760713d62", "comment": "Malware payload", "value": "8c49234bb6ceddbd1586d88e3b259c300ad75b08", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701717052, "uuid": "8f1c082f-6a57-4dc9-a5de-1f0109740f7d", "comment": "Malware payload", "value": "8e09c1bdd7ab15cdfbab4ee683d7c378ae295f7af4601c37318fc2038020416e598f04bdc06b386a101aa9be123006e3", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701717052, "uuid": "2b81cf1b-32f9-443e-b9ef-e2b98cab8e4f", "value": "T1F176011AB71EFC0BE263DA3263728D4B772F85F51251E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701717052, "uuid": "d92e8108-6b10-4607-961e-81e36c5c12f0", "value": "196608:grzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLc1F3nswU/Q6FKNcnFg11:2w0pdMGbwBAej2O7nswxgFgz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701717052, "uuid": "e1d5821c-3121-4ff4-85ab-9e0761cb437d", "value": 7332710, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701717052, "uuid": "612fd1f0-0670-45f4-a214-72e879f63074", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701717052, "uuid": "17c99f8b-7bf7-4bba-bf74-2e9660c922d5", "value": "StartPlus (3).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67341362-9294-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Stealc)", "timestamp": 1701687657, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687657, "uuid": "491249bf-56e5-438b-add2-5ac141543f13", "comment": "Malware payload (Stealc)", "value": "6abeafb18a6106dce011ea8bea24f5a0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687657, "uuid": "e47120b0-dd37-4264-af7c-e1b4160c95a0", "comment": "Malware payload (Stealc)", "value": "398a100e685d73c356d73619da5190d0ca35d8b855ecd3e2438850119a53a72a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687657, "uuid": "2d8d61dc-fb6c-4f55-abc2-e99c264e65b7", "comment": "Malware payload (Stealc)", "value": "3c226706208de6e72f46f645badcd99d381edafa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687657, "uuid": "57f192f2-76ce-45ec-a01e-f63f7e355848", "comment": "Malware payload (Stealc)", "value": "b4822f3dfe6b63cc4c388c4722fb61f1c90057a24f4dd1c9d86fbfdee74321bada91975c0feb2d78963cd80402bfd2d9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687657, "uuid": "727ccbc3-dd34-4184-a97e-13e4744ae62f", "value": "T1E754090392E17C55F9268B73EE2FC2F8761DF6518E093B692918AF1F10B1172D1A3B16", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687657, "uuid": "f5323762-689c-4ccc-8c21-4630b473becd", "value": "c6c03f7dc47fd4d28111d0d85135fe38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687657, "uuid": "7fb2f720-099e-4a93-b2eb-4fb14106547b", "value": "3072:95LSGXRld/BrDMz2lxC4iaeVdC98EyY4wrEzeU5oJNbhemOibTUyGTkH:/lJ/y2HC4ivVdCfx4wdJHVOibTUyGT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701687657, "uuid": "2e47dc78-fcf0-4d4e-88f8-6287d9328602", "value": 295424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701687657, "uuid": "cc876c84-6d1e-4bee-a38f-204c0ce454c9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687657, "uuid": "97cc9e89-976f-4bec-8e2a-7a3260f7910f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2db7210-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Netcat)", "timestamp": 1701682201, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682201, "uuid": "a232c060-a20a-488e-b7f1-7d237cd0cb3a", "comment": "Malware payload (Netcat)", "value": "cd7602b5596239c50a93acca1aa8b8c6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Netcat", "colour": "#B03423", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682201, "uuid": "b8392f3e-4c93-4c16-b26e-5b8429ea8573", "comment": "Malware payload (Netcat)", "value": "3a41bf33056876a1643cadd9d9e165201699587a766d6f18ec2a60d5f7a7f64e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Netcat", "colour": "#B03423", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682201, "uuid": "40b69c7d-b703-4516-9e1e-213cbdf869aa", "comment": "Malware payload (Netcat)", "value": "f00ae3fde967ad857073cc711a8de80084098417", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Netcat", "colour": "#B03423", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682201, "uuid": "87b3fb2a-9550-4fb5-bbe8-c023bfc49e42", "comment": "Malware payload (Netcat)", "value": "5490732f3c141aacb07dd3ec8174d0206a688463c8499cc91849b3ee5a4d8ad975680f00cba96c4f0b4e5d0e98b91da4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Netcat", "colour": "#B03423", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682201, "uuid": "508a7dd1-6ce0-4e0c-baf6-8d224c1b6f23", "value": "T1B3032B3BF21644FED11BC2B8AAD61871B0F47C600671A16E63E58A373F39D7497B8541", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682201, "uuid": "56cf08d9-95b6-48c0-9f1b-b4612817abc8", "value": "567531f08180ab3963b70889578118a3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682201, "uuid": "b885248d-32b2-4ace-acfe-456f5ae10bf0", "value": "768:gaGHu/aKUAvRCXA/e6PfVVCJrxg/KKjMozd6jSemG0nf2Fcc5p:CuSzAvRCxmNVCgi+IjNmDO15p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682201, "uuid": "c1ac467f-f218-470e-97cb-b5ea8bb7cbb4", "value": 39872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682201, "uuid": "a3910c29-bb5f-4016-a075-3699bbb433d9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682201, "uuid": "afff981f-914c-400b-9f51-2216c10ca7c4", "value": "cd7602b5596239c50a93acca1aa8b8c6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f92f3ca-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698248, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698248, "uuid": "87de06ba-0f8d-438d-b001-2df34f78d5d3", "comment": "Malware payload (SMSAGENT)", "value": "5d9e8ce2b2e96147d03f30683544eb46", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698248, "uuid": "806a4776-0d61-4545-8246-8d1760bcc5b2", "comment": "Malware payload (SMSAGENT)", "value": "3a4ce30aea819186e4cde6e87ea2639341a158def37e3071512407c464c7b1e5", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698248, "uuid": "c9324455-17fa-446b-9558-2ad5b0608e3e", "comment": "Malware payload (SMSAGENT)", "value": "43c995e1a18b561c7229097e92c4dccd94aae0cc", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698248, "uuid": "3db9e173-7180-4ef4-808d-a5c33853d3f9", "comment": "Malware payload (SMSAGENT)", "value": "3bde919c32377a7ebab3a02dd9958ffb4812ad9daa65a2d03d1c2c589119613151bd8caaef38bc110bb9eac883191b8a", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698248, "uuid": "e722d0c8-9e2c-4b55-9a41-e6a97fa5bfde", "value": "T1FB560175731CF40BE073DE316371814F71E085E51A72E312AB07B8585DABDC4AAAEE1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698248, "uuid": "896c27ba-978c-4f2d-9cbc-720991889be5", "value": "196608:/XDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJY3:7irUVis8O/0giAZ9PDT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698248, "uuid": "437c96ff-8b51-4054-9f5a-d21fb8f2ab2a", "value": 6376380, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698248, "uuid": "1d0c52ee-e986-482d-9320-6b84c61afb27", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698248, "uuid": "63945cec-6f9c-41d4-88f8-982a71050f0d", "value": "Aura massager.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec67c3e0-925f-11ee-b7ea-42010a9c0006", "comment": "Malware payload (zgRAT)", "timestamp": 1701665118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701665118, "uuid": "d8c71182-4418-429a-9c42-959ff905d0c4", "comment": "Malware payload (zgRAT)", "value": "eb71493b8c138d52c8baea7adaae0a22", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701665118, "uuid": "3a8a40aa-e779-4d57-adda-cead0adeefa8", "comment": "Malware payload (zgRAT)", "value": "3a646773608d252c2b742a0f4f74c061d4d282a090c1d39c973cbfe386f3b478", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701665118, "uuid": "2215899e-570e-4728-beac-193b7423a85d", "comment": "Malware payload (zgRAT)", "value": "2ada7d8d3975bae525945b18275f6e7779fbab79", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701665118, "uuid": "4dbe6f83-8485-49af-b093-d9379b91e6d4", "comment": "Malware payload (zgRAT)", "value": "a851d12378e8c569990d752c9ad4a2c18ec032f31bde43c88a9023ea9b26125579068f01a416d7a33b6aa4a93b73f6d9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701665118, "uuid": "059a7fa8-322b-49d5-8476-1cb6554e1fb1", "value": "T13C25CF9523F65A56F1FA0B77A8F756004778F951EFAAD30E118849EE0C62F52CC42B23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701665118, "uuid": "2013c882-7a59-4bef-bda8-389df997d3ca", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701665118, "uuid": "789007fb-ec6b-4d7c-b115-a871820215c1", "value": "24576:b6dl6aVCGlaKNmzxXg6ipHKdyBnnjNd88L:uCa8GUKNmzxQGEd8I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701665118, "uuid": "42c2985a-4c20-4332-a4f5-02aadded705a", "value": 1042944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701665118, "uuid": "6f2a0dda-9c06-4bc1-a1c8-df2db9f428a6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701665118, "uuid": "20ef3064-8cf0-4244-b151-793eb800d670", "value": "eb71493b8c138d52c8baea7adaae0a22", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b28003a6-9282-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701680053, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680053, "uuid": "9e152005-d6d4-4379-b592-e3ce7e941c62", "comment": "Malware payload (Formbook)", "value": "e17bfdb00335c82e738376520e947d14", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680053, "uuid": "59b04f2d-db71-449f-b83a-7eacec5a944a", "comment": "Malware payload (Formbook)", "value": "3b122c70642f05cbae10ce82de96284a1f503dc27c565986f6779abe4aa81dde", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680053, "uuid": "46867df7-a873-41ad-b3c7-5d924167079e", "comment": "Malware payload (Formbook)", "value": "92b3099ad9d5c3a2f5ed867b7b92bcb9983c1f2d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680053, "uuid": "58cbad76-8074-4972-9d11-c56f31facfe8", "comment": "Malware payload (Formbook)", "value": "589cdca648f81975b857702a8ff3f3b3a6cfd6b6e05dbdac7a3718030f72163b90e5422f34baa8b98bd1f020045fb042", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680053, "uuid": "9592cb17-ae28-422b-880f-c459d3a19dc2", "value": "T18674129D70D684ABE97760B7443B8736FBB2645980C3968A0BC07FB7F23144B8916787", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680053, "uuid": "223eb7a6-acad-462f-9a73-da98f3fc3db6", "value": "b76363e9cb88bf9390860da8e50999d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680053, "uuid": "4d26fd6a-f1de-48ab-bcf0-ef96005b6f6f", "value": "6144:78LxBQ/goLeoEULSPF61n7XINFZ7KXViGRb6W/UsCb3O3kr5bgK:R/Jj1LSPF6hqFIXViZsUR3ikFbV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680053, "uuid": "8a7348c6-6da3-4682-8e2b-5e9f6a87f54b", "value": 340424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680053, "uuid": "7cfd5bdb-892c-4256-b081-439ccad69ffc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680053, "uuid": "4ec99282-9827-4275-aa76-9553cfe7bc08", "value": "Request #27520.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8cb4975b-92df-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701719933, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719933, "uuid": "20d240c3-f9f9-4f38-8c53-6dfda798888f", "comment": "Malware payload", "value": "22311cad624e88a1dc76d3063ee05ad5", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719933, "uuid": "eb932577-de2b-409b-afa5-b9a14f9d3253", "comment": "Malware payload", "value": "3c49338a27064d186afe4ce8c74fb7fb65203c058d7f8ec8440770348f72e4a1", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719933, "uuid": "d64a7980-206b-47d5-871a-a93e6e20fd3a", "comment": "Malware payload", "value": "2e9692ae232c63a359b16cc2a6130e6928ed7be6", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719933, "uuid": "9627d4cc-ece0-46c5-996a-b1bbdf7c06d5", "comment": "Malware payload", "value": "e1a8374984ea5d8f3ae47055918690a433f4e908c7656884bc07b88c12e188714c3c32f5db17ed9c0ccfa2ebb3e9672f", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719933, "uuid": "01050216-0703-47c5-9d11-283c06e8af78", "value": "T1E676011AB71EFC4BE223DA3263728D4B772F85F51251E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719933, "uuid": "d08fe534-e0c8-4d3c-ae00-e3a741c825ea", "value": "196608:vrzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLF1F3nswU/Q6FKNcnF2AJ:zw0pdMGbwBAej2L7nswxgF22", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701719933, "uuid": "127f15b2-ea3e-45ad-bbb6-59336583d84a", "value": 7336279, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701719933, "uuid": "9ab1d467-d963-45b9-93ba-259a9c2c8999", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719933, "uuid": "1f984ec2-2631-4bac-8f70-b28a2b7a2383", "value": "poppy 18+ Live Vide\u043e Ch\u0430t.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "37366fa7-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698314, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698314, "uuid": "9208d8b3-dbea-4d4b-b5ce-48071ad8e8d4", "comment": "Malware payload (SMSAGENT)", "value": "adcb1d93fd9cb66a686c569ba9c08665", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698314, "uuid": "7eeb8f90-6f71-46ab-9a40-ef8fd91298eb", "comment": "Malware payload (SMSAGENT)", "value": "3cd6a50f22e5d8efc97cbbb3501b4f531a64c98b2672436445b7c47b69918ed1", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698314, "uuid": "bb20c444-1e28-4a8c-ae6a-54e2ab837693", "comment": "Malware payload (SMSAGENT)", "value": "77aae6fc2a66ca34606210b9a1471d25361096cb", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698314, "uuid": "aba8eba8-ffda-4eb5-b862-326bd192d971", "comment": "Malware payload (SMSAGENT)", "value": "1d15538c38a1865fa5a85ec3dc00e25755e029468ca713cf1205768d14443cea216b0cc918926834d088a3c465f1733a", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698314, "uuid": "3c4f786e-09b0-4e67-8dbb-0b57ef550505", "value": "T193560175731CF40BE073DE316371814F71E185E51A72E312AB07B8585DABDC4AAAEE0A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698314, "uuid": "f24be3ee-8782-4037-bbbd-463e0cc114eb", "value": "196608:/GDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYC:iirUVis8O/0giAZ9PDe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698314, "uuid": "b8d0291e-a027-4187-a00b-8ff307d7eaf7", "value": 6376379, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698314, "uuid": "b99d1765-e71d-4d77-adc9-52498ddd46aa", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698314, "uuid": "d2e60647-c8ce-4298-b8c8-34a0673f304a", "value": "NordVPN.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4147ca5-92a9-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701696779, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696779, "uuid": "45fabad2-76a7-4c4a-bcc1-723dbb297726", "comment": "Malware payload (Gafgyt)", "value": "051d11f46d77396c6b650aa2912b4e86", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696779, "uuid": "38eb5f53-0e5d-414c-b08c-95d990e1d78c", "comment": "Malware payload (Gafgyt)", "value": "3cee803cf0ab4c10d380b7af416c36ac85bcbaae1c24bacf39d9da0b16bd4f4c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696779, "uuid": "a7d3c26b-37aa-42b6-a751-c6e399085183", "comment": "Malware payload (Gafgyt)", "value": "896a1a8a2300b44d20cfd74d1322fe181d05c126", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696779, "uuid": "9bf27139-ff39-451c-ad85-dcbfa8c880b5", "comment": "Malware payload (Gafgyt)", "value": "e78ace2bdcec56922535d20935f0672c82bb91a16174d11975630734789e35b5ad8d88956574613c283d9d635b7121fc", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696779, "uuid": "f3555f78-cfe6-4924-b08f-62dcadf9e80b", "value": "T104D3F774F8858367C2D32376AA8D4A9D3F3156D363C733156A386EB42BC2BC92D25D24", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696779, "uuid": "1b810e67-6ddf-4961-8944-9ef4e6215b21", "value": "3072:t5AH9naiAZfoTPMGVwj/NmMarQ7aimhjkE:YdnaNf4PMGehmMarQ7aimhjkE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701696779, "uuid": "73c33429-984e-4a4c-99da-9915a5a5f081", "value": 142750, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701696779, "uuid": "f642d4df-a72b-4d35-be5c-fac00941d2a7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696779, "uuid": "1b03a1e6-ddc1-4617-8d16-5ce69830a887", "value": "051d11f46d77396c6b650aa2912b4e86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c885e65-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698243, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698243, "uuid": "99ed8635-0c4f-4099-b9ad-3fbb79278b47", "comment": "Malware payload (SMSAGENT)", "value": "a4570e33c76e474fff75bf7e8c78b6f6", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698243, "uuid": "24c7edbb-6c72-450d-a8b3-608b52bafd13", "comment": "Malware payload (SMSAGENT)", "value": "3d9f19cfe81ea156dc913bb0fdeca01808d79b712b6cefd53c55ed79c0ac192d", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698243, "uuid": "303c191d-e454-443b-ad05-3c40db3d307d", "comment": "Malware payload (SMSAGENT)", "value": "e57e7f1f6c5808b2f2781d96501dd903f17d0600", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698243, "uuid": "d6801278-c0bf-4c7b-aa40-9a99749ad500", "comment": "Malware payload (SMSAGENT)", "value": "7b125427770349e7fde247bb079d22d5f1dcb3a67558961bb4bbd150d7f105c1f9cce1f6b2d22d8d975b7d2cd9b36467", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698243, "uuid": "979e3055-efd6-4f1a-a7f8-9656e03b3295", "value": "T11D560179731CF40BE073DE316371814F75E185E51A72E312AB07B8185DABDC4AAAEE09", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698243, "uuid": "456d78a5-03fa-4373-9ff5-8fe9aa667958", "value": "196608:/kDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYjV:cirUVis8O/0giAZ9PDd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698243, "uuid": "6232ff45-a434-45cc-be26-bfef6b18c764", "value": 6368191, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698243, "uuid": "d6015c36-a97e-427e-a42b-c02542a06c08", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698243, "uuid": "a923770e-3a88-46f6-a743-b31239c0d21b", "value": "\u0410VC_(AnonVideoChat).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c22a7a4-92de-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701719529, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719529, "uuid": "ab416869-76d1-4bc5-8b9d-88535f758df9", "comment": "Malware payload", "value": "d0c04043f4ddc151e7be1960e054643a", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719529, "uuid": "497fca66-7e37-4fa7-8a61-c6d85eb13645", "comment": "Malware payload", "value": "3e8ae3e3b4718e65437eabfb40d17ec81ac562839da0c803fb75e64bb980bfe7", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719529, "uuid": "8d739e62-31ef-4c9c-89e4-25476f1faf9c", "comment": "Malware payload", "value": "cebedb87fe9a56cb1afcb52eed66f73ee87cb0e5", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719529, "uuid": "1cddd20e-465e-4703-acc1-c9d330952196", "comment": "Malware payload", "value": "382bd0831ccff4ff9dc174a0ce9f6b57514ab82553ed61da975225cac84e0732593310ce8d43c0c3de152a123343f69c", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719529, "uuid": "bb5c8259-e45f-4e92-9779-05c322741205", "value": "T17EF3EE2F25B06C56F9FC0638B0F5AB1257147123BDE61CCE2D40D93CD7729A372AAA64", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719529, "uuid": "c73f0b0a-24e7-49c8-bed1-a978175ea52e", "value": "4514c46259fb71fea289f87cc46a4112", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719529, "uuid": "48b6ec0a-de25-4bd4-8e9e-1c743d073a7a", "value": "1536:0hJ8ZNB0ahCYsuut5bj4tt2AKy+7Kq7hkGXefJ2srsXvNKDqdOpdtKbU/5vPh2RE:0/8ZNuottY7exHr+dAtKbwYfjOT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701719529, "uuid": "17606f5f-b8c9-4319-b173-df5510502d8f", "value": 163328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701719529, "uuid": "ea1e6ad9-73ba-4213-977b-459d09762866", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719529, "uuid": "2ae43279-6750-4e47-bc58-587e89ea5cf1", "value": "d0c04043f4ddc151e7be1960e054643a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd0e8897-92f4-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701729060, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729060, "uuid": "2bb04200-ac1e-41b5-9493-b79426f268c4", "comment": "Malware payload", "value": "7cb5b2e693a846336c39c2a90d7da99d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729060, "uuid": "e0364ef7-2ac1-4623-83df-74a417cafacd", "comment": "Malware payload", "value": "3edb773e4dd653c165b54f9727524625a85b6d59e48a6b50c8e2a35948e499ff", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729060, "uuid": "c2c198b5-a0c9-48ad-821c-1a2beb3e34f0", "comment": "Malware payload", "value": "7f71fb74e9298de23f373a2dd3dcc4c26aa41ae6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729060, "uuid": "2d99279f-0860-4e42-87eb-2d3da4fc893f", "comment": "Malware payload", "value": "b5cebd0d58d2a8184da38376ade3a938cf0f0de250780c35d295b20e4676dcd639c486157647f4b0aa178769767e9135", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729060, "uuid": "09de4154-470e-43f1-b445-a329a66b0d0d", "value": "T10C82284D7BD9C704D5ED4B7848B3A21043B1E716A932EF9A2CC941DA5873A818E50FBF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729060, "uuid": "bffa5fa3-987b-4a86-8bce-a4f7520f20d7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729060, "uuid": "0343813c-75ac-45b1-b9f6-710f75087426", "value": "384:msDfy1N5A6c76wQ/J1O95acb43vK4oTb7Vnwb0/4wc/jKXuQT:Pjy1cUBcfVne/rKXHT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701729060, "uuid": "b3491143-ec22-4a20-8b12-ecedc87b5575", "value": 18432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701729060, "uuid": "c23ac2b8-58b9-4281-9e45-a9f9cf801ca3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729060, "uuid": "a511fea4-f305-41b2-b6ce-1363fe103088", "value": "SecuriteInfo.com.Trojan.DownLoaderNET.485.29542.11675", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0deecfc6-9280-11ee-b7ea-42010a9c0006", "comment": "Malware payload (DCRat)", "timestamp": 1701678918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701678918, "uuid": "f97f42ac-9275-4444-9e0f-15e363b24aac", "comment": "Malware payload (DCRat)", "value": "a1b70ff76f58cc40a733fd3e84772605", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701678918, "uuid": "a0f634cb-e105-459b-8533-82012eb518a3", "comment": "Malware payload (DCRat)", "value": "403e2b16c82ecf448b9229cd764e8e83cd5e1045146e624393c44886008f1b59", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701678918, "uuid": "92683164-918e-42cf-af60-6f5848bcd218", "comment": "Malware payload (DCRat)", "value": "9922cdc01956fb20563cfdbab3a43c8d5b4a600b", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701678918, "uuid": "3e896515-5c01-4724-b02c-00eda184a984", "comment": "Malware payload (DCRat)", "value": "8c9032a5761ef4da33b8036694a6a7d00d046f9308c264e437ab67d002ffe4d286136a0797a13d73210e915aad752ac7", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701678918, "uuid": "1824d55a-3e2e-4b9e-9e10-36ab145095a7", "value": "T19BC5F1203C94D1B6DEF320B642ECBB2A4A9DE8740F1505DF46C81BEFD6645C26F32696", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701678918, "uuid": "b6896f50-d2ad-481c-9800-7d824d808e84", "value": "cfeb41b4d73f76c62a0564100b564fb3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701678918, "uuid": "8db79a19-b94b-4b0c-a99b-8b466abeeb3d", "value": "49152:UWInXqnKRaFsLFbL94lADx+V+KOm5uXCLIogkDBdUI:UdMFsLxLempvm5cYg4EI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701678918, "uuid": "11c32f35-069d-4df5-b6a9-616591b6c60d", "value": 2708992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701678918, "uuid": "800b8b32-31e6-4edb-bd08-2e8423115d3e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701678918, "uuid": "b154585f-bf72-4b14-af11-cf3c331b860d", "value": "a1b70ff76f58cc40a733fd3e84772605.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "066e3e5b-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698232, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698232, "uuid": "8d7ccb9f-7070-4f06-b664-6c23e45830a1", "comment": "Malware payload (SMSAGENT)", "value": "f53534e66052de162133e876dd004f78", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698232, "uuid": "c1c41826-4c30-49a4-a00d-0ff94ff41958", "comment": "Malware payload (SMSAGENT)", "value": "40aae812d8b526a2e764fcbf0165a058f3ea7becb5f80276b557fe57ec84463a", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698232, "uuid": "986e0050-c694-4326-83e7-830ba67a84e3", "comment": "Malware payload (SMSAGENT)", "value": "77c39600776d4ca4178752f3e6def3dfcae69e64", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698232, "uuid": "069c721d-9e06-414c-af17-0b9cf69ed157", "comment": "Malware payload (SMSAGENT)", "value": "3cf3e83067420d8af533c21e45b2f57bfec4d50b89bed52b5335e3d4e7f38a9318c6bcfdddff73c80dfdbb6cfdf02662", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698232, "uuid": "e99c6ab2-f943-4fa7-830d-870cfd257358", "value": "T1A6179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698232, "uuid": "76461e89-c76e-42fd-8556-6686885e442f", "value": "49152:uuuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvf:Wv+49UBEIIddXHNqjeceFnMI+lEaAgv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698232, "uuid": "96100a4c-e200-4ced-a623-c5cf1648e0aa", "value": 18561417, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698232, "uuid": "451f32c1-0059-4fa6-aafc-7bba63ad32b2", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698232, "uuid": "e05300fa-2bbd-4746-8166-f4f0cc46896f", "value": "ComiCrane.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5906d57-92e6-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701723008, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723008, "uuid": "670f9c0e-b92a-4634-bb4b-59a285616899", "comment": "Malware payload (Mirai)", "value": "0c180e103130cffdb539eefaeeb56027", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723008, "uuid": "4919097c-a0f1-4ec4-a950-67465d81bb8c", "comment": "Malware payload (Mirai)", "value": "40f8449a29264ffb7f6837185e823323b3c4df0f3d5870e1632427172dc6761b", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723008, "uuid": "d9f40693-db1b-48b9-960e-683e6f9d971d", "comment": "Malware payload (Mirai)", "value": "e97040d5e5fa8072ec7c9303399429f0469cb8d3", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723008, "uuid": "5d69611f-caa7-45c1-8f9f-7eff01a445e6", "comment": "Malware payload (Mirai)", "value": "a084d210b01522ecf956e71ff94105ba5451afb275701eef35eaa3d9ef99b28028159f92650e5ae93c11b1598881f0ed", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723008, "uuid": "6a16efaf-b7ac-4783-b09e-7c6f77e24366", "value": "T19FC2D070A6EE2CB1C7500531F7BC66C9BB434F7DEAFE389022414BBA394190529E99D7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723008, "uuid": "1835f7ff-c63a-43e2-ac4d-40a8100cb57b", "value": "384:Elt/koxisa34beDtZwuaCBsk+G9lLSsLYSTFs9u8OtqlrNER7tC3mWvqqhymdGU7:EHsoTAZ3alkXLvFh8nNER7qds3Uozxm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701723008, "uuid": "4f8e03a2-ed69-478f-9391-c167db425f02", "value": 28176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701723008, "uuid": "66299abc-8763-439d-82e2-5f964135191a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723008, "uuid": "4e1173e3-69e3-4e4c-8067-552e74c2e166", "value": "sora.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3e14e8a-925f-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Smoke Loader)", "timestamp": 1701665130, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701665130, "uuid": "4e0299e4-9f25-4ff9-859d-12be29ce2e87", "comment": "Malware payload (Smoke Loader)", "value": "432a7a6b4b723e5d88eae3fe158c6ae6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701665130, "uuid": "8d4b2595-7e8f-4355-93c9-4760b3ade510", "comment": "Malware payload (Smoke Loader)", "value": "4272d50d759608b77e9240a433fc1a4bbf149e8f4cb05d6f89fb53fd73446a48", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701665130, "uuid": "bc6e9fdc-1804-4cef-b85f-02d8b78d760d", "comment": "Malware payload (Smoke Loader)", "value": "a93140d92b0cfafc09cb5eee77399aa693b2de3f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701665130, "uuid": "669bec9f-a279-43e5-b2bc-d841e533c89b", "comment": "Malware payload (Smoke Loader)", "value": "02cb2f2ee39636ebed3f20d9e7b6a05ff65d49850ba66db5dcaff7776fc33f22bd40c5fb90deb23459084a65e2eaf592", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701665130, "uuid": "84c851d4-9266-4e7e-8a12-d43ca98240d2", "value": "T1278518E321E9041AC53E8A3001A192BD07FB6DBE97EB49DBD7C7BD1C6B3494C1A32156", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701665130, "uuid": "28a455a4-14f7-4425-bc76-ec8bbbae299c", "value": "b40453716ee76c427966432a258dc29f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701665130, "uuid": "c0686f7e-f765-4075-b0d9-762d0e091614", "value": "12288:2GcbKnZVj7SRrfZetBO1rgRO6u2TdimrfZetCvmKT6IQViL/MW5bk3:2GcmnZlSRa0uOR2xZnkiYWZk3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701665130, "uuid": "4c49bf8f-1668-4244-85fa-e499a51e7415", "value": 1783176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701665130, "uuid": "4ba21de3-69c5-4b5c-9633-f1e7d41d63c0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701665130, "uuid": "2564a03a-2ab2-4b6b-ab1e-e843eafc8a3f", "value": "432a7a6b4b723e5d88eae3fe158c6ae6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b21eeb2d-9286-11ee-b7ea-42010a9c0006", "comment": "Malware payload (DBatLoader)", "timestamp": 1701681770, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681770, "uuid": "a91b5b80-c690-4c54-9a5d-a495965409d5", "comment": "Malware payload (DBatLoader)", "value": "ed9b76655c361e1511430ef66eb080cf", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681770, "uuid": "a7a64e27-a8c7-4f5d-91df-b64de2195ae9", "comment": "Malware payload (DBatLoader)", "value": "4329c26bb2edcc3b71fc793876133c57a1c0349f5cf8e84e99485c1b7250c5a6", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681770, "uuid": "ed53583f-7f96-4753-b3a1-b0efa6878308", "comment": "Malware payload (DBatLoader)", "value": "92ee7a5de9d63414b0b8bb5df7d6f1d8574f0dfe", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681770, "uuid": "ec444e01-55e7-4fdb-90aa-c92545451f98", "comment": "Malware payload (DBatLoader)", "value": "97dd6f7ee36be0e44bd776fb68b7b41609bff8f3b88c39fa92bbb74feffaf8a4ef475b5105db4adbc94ba5f41eb09217", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681770, "uuid": "776d0e7b-2989-4420-8cac-a12ca24ef383", "value": "T10235AED21ED0D1BDE13E26BA8B4BD2D8482E7F301E6C154935E9D5C80A3EAD3781F196", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681770, "uuid": "bb00c299-69ed-4bc2-97fd-b8b132739281", "value": "10ea1b1ff7d4c4809d2c0a9a6ae44619", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681770, "uuid": "5877531f-e168-4ef7-ad5c-8390673d9935", "value": "12288:RtVsGMuG7PS2wDtCU6NdObmCfRJqKqMQZLGdVNXbUWsK9h9wAPft4:R0hOSNEN5JqKOGvdUWVJt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681770, "uuid": "e0a76193-8395-4dee-a980-4968e445f359", "value": 1120768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681770, "uuid": "77ee4f5c-352a-41d4-90a7-2994707295b5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681770, "uuid": "a054d4fd-9193-4f75-bd8f-3a0f24f6885e", "value": "Scandoc122slip.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1128d352-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698250, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698250, "uuid": "240f8b2f-3f16-453a-a2b9-814885928667", "comment": "Malware payload (SMSAGENT)", "value": "c9e41387310d924def3ce0f635dc2dbd", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698250, "uuid": "2701bf08-ad39-4e55-90ec-e4d09951192c", "comment": "Malware payload (SMSAGENT)", "value": "44696d1e2ff573a4e95a5c2620bbeb6619b749858abdbac4c2f4b71465ec5700", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698250, "uuid": "ca81d4ab-ffbd-4209-b7d2-bcc1f1016741", "comment": "Malware payload (SMSAGENT)", "value": "b1b8776a131bc564edd604d46f770dcea3dc29a2", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698250, "uuid": "06d6b841-77e3-4a3c-947f-971e853cab93", "comment": "Malware payload (SMSAGENT)", "value": "8902a2331fead1e91b1dc4498a34178e0bf110e121f34173a198de1aad85e0d847d552a1c34330515ceae2ef5bddd927", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698250, "uuid": "522f18ef-9da6-4caf-84c8-fa7216f38eb2", "value": "T141660126B71EFC87E063CA3253768D4B772E95F41260FF516A06B0782EABD408D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698250, "uuid": "accbc64a-a0db-418d-a4aa-f72c40cdd992", "value": "196608:D7wTQLxeffSTHbdNTluzn29mZkZY/AYylzj8/sb:D7wTQVQuVuz2sBAYgzjl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698250, "uuid": "93d70585-8fa5-4e28-b644-bcd38264f426", "value": 6693410, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698250, "uuid": "d92bfe29-a219-41e0-9930-630b981b6c3a", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698250, "uuid": "e39b7cdb-34d4-45e2-aa34-c897da696a47", "value": "PhotoFriends - \u043e\u0431\u0449\u0438\u0439 \u0430\u043b\u044c\u0431\u043e\u043c \u0434\u043b\u044f \u0434\u0440\u0443\u0437\u0435\u0439.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1fbed525-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698275, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698275, "uuid": "e2762a70-8ffc-4ea4-b602-94ef381d9d4a", "comment": "Malware payload (SMSAGENT)", "value": "39b0ac3a59775af930f49916df7babec", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698275, "uuid": "cd911d18-87d6-403d-94a5-efd224b0fdcb", "comment": "Malware payload (SMSAGENT)", "value": "454b2474d73de0c045aced8415a75dda36c8a68cb6b00628f942368588784a1f", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698275, "uuid": "e2f0cb4e-5721-423e-8d7b-58aa04bdd9a8", "comment": "Malware payload (SMSAGENT)", "value": "2efd17ed74bc2eb4c2ac6fe3ace76314cdf05a8f", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698275, "uuid": "c4edd8f1-bb15-4f52-b92b-f11e140fa485", "comment": "Malware payload (SMSAGENT)", "value": "324e420e15d5409f04c5bd30196b6cbfb7a2c4724b7815da36ed37613782084a6f6cccc7d80eb381bca740a6cdbbee96", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698275, "uuid": "b326c3e0-1d96-4436-b94d-95aaac36a571", "value": "T1FF560179731CF40BE073DE316371814F71E185E51A72E312AB07B8585DABDC4AAAEE09", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698275, "uuid": "b4154f8b-c3ce-4b77-bd8a-512cc1d2896f", "value": "196608:/tDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYmJ:FirUVis8O/0giAZ9PD6J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698275, "uuid": "09e06ca7-71dc-49a6-8098-9280c6a6adb3", "value": 6364091, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698275, "uuid": "f0e2a351-0af3-431d-9f02-813425a4ed86", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698275, "uuid": "4b97c683-1f62-4ee5-ba86-281ee9d155cb", "value": "ColorApp.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c03afea-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698349, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698349, "uuid": "dbc450b5-f94d-4944-b348-b798b3bd9901", "comment": "Malware payload (SMSAGENT)", "value": "0b004a1d3965d5f5dc236dc655a9e264", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698349, "uuid": "97e1c59d-c7bd-41e1-966c-ca6f38a8da88", "comment": "Malware payload (SMSAGENT)", "value": "455943e2dedfda13b13bb45f670663d5350f0dda862501197c14aa7dc19a70f0", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698349, "uuid": "b4edf6d3-0918-401a-834a-f9c92e55a72b", "comment": "Malware payload (SMSAGENT)", "value": "ec26f9cc3cbb71de0f89a17e17611082d1a032af", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698349, "uuid": "f5fb6ff8-731f-485a-aa58-934112eec68d", "comment": "Malware payload (SMSAGENT)", "value": "ba997ef49d673b97ef16cb7e94a78ad56694932a6f3ac575597259fa8b9f1bc47b0745a7e243d7dfa7c6dc32416a8eaf", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698349, "uuid": "1072b21c-809c-4260-adf8-b0ac6040fdf9", "value": "T1EB560175731CF40BE073DE316371814F71E185E51A72E312AB07B8585DABDC4AAAEE0A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698349, "uuid": "0b8279a4-c085-400d-aa62-04182db39298", "value": "196608:/8DGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYM:0irUVis8O/0giAZ9PDQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698349, "uuid": "6f5fc6d2-4392-4c4b-b07b-d0992b18a146", "value": 6364094, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698349, "uuid": "6257ca07-af7c-46ec-a391-6712e67f746d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698349, "uuid": "254fe459-da6b-43ba-ae57-a32b68909ba1", "value": "\u0412\u0438\u0434\u0435\u043e\u0427\u0430\u0442 (2) (2).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48f0e173-9294-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701687607, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "e16838a2-13fb-4aaf-bbc2-5c2c5281532c", "comment": "Malware payload (Gafgyt)", "value": "7104eb906d818b67b731bfa2e76489d2", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "ed10f542-6824-4808-bee3-ae6dc7d48360", "comment": "Malware payload (Gafgyt)", "value": "4559e20b94f443de75d2a5acc3254ac84e60b2e3a3137dcffde2a670f42f11f2", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "d7a14b26-16c8-4edb-b288-adff44d9ee90", "comment": "Malware payload (Gafgyt)", "value": "8a4964b8dfb0ec01a721de5ca73c7b8ab3b4f417", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "f2c78b3c-144e-4931-be9d-f472e2d2fdb1", "comment": "Malware payload (Gafgyt)", "value": "85af152e2c7ce3a286298fafbd8ab4970200d677c3987cb63c793edae47978c6b0774c1cdc53f557e9ef0fbb95088240", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "40d7198f-c504-46e0-9ad9-eb77f1dd76d2", "value": "T1A224103A6926E73FD1A9DDB59BF27EA28649B1831A818302F1DCD10D0DF558C285FEC4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "d4a35989-86bb-480c-b444-b51348059343", "value": "3072:SQ2jvRDJJrh19DvroT7cC7GmLW5IBmMUb4F0soMcXV:85DJ/jETrRLBmMA4F0soMcXV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701687607, "uuid": "053d3c93-9f66-4b8f-b354-dd40fc6e5f08", "value": 223210, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701687607, "uuid": "643c9cdc-c8fc-4e01-9968-9624151b1cfb", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "2d38aa5a-cc92-42b3-bfe0-4e9c44bd686b", "value": "bash", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76e691ba-928a-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701683389, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683389, "uuid": "caaa9bf3-2abb-48e0-850e-14f50ba54af6", "comment": "Malware payload", "value": "0d9793b49a381d89cf2590d3067ecfc8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683389, "uuid": "918fdcbb-5705-4a74-8daf-27ff4a315c58", "comment": "Malware payload", "value": "45b3c775614c72a8e66493a5d156996fcf6e763d955f341effbb16dfeeaf7c12", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683389, "uuid": "07f2a660-fff8-445b-8db5-a8d69752a19c", "comment": "Malware payload", "value": "51e2d73115b85dbde4e5297ee08b2ac23a8a693a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683389, "uuid": "c33afda0-8089-4147-b591-1bdc89ee0638", "comment": "Malware payload", "value": "59d5f4a7851420c09214274fef4d15256b2976a6c03625512b74898d0ac69ec60bf8e0a0f6bd72a16dfeacd8c255c1c9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683389, "uuid": "e89f883f-2c53-4e8e-99a6-31de82880976", "value": "T1BA84A492A679240ACFB9683AC3737CFC56334C39A557059056F83A2D4BFB5C27990A0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683389, "uuid": "69981565-23cd-4c9b-9741-00018b56f528", "value": "6ba8b6c0037670fc1ddac53b088c0908", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683389, "uuid": "0ad90fb8-8f16-4fa2-b2a4-6da3580c2761", "value": "6144:KoSseYQC0VcJZWE3t42aOts1v8scSx0gC7MmmAP0szepeaVfdYEv:KoSseYQC0VcJZWk4MS1v8sPxCAmmO0s4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701683389, "uuid": "be11b9cb-d4bd-413a-b420-c1be0571af03", "value": 387584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701683389, "uuid": "69dda424-e314-4292-a0a5-30a22283a43f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683389, "uuid": "4c5e2995-0596-474d-bcdb-c7df7f9032e0", "value": "0d9793b49a381d89cf2590d3067ecfc8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40747135-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698330, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698330, "uuid": "3e799c68-0093-4dcd-a522-9a69b8893a70", "comment": "Malware payload (SMSAGENT)", "value": "6de88180110d3806f95b7f3b5fdb35a2", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698330, "uuid": "3032c385-09cd-44ef-8da9-ba1491189b23", "comment": "Malware payload (SMSAGENT)", "value": "46bbf5cfaba3f28f7139b4b78b5e50316723bc5c382738c486ae2538c2192287", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698330, "uuid": "e004ba7f-e8c5-42d0-ac16-0832237a6e4a", "comment": "Malware payload (SMSAGENT)", "value": "d139bd25a9f6386f1095de49c380c4e0f0846cd9", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698330, "uuid": "57294352-8376-4d4b-870a-f6ee91c9fba8", "comment": "Malware payload (SMSAGENT)", "value": "4fa358face4d63156438adb3eedfc94bc788610491cf678147890314f40238365b7d6836a00b353c8a9c01fc5878ed96", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698330, "uuid": "6a52ae5b-fa2a-4403-aef3-597dc4755d05", "value": "T18C660126B71EFC87E063CA3253768D4B772E95F51260FF516A06B0782EABD408D1ED09", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698330, "uuid": "3c31151e-a477-4dc4-9bb6-32758dc45eb0", "value": "196608:oZwTQLxeffSTHbdNTluzn29mZkZgAYylzj8/sgoYG:oZwTQVQuVuz2slAYgzj2oh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698330, "uuid": "cc63f852-6ffe-4279-8d16-f79905733d1d", "value": 6686193, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698330, "uuid": "7f68a90b-8e0a-4ce8-a64f-9f667eb91118", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698330, "uuid": "671415f9-dc55-42d4-8289-ee81ee941eea", "value": "MapX Mobile.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a4138ce-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698319, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698319, "uuid": "1a116b9b-4fca-40a2-8c0c-91404487915b", "comment": "Malware payload (SMSAGENT)", "value": "c6c4850412e6c95847385ba50ae1dd97", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698319, "uuid": "26a2c5f8-b3cc-4e2d-bcda-39c5949f1a0c", "comment": "Malware payload (SMSAGENT)", "value": "4765e8f2f84eef6046ea2e9185ab320a1fda0bd5a0af833e94cb4c380c73632c", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698319, "uuid": "44cfcc66-8a70-4e5b-8337-b73a2ae0a600", "comment": "Malware payload (SMSAGENT)", "value": "6636166395b1265e733e3df9e1606f47200c49c2", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698319, "uuid": "0b06f518-7de7-4869-9832-24b9d8e44727", "comment": "Malware payload (SMSAGENT)", "value": "c428b6676bf89509243f11877e020c066d2cf1a0b8111f0304e671375d5d6ba087f9d9b7d567a010c7b7edc66cad01a7", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698319, "uuid": "c93da57f-6a02-4c8d-a998-43e7e0c3568d", "value": "T1D966011A775EFC0BE263DA3123728D4B772B85F51360E3116B06B0686FB3D448D6AD1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698319, "uuid": "8a45729c-a376-4fd4-853c-5ce6f12ab2df", "value": "196608:1yoEI25FawilQNbk2fwDBEEAZ9J9DCJYQ:1ZG50qJkjdAZ9PDs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698319, "uuid": "9c4bebc7-f9d0-4f1e-b872-59a1271eaa94", "value": 6699954, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698319, "uuid": "2929b9fa-f39e-4928-8985-b767f06ba254", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698319, "uuid": "ff21da68-ecdb-4bc5-b886-13fcdebf37c7", "value": "\u041c\u0430\u043d\u0433\u043e-\u0432\u0438\u0434\u0435\u043e\u0447\u0430\u0442.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "594907e6-92d8-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701716840, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716840, "uuid": "5d4a1286-21f2-4dc8-ad30-943f9adc7424", "comment": "Malware payload (SMSAGENT)", "value": "1e2dda0e302a49c71e06f1c214128025", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716840, "uuid": "d99b9aff-a184-4a4e-958c-78eb716755b1", "comment": "Malware payload (SMSAGENT)", "value": "478878c5c0c85ad9aa6e5f54f10fe29dbec9ed2acd5cc90c104c1e32c657752d", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716840, "uuid": "0eda2d20-9434-4c65-a453-027ed771f3cf", "comment": "Malware payload (SMSAGENT)", "value": "4437823896ff12fdbaf208a6cc3e79662b73a959", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716840, "uuid": "a6b33a0f-b7f2-4c4c-8cd8-309ec536f578", "comment": "Malware payload (SMSAGENT)", "value": "22a1a3566b360effa3bb5e09d2518821733642a2ed19727eb5f776a502c39768f3badd6cb02a6a70b682984b83757239", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716840, "uuid": "1d41c19b-9a8c-45aa-9c37-9ee58ff12fc0", "value": "T1E876011AB71EFC4BE263DA3263728D4B772F85F51250E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716840, "uuid": "c06c8df2-acca-41b2-bbe9-7e46727616dd", "value": "196608:XrzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLI1F3nswU/Q6FKNcnFD:bw0pdMGbwBAej2W7nswxgFD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701716840, "uuid": "2347700e-e49d-4384-9495-c671c3c6caf2", "value": 7339350, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701716840, "uuid": "673f5813-1d38-44e1-943c-700e99966a09", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716840, "uuid": "c8cd8bee-40df-4162-b208-840167f4bafc", "value": "Girls - \u0412\u0438\u0434\u0435\u043e\u0427\u0430\u0442\u0438\u043a.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69d6fb7e-92d8-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701716868, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716868, "uuid": "2851fad4-3961-4693-a3ec-d014bd227c63", "comment": "Malware payload (SMSAGENT)", "value": "91d137e2dcd6344a129affb3c397f434", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716868, "uuid": "a42a1203-7e9b-4055-adae-66b86301062b", "comment": "Malware payload (SMSAGENT)", "value": "47b968aa3ead30c2dd85ba297acc2621d2cb89ef2fed731103ed285e3c8b0da5", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716868, "uuid": "f7fcc1cc-cfc3-4033-b972-083412a414ba", "comment": "Malware payload (SMSAGENT)", "value": "cfab70ecb4ee55984269ffa42583496c3cd373e3", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716868, "uuid": "1998035b-ca71-4052-bdee-f5c8b7301856", "comment": "Malware payload (SMSAGENT)", "value": "9db035e63395c71a825ed2f18ad14923359fe9acc3040d430224ce40ac4e1449ae8d9524cda794a230e07fe2cd5df85c", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716868, "uuid": "2c1efb92-2840-4d9b-9a64-24fff802db5a", "value": "T1B776011AB71EFC4BE263DA3263728D4B772F85F51250E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716868, "uuid": "64095d16-c122-4700-abc6-bcca4d0e5622", "value": "196608:krzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLF1F3nswU/Q6FKNcnFJB:qw0pdMGbwBAej2H7nswxgF/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701716868, "uuid": "bf3efec8-551c-48fc-a9d6-185ce7418f98", "value": 7327466, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701716868, "uuid": "a802d9a2-5b3d-46bc-b41a-ab77aee5f2bf", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716868, "uuid": "b3be9f28-c2fd-4f57-8834-b868b17a110c", "value": "Video_chat (2).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95fde7c9-92a9-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701696755, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696755, "uuid": "1058a968-9032-4b33-ad2f-8df386553c0f", "comment": "Malware payload (Gafgyt)", "value": "e49f00542b226a6b15ccf16850d4f12a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696755, "uuid": "4ee04927-febe-4fe0-8c59-36ea14c75ece", "comment": "Malware payload (Gafgyt)", "value": "47d45552ce9a0cdc1c015ae5c6431756c721909a79fa8bb6917eb601b13b8c6d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696755, "uuid": "20899512-db1d-443d-905a-89a1ce5d3f70", "comment": "Malware payload (Gafgyt)", "value": "b6f8a54e721a2e221f74308f88a0cf75b6e07904", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696755, "uuid": "31fe5762-d274-441c-b150-d2769584203d", "comment": "Malware payload (Gafgyt)", "value": "b841a93f3ce408de25756e1a36b22a4727f61afc768372fe75ff6e22b3c93d2ef4783835e4bac9418cfddb1cad8486ce", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696755, "uuid": "cb33ec0b-e247-46bb-8d3e-ff20371b72e0", "value": "T19DB3E871F741C2B3D0430672129AAFA61D32F6F7278BB50AE3682DB48E5A1C57912F5C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696755, "uuid": "821c06ed-1e33-4fca-85f7-a442e53d83ec", "value": "3072:ZdsWltUxUCglk/vbbpfCYkE5MBRmKVVP9rKR+1O:MS2joufQE52RmKVVP9rKR+1O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701696755, "uuid": "5255f16b-a3f7-4639-8238-051b527f18e1", "value": 114902, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701696755, "uuid": "882d3e8b-c592-4327-89b0-94ec362aded0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696755, "uuid": "6dee7093-6ee4-4b6c-b867-6825e5f3ea99", "value": "e49f00542b226a6b15ccf16850d4f12a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dcba4446-92da-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1701717919, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701717919, "uuid": "5cb17cb2-99ec-4065-8448-4baacca21318", "comment": "Malware payload (AveMariaRAT)", "value": "8c0af62b57c7743b4c1bee0f70bb2d8c", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701717919, "uuid": "f0240e15-b50c-4700-b50d-0252dfab5c57", "comment": "Malware payload (AveMariaRAT)", "value": "481b72aa3cf2a5cbab6a9fcec85d16b7b9afe032e96bbd84653b3214cc02a116", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701717919, "uuid": "324eb65a-ab2f-42bd-a7bf-34bf5e47bcc7", "comment": "Malware payload (AveMariaRAT)", "value": "2c50269fdca0f5cfb50a8691b0351486355e4f33", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701717919, "uuid": "9c46897d-94cf-4d5d-a02b-6db720c20219", "comment": "Malware payload (AveMariaRAT)", "value": "603428b2c84886e733e2b786fdc0a23cee077bc9371a9d6279c24b6b3c82b4a69554fd5a9fff6b97c792a6cd7949ece0", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701717919, "uuid": "0f4417c9-8fed-49b3-82c5-c0271cd79605", "value": "T15B611AB481491BA1E2BB5479DD887EBD03F47963CFDB0DA627ACE6600C73229D835E04", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701717919, "uuid": "4f4473c7-dee8-4fec-9492-b09474d5007e", "value": "96:U1yCZlh9Fq8CPBn+fJYxvZqCkxAw80DIbU:+yCbhLq8CPwW1U7mw80DIbU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701717919, "uuid": "a3e2546e-4284-48f5-acd0-1fad16cc2d97", "value": 3285, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701717919, "uuid": "5955801e-173f-48e5-b93e-8ecc0f31fc05", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701717919, "uuid": "69fb4c1a-f38c-43ea-9801-a46d3cd1f1ec", "value": "SecuriteInfo.com.Exploit.Rtf.Obfuscated.32.30712.31877", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc2d7132-92ae-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701699074, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699074, "uuid": "33af6f73-f9f7-407f-a847-4b102c14f1f6", "comment": "Malware payload (AgentTesla)", "value": "2b30f0ccd92928eb9bf8e18a3e7146df", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699074, "uuid": "8b01d997-00cd-4855-b2a9-d47b99475e6e", "comment": "Malware payload (AgentTesla)", "value": "48363aae8da413d26123fd250d665bd9bbb2123a233725d15aab0e9b9424d560", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699074, "uuid": "0b0419e6-c41e-4fca-8cee-fefa91f59f86", "comment": "Malware payload (AgentTesla)", "value": "5ff864bfe73d8d8ce236763de7b4ba77a967570b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699074, "uuid": "01c71ade-6195-4ef7-af68-4a79b84ffe92", "comment": "Malware payload (AgentTesla)", "value": "c63a4a3f540195aa6f484f5ab1641e58f3461189a1e53004eb71ba87ab69873bc956891268574f5ab9174d32cc08bf7b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699074, "uuid": "b4fa503f-efa9-4ae9-ab2b-2c109680aac4", "value": "T169052261722ADF2BCC7983F1E53A914423F17E6939A1E14E2EC232DE06733519E11E67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699074, "uuid": "1fae255a-d8ce-48e3-9853-3ed76664bfc9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699074, "uuid": "ead12eb6-76e8-4168-87ca-c5ad081630c4", "value": "12288:vW0tW8G34/uK45+po2YnBlBfdA9sCOGMGb6ikxAfzIwJ+FupSh5qA1AT2z3/:s34/up+pJ8lBwsCOGF6i7JdpSzqcz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701699074, "uuid": "e1679b6b-3bf0-43f0-bbef-3e58d896d94c", "value": 834048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701699074, "uuid": "b62957c3-bfb0-4808-94a3-1be28d5f7e39", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699074, "uuid": "0aed286a-31db-445f-a75c-3407bedb13a2", "value": "RFQ_SP_301123_PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd557007-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (GuLoader)", "timestamp": 1701680930, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680930, "uuid": "48b086f9-6143-4a3d-b1a6-aff4648d8dfa", "comment": "Malware payload (GuLoader)", "value": "8f64113dc9e19be7417016a0baf25656", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680930, "uuid": "49b1931e-e028-40ce-acaf-94abf42e0e25", "comment": "Malware payload (GuLoader)", "value": "48927c22a54bd0c732fa641f180bd3a5dd5f85566c6e63f4def63a99f0aa71ce", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680930, "uuid": "efb1e176-31a6-4ee7-9f09-250afa89a8e7", "comment": "Malware payload (GuLoader)", "value": "e86967e1246b3197d1140a85322795d8a1d59641", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680930, "uuid": "7c6faf89-b036-4552-83a0-b5c49afe7e42", "comment": "Malware payload (GuLoader)", "value": "0f541819a7842d6cafd46ed1fde9bf08be59474062ad9c1f05cba1636aff95cae62a48be58fe4fc96249d81a816533c4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680930, "uuid": "0e38b785-b6eb-40fb-b331-b847126d8726", "value": "T1E0151293F31C8496D4360B711CBFC9591637AC74AD92890F22D87E29BFFA3425C1B85A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680930, "uuid": "2c16d011-334c-45a4-8ab2-18cc1ff6848b", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680930, "uuid": "75499439-f098-4c80-8328-6fbc50d3043b", "value": "24576:Xpp4VFAqWu63LfK8Gx6ajNlHgKUKV3hIgnY:5pOauoG1weNl15Cgn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680930, "uuid": "89705960-5341-4e6e-a6b7-41f2e415f71c", "value": 957672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680930, "uuid": "24b42cc7-7e4c-4536-9e34-c5fb3211f9f2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680930, "uuid": "6acd35fa-9c50-480e-bf0f-59be1ae905d3", "value": "swift mesaj 2023.12.04.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94c39190-92d6-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701716081, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716081, "uuid": "84f26a44-9247-498a-a0b5-fd6db42ecb4d", "comment": "Malware payload (AgentTesla)", "value": "c74873ebdfa9adb3a07c72fedd70ed5c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716081, "uuid": "ece0669a-d7ca-4da6-8088-3060eac7d102", "comment": "Malware payload (AgentTesla)", "value": "497bf18f3fcb0080d21c8f9a98a054bdbcfb7da1fe1c93a28bfdb8b84560b10a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716081, "uuid": "a8d54d4d-4668-4d66-bcce-71859f27c0c6", "comment": "Malware payload (AgentTesla)", "value": "67a322f8f715f8d5e347efeb5fa25efd98a7b229", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716081, "uuid": "4fcab23a-100b-4911-8f7d-df208daf89f2", "comment": "Malware payload (AgentTesla)", "value": "3ced090b502e97e6880fea6563c61459a4e065f6f9d34bdfa84983f22ebde46b848c2d79ec1fd13918dbae29dce40e6b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716081, "uuid": "a4139f80-2231-4978-8b54-dd39e5be1089", "value": "T1F2F41266B2B1D72AC8BA43F0EA3E624403B1BD393466E24D5C8735DF1932B426E51F17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716081, "uuid": "1940bc7f-47b6-4a88-8484-0363e7ebb879", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716081, "uuid": "c615133b-5b52-4f90-b1cf-429483ce3b9f", "value": "12288:5WBCMtW8G34/uK45+po2aWRl2w63HyYNMpWAOgaNn6b+sZJzHh+gekeFqm6y:ii34/up+pJ3lj63HDNEWAOgen6isZ1He", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701716081, "uuid": "82712b3b-f0d9-407f-ad9d-43b95f9ea9ee", "value": 757248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701716081, "uuid": "7fabb084-3652-42d6-8ea8-9b1709185335", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716081, "uuid": "e2102848-c734-4ae8-b837-f7c82dd71a68", "value": "LAM CHUAN.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6f9c029-92db-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701718259, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718259, "uuid": "af91c4dc-f3a7-409f-b9bd-189a4467fcac", "comment": "Malware payload", "value": "a9f7f62aea871c0f0ffcc892fcc86908", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718259, "uuid": "eb9e73af-802c-4dde-b907-b3314d5c654e", "comment": "Malware payload", "value": "49e026d56ba8538be5ce641c0200b5b9c201d5dbf4aa54c5f78f9ef10779fddd", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718259, "uuid": "0b96376e-2c70-4d76-a56b-7464aec6a4a4", "comment": "Malware payload", "value": "f5f7d4772c0ffd3ad0d60fd644692f476e0e9f5c", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718259, "uuid": "93e22e57-3dab-4431-a59a-b9a19066198c", "comment": "Malware payload", "value": "0f1afae02655dab1af1368a725793574ff8cdf0b04c3ba38dc83f9e19189ecc82e85bdc0f4514ddd47f8d13a4993f7cc", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718259, "uuid": "a5080a3d-85a9-4340-99ba-9312e99ba777", "value": "T16476011AB71EFC4BE223DA3263728D4B772F85F51251E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718259, "uuid": "e5bfc9b1-8ea7-40e7-b5f9-a733000eda63", "value": "196608:ArzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLd1F3nswU/Q6FKNcnFRDB:Ww0pdMGbwBAej2z7nswxgFv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701718259, "uuid": "6b45561c-72ee-4034-94a0-f88ebf17a4d8", "value": 7341695, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701718259, "uuid": "1f8a77d3-7cde-4d34-b8ca-9a67c7e2e598", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718259, "uuid": "e8ad9c6a-f8fd-4a76-8905-503fd9b4c67e", "value": "Myph\u043et\u043elife.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "995b17e6-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701680870, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680870, "uuid": "fd0f5147-5e9e-4b9a-adc1-da28bfd36bf1", "comment": "Malware payload (AgentTesla)", "value": "c43d682702a87692466f6408a0c07940", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680870, "uuid": "729f783c-4049-47fa-b971-9f362a45ca9e", "comment": "Malware payload (AgentTesla)", "value": "4a7a6ec0cd99d2da72908fb02039f53ccce070f1d4562c9cc7e16b035bc963c8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680870, "uuid": "2943c191-f623-4c17-989a-6cd5dd3a1751", "comment": "Malware payload (AgentTesla)", "value": "94bbb628c5610add58fab1eedc38d18d69a7c9e4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680870, "uuid": "acf51b46-1543-45ff-b86a-0ec9fdcfa0ed", "comment": "Malware payload (AgentTesla)", "value": "a69bd14e4ac975ae7b38ad2331052f7b0f2167fca8b15e461162965efab25035dc56b04a083e0c3bfcef1dfb8ebd3a74", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680870, "uuid": "9d2cc22d-3f5c-4727-b7d9-fb6d25912fdd", "value": "T13AE4F19C3950B5EFC957CE7689986C20EA50B877531BE353A45322DC9A0EAE7CF140F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680870, "uuid": "f7494234-89ad-4001-939b-d814b8bde15a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680870, "uuid": "8bb9b7aa-fd9e-40ce-b91b-89b9dfbfbb71", "value": "12288:yDWqcP45+po2OME6rETuhb2EA3kmZ11o9z0YfXT0/nZ2E0LjeCfWHCr0wNy9WR:Kdz+pJrCy7mP1oTXT0/MESzr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680870, "uuid": "5a9bcf58-2be8-4c67-9e85-a4d5786974e3", "value": 715776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680870, "uuid": "ccec4aa4-0a87-4ec1-b654-e0067c601693", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680870, "uuid": "1f59e4e9-f4df-41ac-a9cb-b97050e59cb9", "value": "Order 1204230034.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a7a5f16-924f-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701657867, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701657867, "uuid": "f066dd6d-ad95-4028-8253-738846d323bc", "comment": "Malware payload (AgentTesla)", "value": "9caffcd254391a3282cb59565c19fe06", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701657867, "uuid": "3209daf4-1e4a-43b0-bc5a-401be47368cf", "comment": "Malware payload (AgentTesla)", "value": "4afa99f3b34877cefef636c3a1f4a4360c06df2c31352a9852f30631f20e5bbe", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701657867, "uuid": "081a1c15-7f58-40d7-b21d-21be402e8768", "comment": "Malware payload (AgentTesla)", "value": "c87bf6c1988179062fa05833fa807b3056374c1d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701657867, "uuid": "48855833-6e27-40a0-b2ef-407fc0dfb648", "comment": "Malware payload (AgentTesla)", "value": "2d3774ea41a210702071b0cad10ecc177f78019186a5343a893f300b590f90c70578e4bb81fc7072407d27f982182fe7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701657867, "uuid": "2dea779a-ca2e-48a8-b0a0-7b96f7ae89c2", "value": "T101E48D027384DF21C52F15B6C8A3C6F81727AE40DD04A7DB76C5FF1A79F22AA6952483", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701657867, "uuid": "9d7ec552-33cc-450a-8fdf-09cbdc3faef2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701657867, "uuid": "e0762068-d26e-458f-93e9-dffca9eea62a", "value": "12288:IVi20xAn87LdAIHBmw4YmiqNKLMWozBY3DQl4:Z2gh9HBR7LMXBY3DL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701657867, "uuid": "84792881-0bb3-44ef-a07c-c3a57db0ac67", "value": 711680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701657867, "uuid": "8e67af32-f358-47f7-94aa-31de532b0cf2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701657867, "uuid": "d4443000-878d-4f08-8234-b975c9b820ad", "value": "SecuriteInfo.com.Win32.PWSX-gen.23026.7620", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e122e2a0-9295-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701688292, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688292, "uuid": "016b46cf-e551-4df0-9226-e802bcbb6ea2", "comment": "Malware payload (Mirai)", "value": "a844878dc3aabb40d7459eebc0fb4f9c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688292, "uuid": "1dd90eef-8c0e-4615-8fea-2e10ffa18541", "comment": "Malware payload (Mirai)", "value": "4b1a739da6507b6017e2ac914c4e705c52017d5cc83d6ffeb2588b9798c57468", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688292, "uuid": "b7f581e6-d0f5-48b9-938f-18521b795a7d", "comment": "Malware payload (Mirai)", "value": "edd2ee74a24a01c9ac2e130090d46f70179bf2cc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688292, "uuid": "0239ad5e-c4f0-40ab-a0dc-76ad500d6dff", "comment": "Malware payload (Mirai)", "value": "56bfe523fa1d678184de380b9182076a19afa73231038c6d40cf83cb31a4d06b2a8e407a0a044a429ffed7f9d256ab37", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688292, "uuid": "d8c52278-99d1-42eb-9813-b15b38c717c4", "value": "T177D2F0AC7986A1FBCCCD8B39B65F607A304EB4E971F28322B346C5435B5B240D922D4D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688292, "uuid": "648140da-9522-499b-8cab-c5215821d4d4", "value": "384:Mxd/PxEDLd2TwcMzP6lowYcEaqsY9WC4t0LomNw2XYyXhUEhSTwde4WNyH:WlxKd2NMWxEnsY9OQNwqrhD33H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701688292, "uuid": "0fdb4b0d-ce49-42dc-ba96-ae368992645e", "value": 29456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701688292, "uuid": "498a7877-05be-46b0-8891-e0e54d8b7f4d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688292, "uuid": "4e3ad9d3-83fe-409f-886c-8c69b98be033", "value": "a844878dc3aabb40d7459eebc0fb4f9c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "53a9721e-928d-11ee-b7ea-42010a9c0006", "comment": "Malware payload (DCRat)", "timestamp": 1701684618, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701684618, "uuid": "a6f59838-a76a-4e6c-8b50-a2dd4646fbb1", "comment": "Malware payload (DCRat)", "value": "a457dde0fa790f976b97320fbfd4bc97", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701684618, "uuid": "a09c1ad6-a63c-410a-a362-fc0e7bea08d2", "comment": "Malware payload (DCRat)", "value": "4e7f4dfcec36aff9c423f49609a7ef86bab29a0e9c914579f76c3840288091ee", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701684618, "uuid": "cc0e3de8-58c3-4651-ba14-5551d7ba946c", "comment": "Malware payload (DCRat)", "value": "97797ffd490394755c43e5c1eaedac63149444d3", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701684618, "uuid": "b33f4676-50c8-49d4-ba4d-bc1d3e7f7df3", "comment": "Malware payload (DCRat)", "value": "21a3bb34c07102d5743cc08a86d9b9b90442e33bc942731b8eeba594a43a8653f067e57d6adcb90e2c4895c67a228a9b", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701684618, "uuid": "b87a05ce-9472-44fc-8f00-ca42581a248d", "value": "T15875021423ED4A19F1FE6B71D0B34155A7B5B89AFA7EDB0E1C80A19E2832394DD00B77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701684618, "uuid": "85feb817-2ec6-4299-b3e0-e079f4b264c4", "value": "069407361307fa34b23ade96ab2d8363", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701684618, "uuid": "86891786-dcad-4133-859f-87b6e7fbc2d1", "value": "49152:7mu6MtJSShwzalGidhn+7whDBXBSL8Bl4:ea6cGidhXDBxSo4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701684618, "uuid": "5d76716d-4097-4ece-a90c-981a28ca756a", "value": 1684639, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701684618, "uuid": "5f9374e3-611b-4a70-ba6e-aa9f72bd8963", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701684618, "uuid": "56cc77ed-0496-429a-a910-fdedd4f91b0a", "value": "a457dde0fa790f976b97320fbfd4bc97.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a7ac919b-9276-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701674881, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674881, "uuid": "5b4344f5-c6fb-42a2-b48c-62257798ff84", "comment": "Malware payload (Mirai)", "value": "080ade50438b76ca746fae7742ed28f2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674881, "uuid": "717d0673-8271-47f4-a139-bbf736b600fc", "comment": "Malware payload (Mirai)", "value": "4f5d24bad0144e64ef63b2a8b9fd471f9fbb5c30f51a10989daa2791e6a7d1d9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674881, "uuid": "d4c5c63e-a89f-4bf5-b812-f53a1325295b", "comment": "Malware payload (Mirai)", "value": "3eaeed03195ec92dfbe4632ef8a1d71d1fa83321", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674881, "uuid": "e101d242-5397-49f8-ae80-389d60216708", "comment": "Malware payload (Mirai)", "value": "b70485c27272f0e08e54829e35ab7d692fb7827277362cff8e62b4a5dd11288a56b0f867e841a2da846debe3b893a2c8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674881, "uuid": "91f782ad-8b5d-42b4-be58-d36e116da4dd", "value": "T18C73C70A7E229FBCFBAC873447B79E119E5833D62691D581D19CDA006E7024F241FFA9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674881, "uuid": "8a3308fc-9177-4560-913f-a310b56e66f7", "value": "1536:AdtWyhP7Xcx4hmICqeIN/XXYvfkpFGZJa10Q:qth7XM4W2XXAkpAZ4P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701674881, "uuid": "cfb10139-d915-4b1b-9f72-7ad437d413cc", "value": 77288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701674881, "uuid": "9ba9c734-162a-4f03-8f82-a6f53210ede1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674881, "uuid": "ab17a52c-873b-49ce-97bf-9bcf2f05c085", "value": "080ade50438b76ca746fae7742ed28f2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34277243-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698309, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698309, "uuid": "2f1ee36b-72ff-439c-9f3c-5a09a2516ff6", "comment": "Malware payload (SMSAGENT)", "value": "739389e7eabbc9f68f9ae80addb4f274", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698309, "uuid": "5527799c-b2d3-4b3f-ba5c-68afa3ac291a", "comment": "Malware payload (SMSAGENT)", "value": "513538fb615c4a4b1e910146e3badd5ecf6c669d5ed1a3419ee3b8d8bbf3cf60", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698309, "uuid": "276f897d-5009-44bf-9246-6812de01bdae", "comment": "Malware payload (SMSAGENT)", "value": "3ba1ec7badde7261cc1ac99f6ad29a02a2e8db36", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698309, "uuid": "b3fa9c0a-c482-49e8-ab75-6f8d8af43d44", "comment": "Malware payload (SMSAGENT)", "value": "53b9ff80fabd1c1ab6194c43fa9849f90e64fabd67e92aa490b9bffe737375f14eb6825b82235dbeca8317d986caad3d", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698309, "uuid": "d3889fd6-6d65-4584-9765-cc8a6e03de61", "value": "T1CF560179731CF40BE073DE316371814F71E185E51A72E312AB07B8585DABDC4AAAEE09", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698309, "uuid": "97cb074b-5806-4f44-b507-1f55ecd112fc", "value": "196608:/sDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYJ:EirUVis8O/0giAZ9PDN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698309, "uuid": "5b0fcce9-2f7b-4de5-8c59-e649d5926104", "value": 6376380, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698309, "uuid": "538ba382-0722-46b1-be22-8b593ad56a0f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698309, "uuid": "905198fd-3ad3-4ec6-8737-63f6e74895a9", "value": "Girls - \u0432\u0438\u0434\u0435\u043e\u0447\u0430\u0442.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93c20a7e-92b1-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701700188, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701700188, "uuid": "10b4f6b0-ae1c-4081-9af2-cd2fa30fc87c", "comment": "Malware payload (Formbook)", "value": "86fa1e0fb27dc0fb2e966c9dd0c1d01a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701700188, "uuid": "4f2100ee-9c53-4765-b5e1-dfe1fefb4f36", "comment": "Malware payload (Formbook)", "value": "517ef015543f7db992fb3eac666fd9416bc2be14e5a467e289cf0024b7065a0d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701700188, "uuid": "088fbc1d-7e35-4e2e-9395-e72b8b1ce523", "comment": "Malware payload (Formbook)", "value": "bc1be548c1d9043e843dc34d9eb392955a2e8f18", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701700188, "uuid": "de19a253-eb56-46c3-a2da-a1e1ae3880c5", "comment": "Malware payload (Formbook)", "value": "48790391cbed4f067c723f262d19a1017e8148e2e0bce447b0d394603b89f1d9cb2a4915259afe688d7c6654539e38f9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701700188, "uuid": "51be8168-ee6b-411a-adf0-dd1064846b71", "value": "T1B0742323B3D2062BD265A6F18C39B775F56E8260651AE2834F9C5F373E111E743082EA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701700188, "uuid": "ab714402-7ffc-423e-871e-b83333ca799a", "value": "b76363e9cb88bf9390860da8e50999d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701700188, "uuid": "ef6e5727-2168-4004-82b2-4d4f1f2f310a", "value": "6144:P8LxB0O3bC+tm1QPI/zWjvM0E7MMkTK24bITU3R6imxi3qolhoPJG6KgdLtkIUFM:xobC+tm1QALWjk0KMMkTUbIA3sxiaiZi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701700188, "uuid": "dee7cde7-86db-4fea-b7a5-a9b464a91efd", "value": 350362, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701700188, "uuid": "0075ddd5-64a9-4660-98da-8afbd0ffe38f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701700188, "uuid": "1723a8a4-0ae5-453c-9e5b-e562a26bd13e", "value": "Quotation_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af36ed1d-92a9-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701696798, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696798, "uuid": "5c4a7a2a-10bd-47a9-a1bb-4b2e51f2f4f0", "comment": "Malware payload (Gafgyt)", "value": "64e3e444f7de676a552a361af2a35a07", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696798, "uuid": "cea800c8-91f9-4005-806f-517a407430d6", "comment": "Malware payload (Gafgyt)", "value": "52943a068ba5bf3853f893be24ac36d1719bf561111ebc4b36093a0843fc9804", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696798, "uuid": "babab0c8-7ebf-498b-b60c-db291791f0d7", "comment": "Malware payload (Gafgyt)", "value": "113514dc6aefe42f33f29a7d5aa5ac420037fd93", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696798, "uuid": "cab0a4d5-75f8-4e8d-b051-8143e1787cd2", "comment": "Malware payload (Gafgyt)", "value": "685a65b30a2a765d9b25fc69a0d08db4fe701238b695ca8a5a65026e8e3e97008fdb9abe8139a257db722a69ec882b6d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696798, "uuid": "3830912b-9966-4996-88be-a369d06f7721", "value": "T1B2F3843EBA11AB7EE169423107F6AFB19F6421D33391A341E27CC6585EB228D1C5FB50", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696798, "uuid": "8827da40-c21e-4e39-8bc7-40dc9a14c90a", "value": "3072:0ns1uGzRBjzAvw59Nxef/mkm7FAwsH8LE:MbG1RAvw5TMf/mkm7FAwsH8LE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701696798, "uuid": "c1eaf5d4-d41a-4c69-b3e1-48b043274cc0", "value": 169207, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701696798, "uuid": "92c05b53-6502-487c-8d9d-74936d2f5b09", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696798, "uuid": "5c315511-0197-4b32-8c62-a0126ae77556", "value": "64e3e444f7de676a552a361af2a35a07", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "058ee99e-925f-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701664730, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701664730, "uuid": "8d36ebbc-208f-43cb-a7ed-1f7bc39bdda0", "comment": "Malware payload", "value": "e93cc413a22689ce81c6dd5e4de06390", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701664730, "uuid": "aa63d34d-37c6-47e4-aa72-2e9821246999", "comment": "Malware payload", "value": "5709abbb1d3958420deebbea7191292f436f6a4ad564965c19c7903991c151fb", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701664730, "uuid": "b5b87e03-4649-41cd-a63a-c2a080d966fc", "comment": "Malware payload", "value": "bda8a3864674148c3bce68dd7539bf8f949abfc5", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701664730, "uuid": "349cd733-bbac-4ca9-ac30-b9ab218a2d6f", "comment": "Malware payload", "value": "fd34ce30e8a007812cff31ddf8acdea88a9b51c4b59d0ed96ed56ae7a93614d252b2154030ed5c03257196679d7cf7b2", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701664730, "uuid": "6c5d42dd-dbe3-4481-a41a-7ab0d99d6f9b", "value": "T16A5623155AD1EAD9E508CE3FAAEB32F8F5F1543AC049FE1BDE44DC84962C8736A94430", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701664730, "uuid": "9f8935ee-c726-463c-b06b-d2efc4f2d609", "value": "6144:JJkrc2diahnH2wXItSt83ZxOk1OSVmn3zm1SzGTs82psz7:7728ahnHX4teS1O6QBG4Xpsz7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701664730, "uuid": "42dbcd1a-1fb5-4428-9569-a55cb255a6aa", "value": 6217056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701664730, "uuid": "0955d24d-ebae-414b-bef5-09940683eeb0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701664730, "uuid": "2b0b9975-89f2-4192-b8fc-c3bfbdcb0a0b", "value": "SecuriteInfo.com.Linux.Packed.1241.31331.3864", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb24a216-92e7-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701723446, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723446, "uuid": "71e79d7e-2760-4a0e-a2fc-cd64cebb9c73", "comment": "Malware payload", "value": "7862c44fee7e4c821571f55685139063", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723446, "uuid": "20a8e95f-a970-4463-a1ce-c765835046cc", "comment": "Malware payload", "value": "570c50236f5588d4e12bf9992cac018f4d477a1f65915db5c8eb3be2af08ba64", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723446, "uuid": "fdb6b7f9-5ed8-4495-b186-2fea980d68f7", "comment": "Malware payload", "value": "0cd277184838a149724873f423983f32dd853910", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723446, "uuid": "98c56588-d3d9-4561-898f-729bc0f1b0b5", "comment": "Malware payload", "value": "2d7f115d611d25330c56646685a86ee1861c98ef201fc18c1c943e5481da34e6efd67ea6dd1421a2ff9c45310f08528f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723446, "uuid": "2e67c422-89fe-492e-b3c5-e32c68c975b1", "value": "T1BDA52301B7C5C472D47319365E769B649A3D7C301EB2C9EFA380295EEE716C0A632F62", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723446, "uuid": "8f994b8f-2c26-4aeb-b997-1e66f21f3499", "value": "aac51396886833dc961fcd7aab7711e4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723446, "uuid": "9071464c-1f13-4af3-96f6-c8180135856c", "value": "49152:B1UOnVj3g0nSdZ/ufvr7TE22qqpE+OVbbk+LUqxNoWeJqEjXG:BtZ3HSd9ufD+B0Y+IrzqAG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701723446, "uuid": "53e86486-acdf-4b45-a248-05e266c02461", "value": 2154596, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701723446, "uuid": "d5e5a0ee-6891-4137-b009-810134938f3f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723446, "uuid": "7186eb31-0fab-497b-9138-a675a644a536", "value": "570c50236f5588d4e12bf9992cac018f4d477a1f65915db5c8eb3be2af08ba64", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "204d204e-9285-11ee-b7ea-42010a9c0006", "comment": "Malware payload (GuLoader)", "timestamp": 1701681096, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681096, "uuid": "cc471f6c-01bf-477e-b785-69113c5a7c68", "comment": "Malware payload (GuLoader)", "value": "795cb3d81416d3c25c2ead5e68e4520f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681096, "uuid": "4d636e46-ac2c-4bcb-a03d-78b60ceacfa0", "comment": "Malware payload (GuLoader)", "value": "57955215d434a2d644bb5d59ca0e4068d49b3903f756e4d0a505b090b3cf494a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681096, "uuid": "69bf3fb8-fc12-4c78-b29d-4b21a641736e", "comment": "Malware payload (GuLoader)", "value": "1270608c6ba21dcd0c83e50652c788945e17dbda", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681096, "uuid": "2aecb1d8-331b-4049-8f59-523d479e92c2", "comment": "Malware payload (GuLoader)", "value": "df70783bfad059555c246bb2267ebf313a96757d7b32c833fabaa90d510b26b6179f495306ba81e44999401d56a99e4d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681096, "uuid": "aae8f3fb-f582-4ec0-b570-3dd0f6b11b8a", "value": "T1B935338183FEC5CBE9A38A3C41A766792FE5A3D6E949CB035B33890D6CB97101C571B4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681096, "uuid": "31d5c40b-2212-44cb-af37-42f68df14273", "value": "66fcdd6338ffed276966867e7cf86116", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681096, "uuid": "c48bcd05-809d-425f-bee0-9f67ade6fe14", "value": "24576:AN+eS037HG+SBZB72CARo+KswCmw7bZoCUnvqpxH8iiBzpRCuxXD7Ld6W:UDS9v12C21KTExoNnvaqiqjFD7oW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681096, "uuid": "00433139-cba9-496e-81a6-c4217fd18d45", "value": 1146864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681096, "uuid": "b0eaa4b1-40d3-4984-8188-5fababe1ab7b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681096, "uuid": "c1b69434-81a7-4c16-a0c6-bc03dddd6b89", "value": "RFQ GEC-2804.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e216902c-92ae-11ee-b7ea-42010a9c0006", "comment": "Malware payload (GuLoader)", "timestamp": 1701699031, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699031, "uuid": "1c68e7a8-2ab0-44da-86bf-480540c04d39", "comment": "Malware payload (GuLoader)", "value": "a1e677ce752f77f61fd73c67561de5fb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699031, "uuid": "6bc91600-f683-40cf-83c2-cfa6e05396ae", "comment": "Malware payload (GuLoader)", "value": "57ff70d44d1f67060aa989b89c5c95b4b87b9dba3f58a7b64c5cf61f12a98d8c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699031, "uuid": "09111868-cf9c-4375-8fb7-a473d5354feb", "comment": "Malware payload (GuLoader)", "value": "eb555766fb7eca9b70e39f78cf4a3ba649b2d692", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699031, "uuid": "b5d0e64a-810b-4690-8454-8255867a8135", "comment": "Malware payload (GuLoader)", "value": "37e49513ec686fe7092d30efb731ba9c7467d18aabe165c6a360923b384d49b7738088dd31fe73c883023d4f6d4aecce", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699031, "uuid": "0a6a4078-a03a-4bcd-8edd-671807ab5169", "value": "T142B4010E3B94D55BEE305F746CA6C6376ABD9C182F934B032BB5B6D93B32350A919310", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699031, "uuid": "3f0dbfcb-ce1f-4820-bd52-c1abaa409b1d", "value": "56a78d55f3f7af51443e58e0ce2fb5f6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699031, "uuid": "4b3dea3b-4f1a-4732-8260-dc49e6d6b973", "value": "12288:5bip2zW1/ykRVsl8IUEZi9kC7GULEikDy2Ag5ksagRCND0It4XD:5biIzW1/zVsmIUuCiULEiY7RjT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701699031, "uuid": "a5d1f3e7-9207-40cf-8e16-cee75595ff03", "value": 534128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701699031, "uuid": "de87408e-7095-40b3-90d0-4a9b926b5a7a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699031, "uuid": "0eb63464-08fe-4fec-b206-c0fd739bbe94", "value": "swift_0412.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18bcbc19-92de-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RiseProStealer)", "timestamp": 1701719309, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719309, "uuid": "c1c8b83f-3758-4e06-a658-77b4ca346ccc", "comment": "Malware payload (RiseProStealer)", "value": "ade0827f97765fcd41961ce834475d15", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719309, "uuid": "31b7a142-81de-40fe-a9f9-d4f96f7d7fbe", "comment": "Malware payload (RiseProStealer)", "value": "580a61dd87a7abf542eaa6506925e7fe9fa25fc73a9fbbb52875ef5f786eca2f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719309, "uuid": "b574d996-340b-44f7-9bbb-09e29b0afb8e", "comment": "Malware payload (RiseProStealer)", "value": "da072b18d2312bf85e4ccae753e547b5de81d343", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719309, "uuid": "08ff255c-f14c-4938-ad4e-859d517ae5f1", "comment": "Malware payload (RiseProStealer)", "value": "f0b2309ad15d7784b90ecd643d40644c119ecbe717081874ea34556b4402e4c20a8c561f5c0e5a1ee747addff0bd1bd3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719309, "uuid": "8190d193-25a1-4225-ada2-4ce9ebd53515", "value": "T143658C31FA08D4B6D09210B0916D6A7B91587A322BAF4CD7F3C05E6E41B52D2F235F6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719309, "uuid": "ad597b88-2d83-4ffd-ba81-7998bec112b6", "value": "078471ac5a76189ffe465abe0c89c6b7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719309, "uuid": "11e3e3dc-848e-4155-8fe8-374b46f1dbfd", "value": "24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WBI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701719309, "uuid": "238db538-6870-43c2-8499-4a76c1b4f1c2", "value": 1540187, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701719309, "uuid": "f9d9f450-6ca3-4797-97b2-0fe61ee9fe27", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719309, "uuid": "2db205f7-b839-4ca0-b947-cd9bd0e74ba3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "80a0339a-9290-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Amadey)", "timestamp": 1701685982, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701685982, "uuid": "b2a20598-678b-4ede-af85-eb91d6f6d297", "comment": "Malware payload (Amadey)", "value": "1d32535deb1c523d0be798ff37593efa", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701685982, "uuid": "49f69383-471d-4ecf-b2f2-3d956821c475", "comment": "Malware payload (Amadey)", "value": "58233388d4840d05814fac8b1d2c844c2d224a013194b1cbcfb8a7adca6e18a1", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701685982, "uuid": "897480c6-0af4-4f76-9a40-bf19f268beaf", "comment": "Malware payload (Amadey)", "value": "af8d446c2b97ee254b06924423b17cd95e8c0d27", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701685982, "uuid": "9348c6b5-654c-45eb-aa47-e830492870c5", "comment": "Malware payload (Amadey)", "value": "2f63c77940b2d3e21ebd16dd698691468b41d6ece794718fee7ea1c65e54d8b28db79bf808a922f9358b95b7c7d36038", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701685982, "uuid": "4b8d2bc8-d935-46d5-b17e-e80e9dc98e89", "value": "T109B53322D7965C4CCA69C7726D72D05FA15E4938294A33F01E2FAAF1A00397F5FD224B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701685982, "uuid": "c494907d-62ef-4816-83ee-02e4ae036a41", "value": "4fc7d580c9c9e24e3cf5a2b5a1a4d764", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701685982, "uuid": "92e41149-ec70-4440-9135-37fb2c739fde", "value": "49152:HM864hpl6/xzfnZHKEI92BtxHWfq7918JgFOwZko:s81pg+EIYBtZWfq7918exb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701685982, "uuid": "62f94220-f30e-43ce-898d-6fa7f7bfc8d4", "value": 2292104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701685982, "uuid": "940673c0-9c30-462c-9493-bb0de16fbb5c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701685982, "uuid": "50898128-efae-4669-bae3-10899589077e", "value": "SecuriteInfo.com.Win32.DropperX-gen.19295.3399", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b17c4710-9289-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Smoke Loader)", "timestamp": 1701683058, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683058, "uuid": "b8599554-eb92-457b-bf92-2617249ed4c9", "comment": "Malware payload (Smoke Loader)", "value": "6fcfd70766035eefea595e391c320d26", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683058, "uuid": "73e9b4b2-39e0-4ae2-9a98-6accd2a18c2f", "comment": "Malware payload (Smoke Loader)", "value": "589c6d6319bbeb8d36b11c18489a867e121ec97c52c5079ad8af942ecd644884", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683058, "uuid": "68dc4577-c0d6-4b4e-afd3-eb1240f0812f", "comment": "Malware payload (Smoke Loader)", "value": "2a7ebd12a5dff21fefca97c3680eb4ba6eb6675b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683058, "uuid": "61c1df89-73ff-449b-abb0-bbbd68530731", "comment": "Malware payload (Smoke Loader)", "value": "6c7a95544fbd628b0097660aeea469f2336044b7ff8cfb50d2bd99c6df522309f950e465762caee09188cf48d7794c61", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683058, "uuid": "2e1bb6f9-9043-41d0-968d-872e03862586", "value": "T17944B60392E17C55EA268B73EE2FC2F8721DF9518E493B652918AF1F10B1173D1A3B16", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683058, "uuid": "139f0742-7b9b-4b73-b5ef-a426a8b8c8b3", "value": "4218786bdd48185e04ca1848e08c3d21", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683058, "uuid": "27a590e8-5f3d-4914-86c4-5044e1934d7b", "value": "3072:rEqQnEVtML+/Y4DXe5mklkbhemOibTUyGTkH:oFL+JDXJkYVOibTUyGT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701683058, "uuid": "bbd32029-f666-4c6d-a993-f171ea253dfc", "value": 265728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701683058, "uuid": "90986350-817d-4972-96a3-3ae6ef206194", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683058, "uuid": "7dcaa386-e7dc-4e21-817b-093e7909a510", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b8bde68-92d8-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Socks5Systemz)", "timestamp": 1701716790, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716790, "uuid": "6dce05dd-3aba-4b27-ad52-a9d096dc59a8", "comment": "Malware payload (Socks5Systemz)", "value": "9c540b434ec709b2a2fea2b249ca1759", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Socks5Systemz", "colour": "#D268CA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716790, "uuid": "3e5332b1-23c1-4b69-8bea-bea422cc5534", "comment": "Malware payload (Socks5Systemz)", "value": "59ef62239b7f107e2dcc95a08b591397aa7d3e63f71948d98d629f0ca0bb0850", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Socks5Systemz", "colour": "#D268CA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716790, "uuid": "70c4b4a9-699b-4063-84aa-297ada7ba2f4", "comment": "Malware payload (Socks5Systemz)", "value": "2a154398ade12f0bf7b70a08e0f643f1ef812cda", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Socks5Systemz", "colour": "#D268CA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716790, "uuid": "99eafc28-57fe-4e13-a679-47162e3c295f", "comment": "Malware payload (Socks5Systemz)", "value": "b1518eb42f88f1e249333cd3dc6287b513dda47e508352c77eb9495de68b3e522ec808c5ad3728c580c65096fb5de86e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Socks5Systemz", "colour": "#D268CA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716790, "uuid": "31223a94-9310-4744-b38f-96726d6d9c1e", "value": "T10A05CF0D3110D283DA5D673C554BF9335BE0EC17AF88C95A2DE07EBB22BCAD6611AD42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716790, "uuid": "0ae68880-2a72-4061-b3a0-d1f4801d9349", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716790, "uuid": "d0be5ce4-7221-47b3-b3a4-8e07b31c989c", "value": "24576:aATRYd9uQodVQFE+pKY+0W3NI651yj30ivvE/4v0:aN9RqIKcWhkjki3E/48", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701716790, "uuid": "8262b5e0-6c37-4128-bca5-70fa3f3c2189", "value": 809344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701716790, "uuid": "546642fe-a712-4a47-98fa-875132904afa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716790, "uuid": "bb92d26c-6577-4726-bcfc-8ac9dcd86d1d", "value": "9c540b434ec709b2a2fea2b249ca1759", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86ecf2c7-9257-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RedLineStealer)", "timestamp": 1701661511, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661511, "uuid": "cdb2ab0a-5027-4dca-afa7-65e11b5c184c", "comment": "Malware payload (RedLineStealer)", "value": "045b8b68836e1bfe55654c77358705cf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661511, "uuid": "7877a0a3-197c-4d1b-9fe9-1ed714162d45", "comment": "Malware payload (RedLineStealer)", "value": "59fd5e05b0f86df3f9ea724f6dd7d117640b50544b45c90a5d27df23afa46edc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661511, "uuid": "f4eebad2-8c1f-4b42-98f0-eaafe72a8fc3", "comment": "Malware payload (RedLineStealer)", "value": "349cd5f3301c79dd3c15bdecf686bf087c40f63f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661511, "uuid": "90c2c7ed-b84b-41d9-92ce-dd063b7da14e", "comment": "Malware payload (RedLineStealer)", "value": "f07542ada95eb6a5f61683e5e1f2d2ddfaf24ad4821a17b648eeaaf4526859b4b2a8c0b2211a06b7b8bba761e8230951", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701661511, "uuid": "6dd98942-9b77-4684-98a5-5df3bb537e94", "value": "T152050211BAC088B1D86628341EF5F731AB78BD300F758EDB9B444A6E4F705D19A31B6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701661511, "uuid": "23d19d8c-f25e-4f45-986e-efe327ca6e6b", "value": "fa8d20faea9ef7b4e2b7fbfe93442593", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701661511, "uuid": "47765504-5b02-4740-9fc5-9caa2e568517", "value": "12288:f3DkEGDINi1EwkG8TsHWihc0AAxUdqSJV6NjUyVQrjYOlyz05z0G8sBHpWuj2/SO:/DkUNi1EvGdWa+AOwjnQTc49pnHpWG2t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701661511, "uuid": "19c0de0c-52c0-45f7-8da3-00ca77d65c01", "value": 841430, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701661511, "uuid": "8f235479-20c1-4a3a-b477-62dbbe3af89b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701661511, "uuid": "92811626-2d2c-4066-b1ed-e674175e7358", "value": "045b8b68836e1bfe55654c77358705cf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "491f800a-9294-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701687607, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "bb87d78a-0498-4e49-beb0-8e17a11151cf", "comment": "Malware payload (Gafgyt)", "value": "5b66561fd5845522887b6898145b6f1d", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "d6843555-fd7e-4cda-a033-f76f9185247d", "comment": "Malware payload (Gafgyt)", "value": "59febb17239ee59a169e9c45c47020fd41c395e4abf97db5f3f41dee72b9e352", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "ae820d10-4f0d-4ef1-a1ff-5b8c11f61ec7", "comment": "Malware payload (Gafgyt)", "value": "3bad7a9f3f73e319783b7be1bf73121f5b0bd45b", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "60dffe44-e711-46c5-9b26-3a614e7773a0", "comment": "Malware payload (Gafgyt)", "value": "ca06791c9591453ae0bb159f2ea6ecb973cce6c0f72ef0edea725211d9645c336305c33ab9459817f29f647a26767f30", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "ac80b312-91bb-458a-98a3-32848b99d2a1", "value": "T1AEF330215A1AE123C496EDF9BED2BE978519F1974E8A8702B3D420AD0EF5D81701FDCC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "a923733c-dac3-4720-8e4c-66231edf2c3c", "value": "3072:VZWOdFDWEt1z4cdYxvJAT7cCyl+ZDm4CVd51tHEaM:VvHX3ZdMqTClGm4CVd51tHEaM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701687607, "uuid": "606debd2-0158-4e05-b60c-5d7e99ca8f5c", "value": 161368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701687607, "uuid": "13e50c71-d972-4d8e-86f9-3d5daa841462", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "c759386a-3b5b-468c-ba73-66158afdd002", "value": "bashd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f83b1bd5-92c8-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701710235, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710235, "uuid": "0a5e4819-2768-4403-a9fb-eae4270e169f", "comment": "Malware payload (AgentTesla)", "value": "45e69fcd8af28b4dae56bfe23be896e0", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710235, "uuid": "d673c502-79b0-4a80-b392-349e23d1925e", "comment": "Malware payload (AgentTesla)", "value": "5bbaedb23ca1594e649704f9d0d6bdc9fd1aeca05187b62169c44a98f2aba1a0", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710235, "uuid": "3cedd508-3210-4bc9-95db-e6ba113116a0", "comment": "Malware payload (AgentTesla)", "value": "7c0fbb3a0912c545087ec17ecc81a197fb67ae0f", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710235, "uuid": "f34c363f-3b47-4409-af3f-e52a8386d20c", "comment": "Malware payload (AgentTesla)", "value": "806d57fef00b01089be127560f9678906e540f335127159d174be8231ff1f65b83d3bf4caf22fbda5365843da9f1c5f3", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710235, "uuid": "d5510843-30b4-44ca-a72e-0267da1e26a9", "value": "T1235423988FBE639B12ACE0DC18DD0B53E98959B1F8A40E45F7593BB1530512EAB3F143", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710235, "uuid": "b321d9e3-7275-4241-b707-6d182a791ded", "value": "6144:eWXdpXuzWP1IgTITG3kpmsymq70ybBnO0hTuaky:emn+zW1LIfG7PFhSby", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701710235, "uuid": "353be3b4-98d2-4505-a1bb-a48d1c193ee0", "value": 298300, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701710235, "uuid": "657bed24-e9e7-459a-9bae-76067b3960a0", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710235, "uuid": "132e7777-a897-472b-85e4-e380045a6541", "value": "FT23194060101821.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ba4fe70-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701681920, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681920, "uuid": "0d878277-38ff-465f-b689-e1373fa74cd7", "comment": "Malware payload (AgentTesla)", "value": "440faaa42ef0d21bd30d04585880605f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681920, "uuid": "7133c1cc-c678-40ca-9d3e-d46190e90c26", "comment": "Malware payload (AgentTesla)", "value": "5c4936b5fb84ffef88404aa02b889bd1bb3edb999e70d7b3a1fd179c6fef96ac", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681920, "uuid": "afcd869a-690c-43a8-9d18-0dc4a8d94cb3", "comment": "Malware payload (AgentTesla)", "value": "1f285bac25369f93edde9d6077af7ac81e86edb1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681920, "uuid": "58ae5291-f0bb-4b74-9b8c-a29f0d3da2d7", "comment": "Malware payload (AgentTesla)", "value": "61794d0668936f8f600a692b0611841fb47817bbd8839cee1df8ed6ec14d221fd4db90067a0ba61f3bd121dd12cd33d2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681920, "uuid": "eff6d41a-d16b-40d5-8362-082bdefdc9c6", "value": "T197357ED1B1908C9AD96B0EF26D2BA42014E3BE6D6464C20D5E9D775B36B3342209FF1F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681920, "uuid": "68f4c2d6-fad3-45dc-be32-429ff9be10c0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681920, "uuid": "1688a4bc-2fa9-4844-bb11-7649c65f9058", "value": "12288:/ndw0fWL//kwmoPdNKPvnAEkIrmLLyoVyXPyH32hQyiqwUqAlL1WTw9U:VtfWLnkwnmPAEbrmqPmsuSqtw9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681920, "uuid": "32bbe78f-b69f-47ca-8a90-7b49523423a3", "value": 1139712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681920, "uuid": "14b292db-46ff-4bed-91ba-9675bc0ce7be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681920, "uuid": "6e8d9213-5cf3-41fc-aa3d-bbec0fea9bd5", "value": "N DOCUMENTS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84db6cb3-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701698445, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698445, "uuid": "d585dd86-6082-48c8-88c9-196139269f68", "comment": "Malware payload (AgentTesla)", "value": "e22092a033f807630b0c75a40e158714", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698445, "uuid": "8fd97df4-1c8c-4052-8a66-09b26eb11d74", "comment": "Malware payload (AgentTesla)", "value": "5ce3eab6d2f6dce6ed4e7be3a397250f8489f0083c825f9f2dce0730525ec0d5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698445, "uuid": "b1a13c1b-9183-4448-b51d-872f94887ed1", "comment": "Malware payload (AgentTesla)", "value": "52de61c5707247eed38c62e05f97ff5dafc36e27", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698445, "uuid": "71ada56a-95c3-4b9a-a2aa-44939c48259c", "comment": "Malware payload (AgentTesla)", "value": "00672a15c18a1d60bc2d7e761fc243b6ef88add0de77036211f89102bb6fc5e4c9ba4f28b3187407bf3719ed2269e69a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698445, "uuid": "531ef250-6eee-4911-8fd2-1ca67b4d728e", "value": "T1CAD4238572DE6752D9B753F9762CAED403ACF6342130E99A3C9051C86286B5D0BE2F23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698445, "uuid": "1cffd5f7-253f-427d-a424-c6199d8578bb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698445, "uuid": "c53b1fd2-f699-46e2-9a5e-520f94235642", "value": "12288:945+po2lOfDtbNH0d1TJzIYap+n332E+Cspo+W0wqCcbuU/2gi3GiIehZCkXy0S:o+pJlOBhHajzIYapY2V15W0wqCcao2NA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698445, "uuid": "fab2af04-5ef7-4560-8fd4-08c9345fb8bf", "value": 642048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698445, "uuid": "0f8d54db-350e-49c9-8f4a-1082968403d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698445, "uuid": "0716fccd-1557-4882-a47c-af004ebbfc2c", "value": "Statement-1000276262.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a5d1111-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698266, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698266, "uuid": "1f727394-6076-4ed0-b75f-898416bc88d0", "comment": "Malware payload (SMSAGENT)", "value": "1e6525cc1ff41b11c80da407fbd8e3e8", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698266, "uuid": "c1d87641-7dbf-4fc3-b761-e8c4a0e41912", "comment": "Malware payload (SMSAGENT)", "value": "5e45f3e273ab01ad99e9c9aaed2b56d017985a299503f2c765d96a71aa5bcb9c", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698266, "uuid": "fef47cba-6936-44c5-9430-d48abeea9f10", "comment": "Malware payload (SMSAGENT)", "value": "bb1f4ff5f9e6f5924e139c582a2f7e52d61d3586", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698266, "uuid": "7a8dbf8f-8c85-486b-9485-de75283bb6ea", "comment": "Malware payload (SMSAGENT)", "value": "6477bab46e4d7f927e88416c30e6c05f902ae5a8842713502c53d59939a819a46b2613b7cb156e3f14010c431c225e3a", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698266, "uuid": "38514a1e-8a0f-494f-8fab-2321a5dd34f2", "value": "T1F4560175731CF40BE073DE316371814F71E185E51A72E312AB07B8185DABDC4AAAEE1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698266, "uuid": "e12c7de9-75f4-44d3-9c27-2cf7df8435f7", "value": "196608:/sDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYc:EirUVis8O/0giAZ9PDY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698266, "uuid": "52c6d0eb-2fc3-4d11-805c-6af8fde96cdd", "value": 6368188, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698266, "uuid": "2e67e272-1285-4b65-8f80-72f26b23d50e", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698266, "uuid": "bee46b3d-d94f-446a-888f-3611aaccbe55", "value": "\u0421\u0431\u0435\u0440 \u0410\u043a\u0446\u0438\u044f.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bfdb6eec-9286-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701681793, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681793, "uuid": "baef1fe7-7551-4815-91ab-3c9fc41dc1da", "comment": "Malware payload (AgentTesla)", "value": "10003be0ae6e1a355b128c9663062acf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681793, "uuid": "321b579e-3f2d-4d8e-8067-9808c14e2b9f", "comment": "Malware payload (AgentTesla)", "value": "5e5350a474c7fcc4782d8fb212f0b43aeeb7c144feae45f7fa37544110650768", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681793, "uuid": "62816eb9-b14e-4d28-87cb-af2a24bcf785", "comment": "Malware payload (AgentTesla)", "value": "1fe433690c38a9c9027ad9a6f5bebbb662406bbb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681793, "uuid": "fe60b13d-5772-4230-9b97-707140e6d46d", "comment": "Malware payload (AgentTesla)", "value": "9708bb9f36ddc033405db2a73fbc6a139f3773d51b3fa39694288aac420243ad423c1aaaa18de46bc761ad3e7828b7fa", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681793, "uuid": "fbfead6b-9e34-4696-9f18-72b7933b44f5", "value": "T1BF15F13573F187D6CC6983B2A569506883E02EADEDD1E10EEA812EC93421FC11B7D57B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681793, "uuid": "30264820-f609-4942-ac51-4ef0474f59cc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681793, "uuid": "cb8a8baf-e970-467d-858a-edb651952245", "value": "12288:uWBMCtW8G34/uK45+po2uRRyYD9gWghD8hqneT/ao0smtkn8eKwODX7rR3QMsm+l:dq34/up+pJuWeEwhqneDaJsGPWf53p/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681793, "uuid": "da157fff-b92e-49fc-a57e-4ee6694be299", "value": 930816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681793, "uuid": "3f0031a3-8d9c-45a2-96c9-59757f016120", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681793, "uuid": "f5fd49a1-a24d-4822-8c16-a68d78ed1225", "value": "04_12_2023_D\u00f6nemi_MEVDUAT Ekstre Bilgiler.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1671864e-92f7-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701730042, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701730042, "uuid": "8b12237f-0129-4ec6-a506-ac53eb6a3ddb", "comment": "Malware payload", "value": "3507cf667343fdafea7e88b5391420d3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701730042, "uuid": "227dc9fd-386b-44ce-8f90-fe64d2d9af20", "comment": "Malware payload", "value": "5e5e5d766b28c1de80c5bbddb65566e6950da5f39126c39adc32aee82056dfec", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701730042, "uuid": "2ace5ded-6c1a-4a19-a1f3-79f33460af15", "comment": "Malware payload", "value": "ca82bdb3640b27786bf1c7af869f24b4ef9c508e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701730042, "uuid": "26a54c36-43c1-4d13-9d6d-26441aa418bc", "comment": "Malware payload", "value": "0da0882819c7a30c759c6082263a428fdb2bf3a72c546d4ad044bd5021082ef4c2ca83725fa38d38f0c58163cc0c55ec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701730042, "uuid": "eb3abb97-d199-46da-a33d-d2910b1e07a6", "value": "T1DB658C31FA08D4B6D09210B0916D6A7B91587A322BAF4CD7F3C05E6E41B52D2F235F6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701730042, "uuid": "a0abdc9b-d0f5-4451-b145-02a2b6272641", "value": "078471ac5a76189ffe465abe0c89c6b7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701730042, "uuid": "fdc80764-3e2d-42f1-99db-8108b2ff6776", "value": "24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WBI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701730042, "uuid": "480dd713-87cd-4f85-8714-127ad445a4d5", "value": 1540214, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701730042, "uuid": "8e2c9da0-5477-4dfa-acdd-d208966f2b09", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701730042, "uuid": "3abee287-b6e5-43d3-8cb4-e65e3bab31f7", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "21c7a8a4-92a6-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701695272, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701695272, "uuid": "f422d80b-7a50-4f83-af13-c2f09f6d4e3d", "comment": "Malware payload (AgentTesla)", "value": "2bda9ab0ecfb10e452c32de33eb5c0ab", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701695272, "uuid": "ddc9afb4-2e2b-4445-a192-b72fd0a057a0", "comment": "Malware payload (AgentTesla)", "value": "5e677270292e15434757d07857994ecd05b20c0872120d9858b94f56186ff6aa", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701695272, "uuid": "a98a5e20-b5f1-4e34-a469-73b532ea756a", "comment": "Malware payload (AgentTesla)", "value": "6e383b02f1786d4139f33f653e5189f88f88d352", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701695272, "uuid": "f1a95152-d2d7-4698-b023-694a0fd0330f", "comment": "Malware payload (AgentTesla)", "value": "c83e02300703057216bcad3991f21736fd28e2f7f9d5b7064b2a5836f645e33b16d554149c4fabe303f5d5c540d12070", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701695272, "uuid": "808fbdb6-48fc-4082-82eb-dc27f3cae5f4", "value": "T14DA423ECF807611198FB8AE99691BBB019D7D6CE8096DC36EA6106C361753D0CB313B7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701695272, "uuid": "dd534b1b-0ac6-4b69-9a4b-74c3e4d1dd04", "value": "12288:hFwx63ZFWBmpRUdA3uNUn6yKasnhN4o6RzC4b:LwxR0RwquUwnh+RG4b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701695272, "uuid": "61c2fb63-8404-49b1-ab38-19110ba82f25", "value": 459705, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701695272, "uuid": "6b8fc4e3-012b-4410-b920-729cebc07fe8", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701695272, "uuid": "c0372244-63f2-4378-8e00-546d6f659649", "value": "payment confirmation.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e3557d16-92c8-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701710200, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710200, "uuid": "9405b37e-c059-4e06-a06d-6fe176e7b9ad", "comment": "Malware payload (Formbook)", "value": "da6e03c9a40eddb667fb577ef6d4335f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710200, "uuid": "b0780a74-30d3-4572-9dd7-c92d2bcf076f", "comment": "Malware payload (Formbook)", "value": "5e8b9a3cfcbc1a19ade37e8d246f61d95caf08ce139b6280b77dea376b626ec7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710200, "uuid": "01e85983-7685-4a33-8e58-6291437fc1bf", "comment": "Malware payload (Formbook)", "value": "65caec424eba2e80a1544d86501b4d86322fc3dd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710200, "uuid": "49710237-2ac7-4066-a568-97074bdcaeaf", "comment": "Malware payload (Formbook)", "value": "be9f18ce47796a5531bc01530e6482af55fb0b53b6b3d32a78a38cdcbb647fe87f76af85aab8a72d8b038cb8e25dd70e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710200, "uuid": "c0340a3f-348a-4f5f-ba26-33a828ed6b4c", "value": "T180E423D273A88B6AE2750BF51EE4AD0A07719A0098E8E62E5CF550DF6470BB1C373317", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710200, "uuid": "e3f5bdb7-4769-4ab8-8b01-f32d47ee68e0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710200, "uuid": "92df4fd5-d199-41ad-a61a-b5c30dafd413", "value": "12288:h2iNtIpl1OdUsf8a4qF7yxdCvpk8ipZhGOQJTtpxRFpf0yTn:h1pOsEa4qpMdwk8hJ5+y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701710200, "uuid": "2adb9504-183c-4e10-9c71-945d3e50f021", "value": 699392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701710200, "uuid": "93f5be30-0336-40b2-84bb-77d3579486d7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710200, "uuid": "b75beb5a-5d8e-44cc-86df-a262137a8ed6", "value": "3306_202.EXE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ddf8345-92a8-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701696097, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696097, "uuid": "68ba1aff-a92b-433a-b151-28715b2e6a92", "comment": "Malware payload", "value": "443f77f74ab858c98f48ac4af9faf0dd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696097, "uuid": "c12dd838-b2d3-45cf-b6c6-c8b6bac2942a", "comment": "Malware payload", "value": "5ef41a6cd01bdb96cda3bc3fb926665b32aba457504bd252d802061b7cdb6bb7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696097, "uuid": "cda732e3-fd86-443b-b67d-7cd450346f9f", "comment": "Malware payload", "value": "63aa85ff5771c92b3f0c86f7548e6205db5fe55f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696097, "uuid": "7b2c9e0d-9049-4c17-876b-da0ce7617cdb", "comment": "Malware payload", "value": "6b185eb68ae018cfa3c8396a54d2e9903d89fabba58deb6624bdeb4caddd5e98ba166c6fa51ac4a25d2d897774a81ec6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696097, "uuid": "c0b364bd-937a-4f68-98ae-578ab9db56f5", "value": "T1BB836B13B8D1C8B1E5771A315864DAA09A2FF9114FA18E6B7784167E0F302C1DE26F7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696097, "uuid": "e9ef92c5-eba1-43b3-941a-193f37521b49", "value": "9c2487d128efff6de25469d402c83e85", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696097, "uuid": "34ffd7d8-2f66-42dc-ba9b-49ec6b84bb50", "value": "1536:LtQIgMINK7dPOLfblzmYmQMeKrffF65Apc7DNX2d0sWPPcdeicnprO3TQ6:aIgMI87dPOblMeKrffF65NNmdHeiKODH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701696097, "uuid": "6535f4e1-abfe-4d28-bfbd-21ca8c106897", "value": 81920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701696097, "uuid": "c9e6c3ea-bca1-4826-8711-4d43f4378198", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696097, "uuid": "2d542f93-2d04-4609-a77e-446aa323749f", "value": "SecuriteInfo.com.Trojan.Loader.1894.12916.2816", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db9578ae-9295-11ee-b7ea-42010a9c0006", "comment": "Malware payload (zgRAT)", "timestamp": 1701688282, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688282, "uuid": "0e581e77-bd32-4c08-9f34-faa6fab6a635", "comment": "Malware payload (zgRAT)", "value": "436f41a1d9379a94c44e7ab9399f2e77", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688282, "uuid": "f0b01318-2b62-4598-80dd-7d7c99df590f", "comment": "Malware payload (zgRAT)", "value": "5fb3a526d0e47584efd56faa6c0e0d296587e1798f9a7654aa0cf6a711b8a0a7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688282, "uuid": "8512544d-60c3-46a7-b23c-a409755a485a", "comment": "Malware payload (zgRAT)", "value": "92be814a7d99dd0c597b79b2f5a45b4413e6fe34", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688282, "uuid": "875bc813-7a79-466d-8ad4-a098f7da630d", "comment": "Malware payload (zgRAT)", "value": "d71f53bdab07949b56c767ab404272ddbd6840357b4b4f9fc5010a0614d0bcbc70a8543972506163b739142c44ab4fe4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688282, "uuid": "f335b184-6aea-463a-adcd-9e47377b8704", "value": "T1E4A2D5C9EDD944E2C56901798CF233550276BE2B7CA2EF4F8D59B65064B32C025728EF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688282, "uuid": "1c3ee467-9e7b-4a54-ac6c-111e26985872", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688282, "uuid": "5820a0ca-a2fe-4082-b221-7b1c7f4aab39", "value": "384:YcRup5ZzQpRp8MZCWsKFKKKKKKK6Nq0AklGvBsWzeMy:YzZIn8WsKFKKKKKKK12Wzhy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701688282, "uuid": "bd79b8eb-8b62-40ae-80d0-5f0d5688a141", "value": 22016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701688282, "uuid": "b60eaca5-fdf1-497f-b021-1e0af5846a96", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688282, "uuid": "2b163a58-40bf-491e-a795-741a00d187de", "value": "RH202312.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c0ad693-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RemcosRAT)", "timestamp": 1701682109, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682109, "uuid": "adecf153-d9b5-4a3f-925f-3df6f5d99651", "comment": "Malware payload (RemcosRAT)", "value": "2cf755e69a25d8c957014e84c0353572", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682109, "uuid": "6c9f21bd-6937-4c11-a94f-b2a87e63191b", "comment": "Malware payload (RemcosRAT)", "value": "5fc47bba076e30759ef93078ae0a5aa3748004c80c8d00eb3fc789eb58853aff", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682109, "uuid": "a402dac3-3089-48bf-8878-bf0a2e190ad2", "comment": "Malware payload (RemcosRAT)", "value": "41b938c0205e1d7adc42e316a103f251cd1594e6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682109, "uuid": "924e7b59-b26f-40bf-aa64-c7a498cd4993", "comment": "Malware payload (RemcosRAT)", "value": "9aa2a6998a66b19597b9c0d96bfa73a8083a63923fa539aaa33827bf314d49c7b393c37067101c2c31f710cc3377862c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682109, "uuid": "fca26cc8-0268-430a-b1dd-ea9bcbb551c1", "value": "T12DB422166364AB7BC5374FF72C80A50A87B4C617487AE4DA5DAC108C7533B7186B2E2F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682109, "uuid": "25a3ad2d-e11e-4cad-a2eb-be3e1de45ebd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682109, "uuid": "1db37ef8-b01b-4554-8aaf-bff1b698acc6", "value": "12288:22iNtIum4gKBXEvQDxnJLKf6oHCDJH1KA34kRtmi:21e4d1t/KKHM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682109, "uuid": "95b3e9b6-9f9a-41bc-b696-06b1a8c01cc9", "value": 526336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682109, "uuid": "6c005e0b-734f-4a81-af7d-b7cd5d1cd1bf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682109, "uuid": "6638c158-5b62-4dc5-a1e1-308a29f92b29", "value": "2cf755e69a25d8c957014e84c0353572.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15c0fc9f-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698258, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698258, "uuid": "1fa2875d-f7a9-45e1-9d2b-fa1c9fd1119c", "comment": "Malware payload (SMSAGENT)", "value": "839a94bc2172bff0f4bef77038fd8aa8", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698258, "uuid": "2c9c6782-f0ea-4976-a3c9-7c61300c3b80", "comment": "Malware payload (SMSAGENT)", "value": "603fe9cd698bd6331981a24b629171060faac760753f80579c078d3cace4ba60", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698258, "uuid": "107dd070-a465-4e2c-a123-45a61c918677", "comment": "Malware payload (SMSAGENT)", "value": "9d6412fae5d79a644bc10f6ec8c2b6345303d97a", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698258, "uuid": "b944fed9-a889-49c9-9718-97ba20d7f084", "comment": "Malware payload (SMSAGENT)", "value": "90769023be14fda6e503bcd7256bea76bce987e43bc4959b72badc8c40577934f51421d5c9a92a8bc9ece20c53a1fac4", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698258, "uuid": "c16cc3d5-4398-4809-9410-541b78fb7653", "value": "T1C0560175731CF40BE073DE316371814F71E085E51A72E312AB07B8585DABDC4AAAEE1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698258, "uuid": "43921392-2808-4e9c-bd1b-d4aea181ff90", "value": "196608:/NDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYDi:1irUVis8O/0giAZ9PD3i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698258, "uuid": "097b8b6f-419b-45e6-9084-b92752ff755f", "value": 6380474, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698258, "uuid": "78973590-7b4f-416e-900d-737db125b415", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698258, "uuid": "21626dda-1906-4ce6-918d-1a1b7d9c9228", "value": "Flashlight Color.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb290239-92ca-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701710991, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710991, "uuid": "a4fd9710-ba8a-48a7-a759-d3a78f8eee6a", "comment": "Malware payload (SMSAGENT)", "value": "a984433c1d570ccbcb90f8d494870965", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710991, "uuid": "301d5ff5-781c-470b-96ce-b06de20dcd0a", "comment": "Malware payload (SMSAGENT)", "value": "61e540676ae98fe6c6609261f4768563b8b86da182367d5a265e57e328104955", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710991, "uuid": "0e8e00fa-ebf6-4412-bfef-c30533097044", "comment": "Malware payload (SMSAGENT)", "value": "409735a77cd1f49fef5a8940b70f9c816e6e83db", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710991, "uuid": "540c3bb8-55ae-49fd-a5e2-3aac95ff7ecb", "comment": "Malware payload (SMSAGENT)", "value": "6a3e3a1e3bdafed2edbaed6aab2300c1f446d5dcf99aa9d927120fbf598719ba444aee7b5f4aedd8931f89fd6325521d", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710991, "uuid": "81de26a0-3fae-44f8-a822-b8d89c7d39da", "value": "T195179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710991, "uuid": "ed7f36c6-3232-40b5-b85f-24113992291d", "value": "49152:YuuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvz:cv+49UBEIIddXHNqjeceVnMI+lEaAg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701710991, "uuid": "4c5bd5bc-a93f-42a9-8024-d80c3f56dbe7", "value": 18570680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701710991, "uuid": "5b6b3e37-36ef-4586-a25e-8d24c46faa9e", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710991, "uuid": "be140de4-ca4f-471a-b604-e19598ba598e", "value": "Mango - \u043e\u0431\u0449\u0435\u043d\u0438\u044f \u043f\u043e \u0432\u0438\u0434\u0435\u043e\u0437\u0432\u043e\u043d\u043a\u0443 (3).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e6eef0b-92a9-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701696770, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696770, "uuid": "949b8c8f-2d06-45a4-8b13-a04c115e05ba", "comment": "Malware payload (Gafgyt)", "value": "dca12f8be71ed23d0ee23aab32fd265e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696770, "uuid": "feb9fbf3-f003-4862-91c5-3e5c4433b124", "comment": "Malware payload (Gafgyt)", "value": "62557a37952b668e3614b10426a84fd55c0875c69f566247a9577d35f8ac7a33", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696770, "uuid": "2249f147-8ed8-4277-8595-35aef3836269", "comment": "Malware payload (Gafgyt)", "value": "486cd69e8fba99510d6235281c4d4db1e566a54c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696770, "uuid": "36cf4b9b-87b6-47f3-9fcc-9b3fe98ab07f", "comment": "Malware payload (Gafgyt)", "value": "49aa7cc8d720ad746e7a731852c1416dc64f9ca45005675e4121c085bcd411c8be9fe7a1111f705174d75faa4526247d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696770, "uuid": "201b130e-4c2a-4489-a9d1-955470e5072a", "value": "T10DC307B1F343C3B3C4470772125FAEB61D3176FB275AAA0AF3282DB49A524D53902E59", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696770, "uuid": "2cd41fd1-9855-4b0c-aef3-b31f035f8419", "value": "1536:eGouO4T/MSKWUav2ieQerRx1gnjktMe8/Ar9DLSTbScvXdmL+VVP9/DKR+1O:Eu22xeiTe9x1oGMG7clmKVVP9rKR+1O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701696770, "uuid": "c64e563f-1dbe-419c-898f-d92b17ed9c0d", "value": 118582, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701696770, "uuid": "41f4ff87-8ffc-48b9-8fbf-0621cca4a443", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696770, "uuid": "ccc0e4a9-e26e-4cc2-98c2-43dd6ba2abe5", "value": "dca12f8be71ed23d0ee23aab32fd265e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4b51a3b6-9294-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701687611, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687611, "uuid": "22fb7497-43a8-483b-bf98-ab289dad5b2c", "comment": "Malware payload (Mirai)", "value": "84671ce958c2afe38c72d4e37be53f44", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687611, "uuid": "006ac124-efea-48f6-8ef1-cfeb4d0218e6", "comment": "Malware payload (Mirai)", "value": "6289ba30a11db5f6e5db0afa5369415327033068a69e0686df962d3e022cfd0c", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687611, "uuid": "0d08f98b-8d8f-48d2-9e3c-ddf01a22d03e", "comment": "Malware payload (Mirai)", "value": "f2a063765c675caf87d1363f45c58bd040c88086", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687611, "uuid": "d1fae714-adb0-4ca0-b9e6-1a57ba6b137d", "comment": "Malware payload (Mirai)", "value": "d6007556d44e0623a1555dd0e7514bfa47a0f5217074159fd4044a502404f93bbe64fb19ac33fa415302f9096c9ac45a", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687611, "uuid": "2d7c7ad0-9d60-41b4-807a-ecb6300387e5", "value": "T12EC2E0581466FF28D4644C33CAF08DC22E369AF567A132F03B8947D7DA6438AC9B474B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687611, "uuid": "24d762d3-760c-478d-baee-0ea50987ff06", "value": "768:KZqbD9poewFRgjRm6O7NxKnSXQnGpfas3Uoz1:Ks/9KgV+jDXQ6Xz1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701687611, "uuid": "00f6f3fd-b8a3-4162-8e44-27c11d0682a3", "value": 28176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701687611, "uuid": "36c6eb54-a2c1-415a-a9a7-4c93dbf58853", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687611, "uuid": "aeec14ea-97ed-4e7a-a64b-40f91cfbbe80", "value": "sora.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a8acb77-92aa-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701697166, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697166, "uuid": "060703ad-9e61-4a23-b87a-d59a6b06136c", "comment": "Malware payload (AgentTesla)", "value": "1177200ba703d00a87eb6114e68972c8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697166, "uuid": "70aea369-2300-41a2-93f7-2db0ba0a0725", "comment": "Malware payload (AgentTesla)", "value": "62af6b2f03773a1f7e3c92cfec408e2068adbd89d4e083ebe0ae90f8ed432c07", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697166, "uuid": "9307f283-b0b1-4b61-bd9c-1dae1ef8d39e", "comment": "Malware payload (AgentTesla)", "value": "98a40d14dc7d3962cc7aae7e98af7f8f8aa5ea2f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697166, "uuid": "72694ff3-dfff-4aa2-b324-77cc96ccbde2", "comment": "Malware payload (AgentTesla)", "value": "61bc0f13929642937443531cdd37db3f74bd5a5cf2e01f5d8bac2fe784066ab447a24e6215481bb7ef2ab59d86567c3e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697166, "uuid": "198d0186-b0a2-456c-a12c-1c1ecce00745", "value": "T1A50501A53796CC22E3C456B46312EB6ACD95DE9B0936C25B26EAFD1FB13DB20443D301", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697166, "uuid": "7f4c9f71-4020-4405-ac62-41db124bc8c1", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697166, "uuid": "0ce2b578-8f0f-47f2-af4a-75c15b7c1520", "value": "24576:1WNiEg7cFdwi2uzqVQRUGN6GlwjtAfXbgypW:6yYgQRUGwGyjtA/9pW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701697166, "uuid": "a0bba401-3018-471a-b1de-d4083d09dd26", "value": 869994, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701697166, "uuid": "aad86984-eecc-4218-96f1-401ca9af5b1d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697166, "uuid": "76e0ae9a-14ea-4f87-aaeb-ef1d87c2d5ee", "value": "r0089789Nuevoorden.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8759cb39-92e4-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701722071, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701722071, "uuid": "6a1a3e8a-0f4c-4629-a769-1012e8ed1dc3", "comment": "Malware payload (Formbook)", "value": "f1d8d4495381bfb74174825b02cf7134", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701722071, "uuid": "c2c6e2c6-b9eb-4dc4-89c0-deb38611a017", "comment": "Malware payload (Formbook)", "value": "62b04ac132c93b0b77450de95c73aa65790d34b542728780077956ac568ee85d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701722071, "uuid": "99206e53-809a-4a39-badc-145ac2a60381", "comment": "Malware payload (Formbook)", "value": "7471529969c0d4b150ed51097dc7e1616d515b6f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701722071, "uuid": "abf12974-2b19-4f36-be78-925d0957b73c", "comment": "Malware payload (Formbook)", "value": "23ec2642ac0c5706acb7bcd7d6f4d55dd9284a1dfd7310173f2a4ed33eb89966c31b89a64e51f85e9f1b12de943814f7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701722071, "uuid": "f23031c1-28ac-49d0-9d51-fea154ec4dfe", "value": "T1D405D01961F96F19E43B67F48294010007F77B95A237E34D6EC9A0CB6E35B020E5BB6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701722071, "uuid": "7eb99a88-26f7-4cbf-affd-aca19e3d8343", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701722071, "uuid": "514a9780-c6de-4794-a287-836c1de9f6aa", "value": "24576:lXk+pJwtGBryED3snkKiQA1hzWeExQYHsI:lDJGGVcxi919WJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701722071, "uuid": "8f61e825-fb90-430b-8dcd-0b33a1caece8", "value": 859648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701722071, "uuid": "5de640c4-bbe4-40b0-89ed-687141f21015", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701722071, "uuid": "bb2e17df-7d99-4525-be87-eda8a98eb02c", "value": "SecuriteInfo.com.Win32.Malware-gen.27426.24479", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a09c9463-92db-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701718248, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718248, "uuid": "f3d1cd73-aa73-440e-a252-5a312568e5ed", "comment": "Malware payload", "value": "96d2f4b9dbecc3ba94545d7213763cd8", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718248, "uuid": "0795dd55-dc0a-4199-9935-03c3daf4ad49", "comment": "Malware payload", "value": "638be8c0adb328a99cc6e15106fa31780209a1177abf24f0014e437c64b8a2fe", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718248, "uuid": "a1b70cb4-441f-47e0-b3c8-2d2e9652f71b", "comment": "Malware payload", "value": "1b17e80471fc7a66e37c172e14374637ee2c1ad0", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718248, "uuid": "0ac98ab1-3bdd-4a67-a79d-5c67a9f94372", "comment": "Malware payload", "value": "4d386104f3036c2f9891c922b460dff48214571459f4c9850f1d67be1a639d266419e4e672ba7694b42180f6e8eb0793", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718248, "uuid": "2f15adc7-e398-4ac0-a03a-2ee2e363820d", "value": "T1D176011AB71EFC0BE263DA3263728D4B772F85F51251E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718248, "uuid": "6dc74a15-d9d7-4a2e-9011-2488eab0570c", "value": "196608:vrzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLI1F3nswU/Q6FKNcnFr:zw0pdMGbwBAej2G7nswxgFr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701718248, "uuid": "c8aa3f5a-a3bd-4606-9d0c-293c4324c319", "value": 7332637, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701718248, "uuid": "7e694cba-196b-44c9-a4c3-76e28d32bd82", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718248, "uuid": "2ebf551b-1cef-4604-b9f5-9115eecc216e", "value": "Meta - \u0432\u0438\u0434\u0435\u043e \u0447\u0430\u0442 \u0434\u043b\u044f \u0432\u0437\u0440\u043e\u0441\u043b\u044b\u0445 (2).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8830510e-92d8-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701716919, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716919, "uuid": "1aa29e91-a81c-4c8f-8628-91906f41eb2b", "comment": "Malware payload (SMSAGENT)", "value": "b4c5fbd768604c06ddde442a63302ec2", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716919, "uuid": "72235d16-744c-477c-bfe9-dc6307ba23aa", "comment": "Malware payload (SMSAGENT)", "value": "63d720a0b88986297b6004e5acdd7577b5b5c9ddd76304688a31af6a40da6661", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716919, "uuid": "14dac831-a454-4669-a3fb-7952520bb1a1", "comment": "Malware payload (SMSAGENT)", "value": "540b94c7f6ac11a9440957a5a21de0ed4b428cf9", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716919, "uuid": "09009b00-15fa-4bce-ab6e-0139dbe54a34", "comment": "Malware payload (SMSAGENT)", "value": "20ad4113118c799debb01096baf0d3178dc8926dfcaea9cb310b63ae943104916f4400c699d3a059795fef1ccad5bc88", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716919, "uuid": "25f579d3-ad9a-42c9-82e0-564913e881d2", "value": "T1BA76011AB71EFC0BE263DA3263728D4B772F85F51251E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716919, "uuid": "055d9846-42d1-4f22-ad90-3bcef420c639", "value": "196608:jrzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLi1F3nswU/Q6FKNcnF2:Hw0pdMGbwBAej207nswxgF2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701716919, "uuid": "4606cc46-1cae-4b07-a841-ec7bcc2b320e", "value": 7328467, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701716919, "uuid": "dbf48132-d75e-4c86-945d-b7f1c28f2b7b", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716919, "uuid": "d5ddd0bd-0955-40ab-a079-75e60e92c667", "value": "AppTestOnline.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94cef462-9288-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701682580, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682580, "uuid": "b9eb24fd-df8e-458a-bbb9-290cd4aedf27", "comment": "Malware payload (AgentTesla)", "value": "1f5e3fcbdd05b2d7975bdba2c9397142", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682580, "uuid": "769fe510-0ea8-4b50-b94b-d3a3df563e71", "comment": "Malware payload (AgentTesla)", "value": "644a614093e652cd1f25a25e72479b6a50c3075cbf557a0549600bdbc521c3a3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682580, "uuid": "72b6eb39-e19d-4cbe-ab4c-c0d3e0050ff0", "comment": "Malware payload (AgentTesla)", "value": "b98fa7f58a059e2b136ac22b78b23da2fe0d78e3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682580, "uuid": "a65cc6dd-ee87-4801-afc4-0304a38c42de", "comment": "Malware payload (AgentTesla)", "value": "0f5b0b083ca61bbe91c7bfe8c3de878a0516933c09a315cf84d4b6471c7ca19acd40c61f5053bfb00ffc2633e250883f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682580, "uuid": "97e3bb6a-6083-432b-b9d9-fc682eb7f7b8", "value": "T1D2D3D8629D47FC6BC9A60A38D0E240B7A13B9F886953944DA4F93D031D32A8DDFF5C46", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682580, "uuid": "0e3ba9e3-c78c-4910-8089-b1fee9f57fa1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682580, "uuid": "a5838f35-798f-4a5f-ad2e-f0ceeaa1c5d8", "value": "1536:B5rFV5vpLIr56x6UkUPmxSQNrjxsM0F48t6A3htV:B5xtLheUuxSJF492V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682580, "uuid": "5ba83812-a721-41fd-800a-97cb75647b8b", "value": 133496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682580, "uuid": "f9070d55-8d79-4e8b-8c00-c4be2137fa2a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682580, "uuid": "f37c504d-e662-44f2-940a-4bbff43abe99", "value": "Doc-0750012xls.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9cf97712-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701682164, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682164, "uuid": "691eecab-a002-43c1-b1ca-99ee3d55a485", "comment": "Malware payload", "value": "ce55499012baa860dc4db82adf44cff0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682164, "uuid": "f4ded960-f478-4202-8ee1-68b72ec4eeba", "comment": "Malware payload", "value": "64b43d776557c66378ad0d99ac73cb3bad5bec9e83bf468cd3d5f15ec5d9db7a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682164, "uuid": "7adbb4e8-0f0a-4d43-9a96-76dbe8ed8e6d", "comment": "Malware payload", "value": "a42e66f5de7b47c4ee35fe5a11b6d308ce67cd47", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682164, "uuid": "f450ba38-beb8-4732-b675-466a017fb3a6", "comment": "Malware payload", "value": "acb87a9bcb3443505985bb823437e8f852af083a515f183ffa5d29d341812f35e24444fb92a4664468ecf663b02cf39c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682164, "uuid": "9445a3d4-67b3-4a1d-8689-aef3d1bb3f84", "value": "T1A9F4029306E82FEBD178943CD27065E94392FD325573EB8386D1B83864B2DD18B5F829", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682164, "uuid": "0e46fe18-bf4c-4237-ba74-58bd071885b1", "value": "199aaa145bc54dbb0d29927d816ce83d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682164, "uuid": "36a864f4-4b96-4e88-917c-c430a233f742", "value": "12288:+hUPK8en44xWSgVmZUXzZcnf4U7ID9h+zeJm1eSku/hk:++5epxWSekf4U7xlIuk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682164, "uuid": "7ee18984-37ae-40d8-94a5-099ef03995e9", "value": 791946, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682164, "uuid": "7d71e87f-a0a0-49c8-9096-ce09bcc824b3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682164, "uuid": "3c7eeca2-79f0-46de-8fa7-4be281c2f5dc", "value": "ce55499012baa860dc4db82adf44cff0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "727a5a6a-9247-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701654605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701654605, "uuid": "6ea5e97a-ea47-4df8-94d0-5ebd8eb18bc6", "comment": "Malware payload (Mirai)", "value": "03ed5d0b80e65cbbb1d69d995331f45c", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701654605, "uuid": "cb672974-c51c-456d-b977-59a3365e0680", "comment": "Malware payload (Mirai)", "value": "6505c5ea53f9b3fcb08ffa86eb989a9c3ebde1267361203f1546e73484f02ded", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701654605, "uuid": "cbdda7a8-98b4-4fe2-b44c-0a4b0300e3cd", "comment": "Malware payload (Mirai)", "value": "6c7a3619236357558d5e729287947c5b0c2c7b20", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701654605, "uuid": "7a086a7f-cc7d-41a8-b505-58b9f1adb7c4", "comment": "Malware payload (Mirai)", "value": "5479086549645d6fba392e8fe3b9faef6bc71cdfb28af426d9857ea3f93d185ec83bf4d7b91448cbc3e74b72e8dddd70", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701654605, "uuid": "a217e638-5e21-4345-be49-5663aed366da", "value": "T1C2D34C46FA418A53C0D5177ABADF428933239764D3DB33069918AFF43F46A9F0E67502", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701654605, "uuid": "77f0330d-a734-47d3-854e-e8d48da046c6", "value": "3072:p/dLOPeWpz/W/qnsGJTkoZPjjRu46oQOfDY3lM/9wWr:NdLO2WpzeSsGFkoZPjj84hDYVM/95r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701654605, "uuid": "9c786c89-45ed-4bb1-8310-29c65273df5c", "value": 137480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701654605, "uuid": "2c08bb47-e2c9-4917-a2c6-6e6d6664b04f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701654605, "uuid": "942ffb3a-051d-4e36-82de-2d01ad46c845", "value": "jklarm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65368079-92a4-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701694526, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701694526, "uuid": "a1a25014-718d-4999-8598-092b45ce7313", "comment": "Malware payload (AgentTesla)", "value": "62f54b62805be16b17024d6af2049a47", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701694526, "uuid": "4697a38a-cb66-47df-82b0-16b6ed9427ce", "comment": "Malware payload (AgentTesla)", "value": "65705f94bd0c215a6efbfbdf7401b9c8d4c4541f976e11ac0312d4502d89edea", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701694526, "uuid": "82ef0c16-018d-49d0-81f1-25d02101b484", "comment": "Malware payload (AgentTesla)", "value": "c351cc19ec9f6d3a8ca391e4e85b543db0f63843", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701694526, "uuid": "b889fa8f-1a5b-4bff-914d-418a8f5b9796", "comment": "Malware payload (AgentTesla)", "value": "44219fdb84b20c0b4076d68b17bb44c1113d3cffde19d91df6aaa66624c5366800d3839879d5535a99c7f49db6c1c3d5", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701694526, "uuid": "7a92be53-19af-4e94-aecb-d328683ad979", "value": "T123D423ACAF78A66DB257E8F651B2908D1B6DC09910EB82FBB478BC493C5C7527D100C7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701694526, "uuid": "bad564ac-2a47-4601-b5cb-adc880b9adc5", "value": "12288:KojWfpinC62/AKgQSId8pM3tZvKptLQbbQKgRbjp+PaJN5XMoUcQVb:njAinCfxfSIOOPv+LGQKgRbjlJQxcQN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701694526, "uuid": "35941a95-3f26-4b8f-bb11-dca2754affe3", "value": 603742, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701694526, "uuid": "944087f3-4b94-408f-969e-90ee42c47b65", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701694526, "uuid": "c3c1aa41-1160-4188-b663-e8f9872a4824", "value": "PURCHASE ORDER 300136710.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a0a36efc-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701680882, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680882, "uuid": "56c75d1b-afc4-4f6f-8434-6c038d3bd971", "comment": "Malware payload (Formbook)", "value": "36a8be67cf422814b41beafdb26cc124", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680882, "uuid": "fb1d0e40-d712-42b6-9cee-71e0a074745d", "comment": "Malware payload (Formbook)", "value": "66af663670d7633a7f060c1d6d49d27d9e3d708b955e3c3a77be760f3c6e9099", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680882, "uuid": "40ec376d-a6ee-4007-9538-3db7e516d2e9", "comment": "Malware payload (Formbook)", "value": "0baeefb49a0a18bd8b6a92ce1ec75df34f863279", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680882, "uuid": "0a8acc3f-c1cf-40cb-a982-8eb2fc2ef384", "comment": "Malware payload (Formbook)", "value": "3766d995994c72323e016db176692b3694bdde4f7a39f8d4dfc1c443ed6d9e12ca34540252bffb2cb7626273095c7c7e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680882, "uuid": "6b2b9684-cbad-4563-9648-d30cc74432d8", "value": "T146D4238E77FDE305DABD43F598D019A597F5BA09A428FB2E1C5005DA01B6FCA3602707", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680882, "uuid": "f99ead2e-88a9-490c-89df-d5d75b2920e2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680882, "uuid": "698bc22e-bb89-44b2-9251-2b76e59fc8ee", "value": "12288:G45+po2J6ruG3XzIQKcpvc+WAF//nn9JmoZ6UwrEof:F+pJPGn0QKqE+91nn9EolwYk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680882, "uuid": "41493851-9ec8-4ed1-a6f9-380b57660df6", "value": 652288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680882, "uuid": "ee44dcac-0947-44da-b4c1-ea650f34aefe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680882, "uuid": "0ab5223b-6697-4466-8a98-d23a6d36c755", "value": "Dev-Quotation Request Q7688T.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b85ea8e4-92e0-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701720435, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720435, "uuid": "2f2f97a7-ac47-4f9d-a1d8-2ae4adaca17a", "comment": "Malware payload", "value": "9a6560af7cb1abb7d19a2fce3d77a416", "object_relation": "md5", "Tag": [ { "name": "cloudeye", "colour": "#D797DD", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720435, "uuid": "37fa87d2-be29-4060-b05d-561d80071bfb", "comment": "Malware payload", "value": "66c6291d669394ccc4c664a7030a0de7a1df28d43fb284ca19ce5630794069ff", "object_relation": "sha256", "Tag": [ { "name": "cloudeye", "colour": "#D797DD", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720435, "uuid": "f5fe5e2f-ae5e-4d48-af4c-ca174db7d8ec", "comment": "Malware payload", "value": "5bb5f51a722a70d0e7b44150576d6a7e4231692f", "object_relation": "sha1", "Tag": [ { "name": "cloudeye", "colour": "#D797DD", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720435, "uuid": "47f6872c-ca8b-4248-adbe-9745b2ecfff3", "comment": "Malware payload", "value": "6b668863c01ef5d7859b58e1d6537156f1f2645e162707ef401a4f88bce29b6c0dadc6d01d22a185c511457fb5a5617a", "object_relation": "sha3-384", "Tag": [ { "name": "cloudeye", "colour": "#D797DD", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720435, "uuid": "aae6d27c-3e61-410b-be13-6ab921d7cdc1", "value": "T15B62D08C9E57BB9F8E611473AF001F2D847A761DC212768BD72D20650BF37D9AC2E494", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720435, "uuid": "d560a5a9-2269-41d6-8ca4-646ea0674a52", "value": "384:bSa6/4QqUZgQw2qgQBU8ZnHJX3yfXWeqfslvaWx+NDJI:bSa6/4R47w2qXDtpX3cXWeOsJ78a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701720435, "uuid": "b1d8e0fd-bbfd-4697-a3f7-468492e11b6c", "value": 15827, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701720435, "uuid": "1d6b664d-9e41-4b24-8e52-fe2421a5ff83", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720435, "uuid": "6b50d922-21a1-45a5-941d-8855068d73fa", "value": "RFQ_PO_december_order_sheet_design_and_ specification_04_12_2023.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "194e485b-9277-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701675071, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701675071, "uuid": "ebe74eaf-9048-4bfb-ad9d-c1b5010c3af6", "comment": "Malware payload (Formbook)", "value": "2e87d7ccf6340d8e4c1f62973df7bf21", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701675071, "uuid": "bc7bd687-d83c-4f4a-a3e1-0611779ff5a0", "comment": "Malware payload (Formbook)", "value": "66d3e11e6a9da95ff3935ce79a9138f8d71bdbcccdf282aae65b1d2db1056e93", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701675071, "uuid": "b0f8e0e0-c3a9-4aa1-bb38-3d0db3ca009f", "comment": "Malware payload (Formbook)", "value": "0c3824031b6ff2c2bda9b44475450eb42105a96b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701675071, "uuid": "7d0c4a46-d6d3-49c9-8aca-7d17df1b599e", "comment": "Malware payload (Formbook)", "value": "5aa6d000a4c7ee2dbfbd304f1c8f0fce676fe758e8e08eed13ca8e56bcec77e8505aa611d692ee937ab6e2bc442e8aa0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701675071, "uuid": "0dd0a7b2-43c3-4ddc-b5d2-b1019549bab5", "value": "T1A9147B1071D1C0B1E577027609F8DB226A3EFD324F665ACF77885A9E0A741C1A739BA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701675071, "uuid": "34ade82a-0d25-47ba-9226-7f8ff1e6b408", "value": "8194584b00600c2df9eb6e7b7b17d1e1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701675071, "uuid": "a6684222-a1c9-43ce-bb2b-b01cebf84bd1", "value": "3072:RR2B4VWyPAIWXzZ1+3TkMjEP4xaPB3gW:KBgfBWV1i23g", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701675071, "uuid": "a636cb68-8e02-446a-ad4d-5027252f9ed8", "value": 195072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701675071, "uuid": "88d625ed-50b2-48de-95b0-0d88870ac0bd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701675071, "uuid": "fd377db9-21db-4ea3-955e-7952b8424d97", "value": "SecuriteInfo.com.Win32.InjectorX-gen.22519.1271", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2c883d2-92e7-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701723432, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723432, "uuid": "97f558f3-9c7e-4747-ae4b-7448d55ecef5", "comment": "Malware payload", "value": "ad15345d1d6bae42007651078d8f2c7c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723432, "uuid": "1feb1639-a8d0-4fcf-8d77-bdc026238aad", "comment": "Malware payload", "value": "66da427e965b0876445bfb5834102e506fab680793c88ede0aed0ce385452ffc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723432, "uuid": "a06bb77f-0146-4dde-b600-3c06fbf9b9f3", "comment": "Malware payload", "value": "571f220c612a6aed80c7d949cb18f625175fd442", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723432, "uuid": "7121ad54-c152-4b55-a3c5-9023fbc991f8", "comment": "Malware payload", "value": "6f8dfddb2559f9ed1e9acbbd20ece52e01efe14ef49816d513dfed3815ebbc65c36b006e711ce324c063eea73d06d00d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723432, "uuid": "47993789-60fe-44c1-bda1-0f2f56d8a148", "value": "T14AF52310F3C948B2D42329795A65E714663EBF200E3D889FA770791E9D717C06932FAB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723432, "uuid": "dbbd7cc7-285f-462b-96fb-0f95f77d2e4d", "value": "aac51396886833dc961fcd7aab7711e4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723432, "uuid": "615a0581-109e-4b27-a8a4-d238ae67c238", "value": "98304:jwMMMMMMMC4LsBoB/M4yLAC/sCE3Vkd9ufD+B0Y+IrzaCe:rM5UC/sd9fyuY+Ie", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701723432, "uuid": "30519bb0-20cc-48f7-8ade-3707cd8c67e9", "value": 3399638, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701723432, "uuid": "002560d3-27a3-45b1-a79d-287f294e6040", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723432, "uuid": "197a9f67-5bb5-4be2-a6ce-a6099bc299cb", "value": "agreeprovide.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b940e3a-9286-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701681706, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681706, "uuid": "f8acac76-e93f-4b8d-9a67-7fcceda71dfd", "comment": "Malware payload", "value": "496ed2d86b18080e96f49642bb141eda", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681706, "uuid": "efde8c23-34cc-4d0e-a022-91c39f6902c9", "comment": "Malware payload", "value": "68d1ce020685ee5d043591f1820a386a741b2c1704c38448bbaad3edfa731821", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681706, "uuid": "a5916e5a-77c3-4425-b080-bc5e0e148afd", "comment": "Malware payload", "value": "64be7fcbcd174e010f59e3ac37b5eb30f9340034", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681706, "uuid": "a750a171-2341-472b-b9ba-7e6b41207255", "comment": "Malware payload", "value": "47542946a19d6a9be2f7399c281993de52075bc3060fe70725f21f87386a7c772a7422b0eb373cb4446b629d042da43f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681706, "uuid": "c441c7b6-dcac-4c05-bec8-d9aad5a52204", "value": "T189B5C01238B1E02AC13295B19AA8C67965BE7FA00F3255CBA3D4BF193D345E19B35F31", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681706, "uuid": "bf407dbf-8880-42d4-9970-6547dede5410", "value": "2fab9d42cd156c0a70c97589d352552b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681706, "uuid": "27c7339a-558d-4d64-a9e8-0303059a1f99", "value": "12288:4Glo/L9QuHJrwxXZsuqU18apTQL00R1fk9iTcI1BhwM34ZuQUEhUOhn2m1:RSQ+UXZxqU1PpsY0HCah1BsuQ7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681706, "uuid": "00bd5c5f-9a8e-4357-a602-6ddcd0178f8a", "value": 2425856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681706, "uuid": "d1670eb0-a974-48de-80fd-2cb9e1f3991a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681706, "uuid": "84da8070-3bab-4102-8b71-22bb569bf2d4", "value": "496ed2d86b18080e96f49642bb141eda.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "128c5561-9273-11ee-b7ea-42010a9c0006", "comment": "Malware payload (LummaStealer)", "timestamp": 1701673342, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701673342, "uuid": "6f700d48-75ca-4479-803d-5302b3a33546", "comment": "Malware payload (LummaStealer)", "value": "ff58dfbb7be87048a9239e780fd19fc5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701673342, "uuid": "150ee3e4-f224-4da9-bda0-855e6243c9ff", "comment": "Malware payload (LummaStealer)", "value": "68ed5efeeb06a3b18cfbea480207eabeef0cea3bf09cf2d5fb2f343c38d2ec61", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701673342, "uuid": "ebeb569b-3a65-4c5f-9303-1e423adc581f", "comment": "Malware payload (LummaStealer)", "value": "1e49deeb31605f4089d0d8c847873110a3450176", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701673342, "uuid": "f3c630f4-1d2b-427a-9c61-463c3d0a8d52", "comment": "Malware payload (LummaStealer)", "value": "af5d6813023e6d4a2efef6cfe7a111833d094f88c01a4100613f949e93eb0a51cb7df3e3b29514abebe81ca03b8e9f0e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701673342, "uuid": "c6432414-34d2-4d04-8183-fa12f220d1cf", "value": "T10154090392E17C56E9268B73EE2FC2FC721DF5518E493B692918AF1F10B1172D1A3B16", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701673342, "uuid": "300f44ab-26fa-4408-a7b9-ec659fbb0c08", "value": "cc05f69219d47cdf9f9cc87a15cbc402", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701673342, "uuid": "b89a8fb0-6763-4959-bc3e-db8b2b60beb3", "value": "3072:gwc0UdZJQVURyk1taNSzBu7bKdMNprq1v65qi1bhemOibTUyGTxs:1I+KRT0aYuUeRpiPVOibTUyGT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701673342, "uuid": "aa7a5e43-2fd5-49aa-9df9-2b8f068d18d4", "value": 294912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701673342, "uuid": "8bfafe41-10ad-41d6-82ce-3571aa1522b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701673342, "uuid": "5b623341-e748-4ccc-94ae-1a247f8cc5ea", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d3d66f1-92b9-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701703532, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701703532, "uuid": "34de11f5-a9fc-4dbc-ac22-7cdac6bb802b", "comment": "Malware payload", "value": "a65204d92c4c333ecb96a923b38320ce", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701703532, "uuid": "258aa05e-21ba-4623-9256-61fad7bd69e6", "comment": "Malware payload", "value": "69033337d0288398e58ab76e0712699398c8fa776e4315813f751bd5c7fd9f5f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701703532, "uuid": "9aa39890-b9b1-4fac-b01f-0ad7d87a3f1f", "comment": "Malware payload", "value": "78046439be10f20bc3bb59c442107e06ae02cf25", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701703532, "uuid": "7ae9d325-7e64-45f3-a4e6-466925e368e2", "comment": "Malware payload", "value": "6f55849e2f7d0c466e77eb056df785a1d10f37eacc194f01fa5569b2d44ae07dc2cb7a8f398e339be562591f03a6d971", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701703532, "uuid": "5aac99c4-7aa6-4746-a110-7f8a19f00d8a", "value": "T1FE835B53B8D188B1E9731D3118B4DAA19A2FF9118E608E6B339447BE4F306C1DD25F6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701703532, "uuid": "37f68221-2af5-4dfe-bfd9-9ef7b56b8cf0", "value": "9c2487d128efff6de25469d402c83e85", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701703532, "uuid": "e2e3efbf-b8c7-4028-99f6-a3aa17f7e929", "value": "1536:oJ8IFVvdaa8u++T87GzeYvQsDKcsfKR5PpW78NX2d0sWPPcdeHjmRWoMB2zQl4Cl:1IFVvdD8u++4PsDKcsfKR5nNmdHeHcW9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701703532, "uuid": "0b7f1742-0d0e-4a22-9047-1f173de50ec8", "value": 81920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701703532, "uuid": "de64f263-8229-4bc1-83da-cf06632f9e35", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701703532, "uuid": "2e282158-da6c-4354-8cb5-601e00fc6a1b", "value": "SecuriteInfo.com.Trojan.Loader.1894.16204.11509", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "611a2be6-92d8-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701716853, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716853, "uuid": "181d7572-e244-4f71-9da2-3b7cab4298f9", "comment": "Malware payload (SMSAGENT)", "value": "43f7703e60a1f2dd6fd380b238709b29", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716853, "uuid": "58a1aceb-482f-41e1-a770-c60161518910", "comment": "Malware payload (SMSAGENT)", "value": "69faf878eb48170726323965cb99ba29f84ded3a27df4f9dcdec907450b21db5", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716853, "uuid": "64ab476c-1bf3-43d4-89e5-70f0ec753fff", "comment": "Malware payload (SMSAGENT)", "value": "e8fce7df287c5d85c17574e5dfe1d62428ac28fd", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716853, "uuid": "049f3ed9-7bbd-4f1f-9a33-a2d2afc91af2", "comment": "Malware payload (SMSAGENT)", "value": "dc30b3caecfe6c0df0c04934e61eb7a1cf36161e20b676a76f8bb2fb57d35f7e07c445a7e29450eff6cfc04ac25a1c01", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716853, "uuid": "06a17504-390c-4899-a711-9bf8d4eac000", "value": "T15776011AB71EFC4BE223DA3263728D4B772F85F51251E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716853, "uuid": "3119c41b-a3c6-4b17-a2b9-bb980613fbd3", "value": "196608:qrzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLa1F3nswU/Q6FKNcnFLW:gw0pdMGbwBAej287nswxgFLW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701716853, "uuid": "3e1e31f9-274b-4411-959c-6404005aeeb6", "value": 7327519, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701716853, "uuid": "c0b34f37-bdcb-47e8-b1a2-509513e1e75c", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716853, "uuid": "43b7ba53-4d9d-4f36-95fc-8099aac12d3b", "value": "Naked - \u0412\u0438\u0434\u0435\u043e\u0447\u0430\u0442 [18+] (4).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "afb76288-9286-11ee-b7ea-42010a9c0006", "comment": "Malware payload (DBatLoader)", "timestamp": 1701681766, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681766, "uuid": "3e3bf78a-e4c7-4292-aa8a-5b334309d26b", "comment": "Malware payload (DBatLoader)", "value": "43b93a48ace02274a7434433201683e2", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681766, "uuid": "03ac2309-e173-4c00-bab7-5d9bfff8ad0a", "comment": "Malware payload (DBatLoader)", "value": "6a43bfc4748749a2c40581a802d7be1a8989ef839dbac92467d07e08f1f50796", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681766, "uuid": "e9d8be68-bdb9-4939-a589-abf05d3a76fd", "comment": "Malware payload (DBatLoader)", "value": "31db9a69a05c2a5396d0c02e37b5b29ba696a6cd", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681766, "uuid": "66cf9d71-2902-4edd-a45d-62c7c3be97e9", "comment": "Malware payload (DBatLoader)", "value": "6acd1d87ebcf552c0c59421df8d9ca7f851bb9301ebd28cacf5bbc48309fa4e3cd7f3a0664c3004748ee668cab464ddb", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681766, "uuid": "1573f46b-ca08-47a9-ac27-0bab73937463", "value": "T1F835AFD11EE0D17DE03E2A7A888BE299082A7F301E6C154E35E6E5CC4E3D9D3781F196", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681766, "uuid": "0dbd3a80-76cb-450e-8922-edcc0447596d", "value": "10ea1b1ff7d4c4809d2c0a9a6ae44619", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681766, "uuid": "28cf5a18-3b7f-4e47-8b9d-e49643d6f229", "value": "12288:RtVsGMuG7PS2wDtCU6NdObmCXRJqKqMQZLGdVNXbUWsK9h9wAPft4:R0hOSNENhJqKOGvdUWVJt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681766, "uuid": "fd78d666-5a59-4a83-bd9c-a3f37efe439e", "value": 1121280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681766, "uuid": "d5afa8c5-4d4a-46c6-a4c3-c551b713a56a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681766, "uuid": "d8fe0277-5426-453a-9511-87dc267fbb5b", "value": "Ekli fatura.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c3856924-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (GuLoader)", "timestamp": 1701680940, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680940, "uuid": "9cd83fe0-b487-4e5d-9fb6-a1ce231a2173", "comment": "Malware payload (GuLoader)", "value": "95f1677bda0ecc9c08e5fa8df14c0e13", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680940, "uuid": "7747da84-bfc8-4daf-ba4f-a9419e7c167c", "comment": "Malware payload (GuLoader)", "value": "6a785fc98d9962b475ba45b90865158bf15bdbbdc9caea83ea3afc3a84fed246", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680940, "uuid": "fe63a01a-9607-4338-8c6d-0e5bb9aadf95", "comment": "Malware payload (GuLoader)", "value": "8e40dd502651cee37fd7ee1eca5d34a3183a54c8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680940, "uuid": "b0865e81-ce9a-409d-ac74-3086fdba51c1", "comment": "Malware payload (GuLoader)", "value": "bc85dc82edb59d45d380cac436c5485d1de05663c71fc9a9641285058ad50d65daccec9db457209d03bcec006a550c53", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680940, "uuid": "58999a7c-d389-4329-8a4e-6a77683ec4f6", "value": "T18A2512D3F30C9596D4260B31186FCE191636ACA9AD618A0F21DA7F262FF73435C1F94A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680940, "uuid": "70fd0480-1db2-4361-8141-9906292806b0", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680940, "uuid": "d9d808e0-4b6c-4de2-88ec-aac106e1193d", "value": "12288:vp8FfEp4L+L/3FSr6RPO98wvpB6XFb6pwYETuWOmlHgKRKNIJX3hftGgNlsjQ:vpp4yckPyhBGx6ajNlHgKUKV3hIgnYQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680940, "uuid": "2be10868-961b-4186-9794-bbe2d3b4f936", "value": 1026456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680940, "uuid": "03679565-b3b9-4544-bc9b-8e595765d59f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680940, "uuid": "87ce11fc-e93e-41f1-8874-58148eb2bad2", "value": "Sales Contract DC-HHP-046.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9cbcd17a-92ba-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701704068, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701704068, "uuid": "9622aa81-44ee-4421-9b4d-db0b1736504e", "comment": "Malware payload (AgentTesla)", "value": "34c7e1e3caf47e08457ae4e9292c2ade", "object_relation": "md5", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701704068, "uuid": "6948b0fb-198a-4098-9553-2bf9c28bfe4a", "comment": "Malware payload (AgentTesla)", "value": "6ae71f880319d4bb6ae8841f662ea408f5aa9100a4462712304ee4b24eac7075", "object_relation": "sha256", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701704068, "uuid": "e8be76b2-a175-449b-b53e-746f38eac833", "comment": "Malware payload (AgentTesla)", "value": "1bc11cbba554077bb9e3639da55046516e703955", "object_relation": "sha1", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701704068, "uuid": "d7846d5c-2541-4348-8bfb-80fd66ae624a", "comment": "Malware payload (AgentTesla)", "value": "cc87cc6e9eea2d1c8726c0029e096f76554edc176b753ae04d95eecf8957895c086f4d2fd631df07f9382b96c2ba5cec", "object_relation": "sha3-384", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701704068, "uuid": "336f0fc8-e8ac-4f16-8723-a3d95548761d", "value": "T180F43373A721839D038CBCB758A39F7EB4E95246E0D64683BCE7CCC09E2504656691FB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701704068, "uuid": "91b48fdd-9187-49d3-995c-dff126dbdf5d", "value": "12288:n+1uHu/tuovlMvJbPnwrXDJkN7V4pZt1kK3RHfkxsCsCHEecE3n3I3jyzKr:n+6Suova9PnwrXuzKfyK3tMxsIkBqn49", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701704068, "uuid": "eebefc86-c919-4bad-a3d4-6dca1ce19a93", "value": 742709, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701704068, "uuid": "2e736d5e-c4e5-4f18-a37b-06b1f167a054", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701704068, "uuid": "f7e19ee6-984f-4b32-9bc9-abe046e3fd45", "value": "STATEMENT OF ACCOUNT.pdf____________________________________________________________________________________________________________.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c09166b7-926e-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701671486, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671486, "uuid": "b3ecb366-6696-4a5f-a317-e5c4f9620112", "comment": "Malware payload (Mirai)", "value": "61881de5aa02be6a776e55b7163caf01", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671486, "uuid": "13e90fb8-9eae-41c5-abe4-b7607e0b7684", "comment": "Malware payload (Mirai)", "value": "6b056166d14d675e33a24d2034ad61c3e69537fca496b53ea3d4055c14eb4d33", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671486, "uuid": "e1359067-fec5-429b-9756-e82e01bb8209", "comment": "Malware payload (Mirai)", "value": "1cd505342b7e5866151d5a96a0aad0c0910a0854", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671486, "uuid": "0698cc86-c629-47dc-910f-4aef5fcdeca6", "comment": "Malware payload (Mirai)", "value": "3d4554c5d4d5338f6474899cf1a00f3bfcdefe2253381162401186c1f799dec7c5615cd9739cf304d128bba3db12aabb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671486, "uuid": "3579f22a-8302-49bd-995d-d9da23bcc29a", "value": "T198632A55F8814B22C5D5127AF92E128E332317F8E3DEB2129E206F2077C696B0E77D55", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671486, "uuid": "5ca73936-daf9-4942-bd17-11d1e9624a8d", "value": "1536:7Un9qKlcoOWsbhlBGKEDjaaJHFnoMoiBDTMy5gYIa:gqfUKEDjaaXDTMyKRa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701671486, "uuid": "d713254c-d340-4390-a060-464c38df3fb7", "value": 71064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701671486, "uuid": "85e8bb99-c3d1-45c1-9dd5-2a57fd46dad7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671486, "uuid": "9591dc7a-0c31-4d13-8b67-e9d1939836c8", "value": "61881de5aa02be6a776e55b7163caf01", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2002c43-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701680911, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680911, "uuid": "8fd2a0b9-8b17-400e-b5be-5c1da7503a24", "comment": "Malware payload", "value": "40c9bc5f3123385d746b83848f137988", "object_relation": "md5", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680911, "uuid": "6072276b-d175-4c77-9dfa-653fee5d9c7f", "comment": "Malware payload", "value": "6b7a7e194c9ca5bfd2d920e57382deb4bdd95ec97808bd165f0594294ebe0004", "object_relation": "sha256", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680911, "uuid": "7d21ba2b-0bd8-424e-8abe-c0ebc2d7a179", "comment": "Malware payload", "value": "50e42eaa9e70b7235b683ac2b95d7c1385854948", "object_relation": "sha1", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680911, "uuid": "292cff6a-b38f-482e-9068-222cf218cbe2", "comment": "Malware payload", "value": "baf6e7169f7b56a62040a2c25597a09d276650af55a7d089f37a3516fc5e2d358ece393c6e450fb78729534b6cfb5b2d", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680911, "uuid": "3b9e0181-7082-4e94-9872-d9e6cee4b55c", "value": "T1AF55F0039805CB93D54D87F9BE4349E81F0A6F18E99539EF106A7FCB3B35A620D9A10D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680911, "uuid": "c6e13661-6c84-4984-8e6a-533c99695791", "value": "24576:Xw6saw6/jZycCfg8WXVw6/sZynCfg8Wx48Agw5ijD6JHC/I+r1wcuX:A6sd6/l1/26/eK/R4rgLHIHC/hr1D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680911, "uuid": "ee035e27-78f7-40c6-b77c-a9711d81789d", "value": 1401344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680911, "uuid": "527cef4e-69c1-4c4a-b89b-52793a15be85", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680911, "uuid": "06ace368-0a62-4309-ada9-8cfcf98adbfc", "value": "shipping document.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a5d0f26-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701682106, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682106, "uuid": "0b31fdd2-ea04-4175-ae53-184e8fa8e449", "comment": "Malware payload (AgentTesla)", "value": "16d32b1c2af6959abcbb611b47f94a99", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682106, "uuid": "cf551d5b-09f2-40d4-92da-77ab2a032f00", "comment": "Malware payload (AgentTesla)", "value": "6bf7843d672f60dc32a986a9db555c78e31b38f4b70d4e0af687e9e0a69fa8f8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682106, "uuid": "150c0152-9cce-42ad-9af5-00a3fd8fb90d", "comment": "Malware payload (AgentTesla)", "value": "e51e0e62a76bf28c1b4edcbcbb634201a50a196a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682106, "uuid": "bc26278f-d5b2-4a98-8be4-96e225e4d433", "comment": "Malware payload (AgentTesla)", "value": "09d5b9a63cf8421feb08fbb06157876c3c06fee2b62f6f3d1423f27155525a6baa06ce75566fbdf46d552a6477a47fb5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682106, "uuid": "3e9ff3cc-0746-4f70-bc1d-440b0dd5f6b2", "value": "T1FBE4239C6208C266C9FA03F81DA2E18C23B5E8261562E72D3DFE55ED2436370976375F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682106, "uuid": "5bc17cd7-e9bd-492d-bcd3-1f024f9735f1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682106, "uuid": "6b9e5d55-a466-4847-8523-822680aa6ab6", "value": "12288:f2iNtIgjcWjQ9b5Ioa5TBJEZ89Px3IHHMj1JIBQb2uy4qGtpD0egZw9aO:f1mCSaV4Z89ZWMj1J2RuyLA8O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682106, "uuid": "ba8edd91-14fe-4e6a-8bd1-67d00897ed56", "value": 700928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682106, "uuid": "8a274d79-4cbb-426b-8a8a-19b2d9521f20", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682106, "uuid": "37cffbd7-35b8-4fe7-971a-90b9ea5cb632", "value": "16d32b1c2af6959abcbb611b47f94a99.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c37efe7-9282-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701679881, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679881, "uuid": "0f90b127-2584-4b6b-afb5-8f45073174ce", "comment": "Malware payload (AgentTesla)", "value": "9abefcb71f2f6808adc286ac83f5ef2e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679881, "uuid": "a77f55e9-b10c-41c6-84f1-d4c855fed5d0", "comment": "Malware payload (AgentTesla)", "value": "6d7ca76f65a253a1587d1f5a94d7ff27d0babf11b830fd778efb96ebd8196442", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679881, "uuid": "b4fd9a9b-c9c9-4ebd-898c-4c40afd82645", "comment": "Malware payload (AgentTesla)", "value": "8f83d05ef4d201ee7b6dbc50eff66018a816ff73", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679881, "uuid": "23965728-087e-4e39-a8da-30749c1ec4fa", "comment": "Malware payload (AgentTesla)", "value": "60facfb65a39ce98229da6546972245127af02e5da1ad2b0a2f41e8465698e98170814e0f9d2bbaaaf105c1f23ecd1f9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679881, "uuid": "bd71f49c-6a9e-404f-be3d-173d8fd78463", "value": "T18284E11BBAC240A1C2148F3BD3FF6F555B55DEA2F297D30B2C1902E9249B3E5BE44186", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679881, "uuid": "d8c1bc5a-30b2-474d-b722-358964d72158", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679881, "uuid": "9df5d5e3-57bc-4b0e-91cc-722b1b9d3954", "value": "6144:EwTD974CbCFRov/04ak4+HG8GBZzUMTkI5yi8WY4Nf31h/m9vMBjg7DR5d:EM2G0av/GBZAM4Ad8WY4fhcBR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701679881, "uuid": "4b0ef06c-b0e0-4b28-b626-c6ba48bbdaaa", "value": 392192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701679881, "uuid": "70e65677-ec6d-46ad-98dc-1d14612f855c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679881, "uuid": "ee96c66f-218f-4f41-94dc-1c646a3891ef", "value": "ORDER FUZETEC PO2311-000031.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e17256b1-92cb-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701711485, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711485, "uuid": "1ea5c08d-91bd-45cf-a5fd-51fe465c9912", "comment": "Malware payload (Formbook)", "value": "40c952432e95d6caf792f9d928abe8d1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711485, "uuid": "a3cf157a-0eb4-4004-8343-391a725c2225", "comment": "Malware payload (Formbook)", "value": "6d8afb68b928295f05583e78494d1153de14ca750751ed7c434ac6864c7e344e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711485, "uuid": "7e34ec2f-4809-4acc-8dca-6807ca69d747", "comment": "Malware payload (Formbook)", "value": "d632e24b09be1aab53f740a1bc30913cea5fc46e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711485, "uuid": "8b954ba1-bc41-4098-942a-f708df83fcf0", "comment": "Malware payload (Formbook)", "value": "6476c3af242c82d017d77efd2d76e67283dcc04ffe1759849a31ceb90f8e08ab961bd730461ba04dff124a1c59c01ab0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711485, "uuid": "d4d581f6-6ff6-4d5a-99e8-5d0c71ca53b1", "value": "T19674234562E2CE73D147273008B7B32DB2F5CE5585C16F8B87301FB56BA468AD28A369", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711485, "uuid": "9e275168-8f84-483b-856b-3398db935e7a", "value": "b76363e9cb88bf9390860da8e50999d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711485, "uuid": "7330cac8-a0d7-46cc-b209-ddceefa9b6f3", "value": "6144:P8LxB0H29jZy+rHNHq2snxhrp+GKd7q9NEfaxSNH9KtRGyIKiJVSp8Encvk:xHcZvsQ375fac19sZIRQSEcvk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711485, "uuid": "d08342ae-3133-4632-b7fc-b034a9ec02bf", "value": 349767, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711485, "uuid": "70a6b6c6-4ba4-4ca0-b3ee-13903d89aa53", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711485, "uuid": "f7c28049-2b1e-444d-843e-db7db65c15a0", "value": "Pre-Q FOR MECHANICAL WORKS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99598176-926e-11ee-b7ea-42010a9c0006", "comment": "Malware payload (CoinMiner)", "timestamp": 1701671421, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671421, "uuid": "1019fe1f-fd7f-4aa2-868a-31150f2c9929", "comment": "Malware payload (CoinMiner)", "value": "67d9a3f37036e81d32c25da7c600b971", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671421, "uuid": "d77bbdb0-36e3-45b7-ab82-70b420baf0e1", "comment": "Malware payload (CoinMiner)", "value": "6dac127622f4cf4905f18b87233b857f33ac49160edc0fbbbf7f773a3ca5024e", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671421, "uuid": "58bd388c-51b5-428f-8dda-e73a78f9061a", "comment": "Malware payload (CoinMiner)", "value": "dec639c3d8e3ca2962eccb52ee80ff800ca62435", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671421, "uuid": "f7223941-e0c2-4870-a2bf-5ab9a833aeb2", "comment": "Malware payload (CoinMiner)", "value": "d537be0795a20f34f61493b8ba843f19d6adece16dadd0054593a1393c501838042c54f5711e945b18ab0aabe7afb6d1", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671421, "uuid": "62039f72-b592-405b-b13a-20f90b63e54a", "value": "T146D69F126380643AD4673AF54C2B9B94683A7E206E25594B3BBC394D0F75B43FC2939F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671421, "uuid": "c14b165d-b36b-4425-9732-9a2fbde84acb", "value": "dac2f70be65f78b72b69b664e93f9861", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671421, "uuid": "8edebbed-5d26-411b-8896-750f16c6ffc6", "value": "196608:R2CP9KaUu3FDsCyHU8dgZ8STXOXy2cRAqe6:R2CPgaUu3FDAHvdgjThZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701671421, "uuid": "115cd306-b744-475f-9c2d-76d2bcbc679b", "value": 12765664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701671421, "uuid": "682e174c-f201-4bdb-b6d6-efdcb2ece9f7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671421, "uuid": "029b2962-c126-4d14-86bf-1de3fe581b3b", "value": "67D9A3F37036E81D32C25DA7C600B971.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed9ff9b3-926e-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701671562, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671562, "uuid": "595aeba1-0d33-4d81-b946-f6dc0eafa4a4", "comment": "Malware payload (Formbook)", "value": "1d53cc6f9a980bd702fbde5d8d39eeb9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671562, "uuid": "9f557806-73fb-4447-930d-ac6b2d0865d0", "comment": "Malware payload (Formbook)", "value": "6de3ca2658af9f752d06492509b21dbe3862fc018270f56d5a2894cb6e5a1e7a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671562, "uuid": "a4db287d-503e-46d1-9855-5f904d01fd13", "comment": "Malware payload (Formbook)", "value": "028c526c37fae3dde89a1927c05229e4f9cd6abc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671562, "uuid": "573a95d2-5d40-487e-be2b-f858ec8c4c1d", "comment": "Malware payload (Formbook)", "value": "c7038a4ab1349f90215195e4b7eb749ae8f57c5bbdf150e2c584a1cdabe9fe5e6459de26a83fd1652fc53e7676fc7817", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671562, "uuid": "1b101efb-7437-4f7a-9b40-d0c14a2befc9", "value": "T1D4D423CA72C8EF21EC3BABBBB885255107F9B6029271FF2A36D511DC6556B060EC1713", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671562, "uuid": "101c1659-684f-4f15-9746-3ee31056f0d2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671562, "uuid": "6e121cf9-aaa9-4de4-b93d-00074c749e29", "value": "12288:Y45+po2QiHBU1So/2q1eC0lvI0VoC0qgqK6AlCD3DsQClUTcmCq+uRZxN5K:b+pJJhfK2q1ePLWqKRl23Za8RzNM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701671562, "uuid": "8bbef6ae-2ece-4163-82f3-b654e3139622", "value": 649728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701671562, "uuid": "6f77d26c-fda6-4b3f-9cf3-b756743d92bb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671562, "uuid": "e0bd80b0-b7e1-48d6-aabd-4ed2d4bfb03e", "value": "SecuriteInfo.com.Win32.PWSX-gen.4432.13418", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1049a7ec-9272-11ee-b7ea-42010a9c0006", "comment": "Malware payload (NanoCore)", "timestamp": 1701672909, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672909, "uuid": "cd3e34eb-4ec2-45b9-961a-3dc8f9c094c0", "comment": "Malware payload (NanoCore)", "value": "cc0f6af0ea57fc9cb9698c534fbbe1b2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672909, "uuid": "b341a479-adcb-4b0a-b387-15acdd6bf1ee", "comment": "Malware payload (NanoCore)", "value": "6e4a05f7b769a8cb12f932281af71be353b058d68a3f96bd00a38b63e78bae70", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672909, "uuid": "1aa5b850-7c93-48cf-96a4-985da8f4eed2", "comment": "Malware payload (NanoCore)", "value": "4fd4acb6716bfb889f685045d00662fb3d46be78", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672909, "uuid": "5809c88c-a3cb-4be3-9e1b-66ef30b3888d", "comment": "Malware payload (NanoCore)", "value": "8b34dffc4c826744a788e1c51a4d03f419d1487dd10d0df74126a53e5287d04e03cee4421a1839a595bcec805a1d8bb2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672909, "uuid": "57c725df-9799-44d4-8336-4397aa9dbfda", "value": "T10C05223172E9DB1BC47803F5E93B614443B2BD353825E29EACC731DE5AB1B815A10B6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672909, "uuid": "89f69feb-c251-4f1e-94b6-d0fc76e6562e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672909, "uuid": "90ff3024-1720-4434-b9d9-773ded481c92", "value": "12288:FW8tW8G34/uK45+po2op+9icdMJG0Bi3SQuFBASUFFJR92DGMAvWrQnTIRy8OJ/k:e34/up+pJzl50ySXASKCyTwecRy83", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701672909, "uuid": "12aca1e3-4c4f-4412-a5f0-88acb1cacb14", "value": 798720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701672909, "uuid": "e46c8842-d46f-4dc7-b01d-d9eb1e43942d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672909, "uuid": "c58f0a39-4179-4c08-a5bd-250bef537286", "value": "cc0f6af0ea57fc9cb9698c534fbbe1b2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e0d95a90-9286-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701681849, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681849, "uuid": "5bdfbd0f-d353-4638-be6d-228b48a5280b", "comment": "Malware payload (AgentTesla)", "value": "0ac68d87bdb803500fe1e773e9e3ec23", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681849, "uuid": "476d2b3a-fe52-444f-8500-d8593ae95fa0", "comment": "Malware payload (AgentTesla)", "value": "6eaee93f96963100221bee90dc15dc6d046951a7ce0a4aafe3ded7bbffa1b0e3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681849, "uuid": "17803473-2e85-43b3-b13f-8cc87ccc33fd", "comment": "Malware payload (AgentTesla)", "value": "17f93653a8ea31bf208eddbd7b10775c704d2785", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681849, "uuid": "9a8f6a5e-fca5-4763-94b1-bbb34658c0be", "comment": "Malware payload (AgentTesla)", "value": "dbee461fbb3b57a4b23c1f14bba57011f91465a8c4a1bfccc752cd78973f275e774c364ecaea5b15338282e901484850", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681849, "uuid": "86abcf80-982e-4a7b-9889-8828e186cbf1", "value": "T13D052269F3E0DB16C83E43F0D93A606483A1BD2A7565E94D1CC371DDAAB1B422D01FA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681849, "uuid": "53cee0c9-1071-4fa1-bbd7-d5b3e99024c0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681849, "uuid": "873801d2-8e6f-4d85-a85f-fb691de06a46", "value": "24576:I34/up+pJqGLYgLwFvRS1e+J0nSoAHR0l:I38PJqGUgL0GeE0nSTo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681849, "uuid": "2e85965a-536a-471d-9078-ba9b971fa526", "value": 831488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681849, "uuid": "ef6591e7-bcb4-48af-a3ab-fcba4cfec14e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681849, "uuid": "7afa0a25-8ece-4f08-89cb-2f28cc886496", "value": "DHL PSZR00000336-EB.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72728216-9259-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Phonk)", "timestamp": 1701662336, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701662336, "uuid": "da307379-3a59-47cc-a9c5-ebb94879c258", "comment": "Malware payload (Phonk)", "value": "66055eb5779265037160e80546c6de3d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701662336, "uuid": "0cd2afce-38d7-4b82-9ed6-34c7a4e367ee", "comment": "Malware payload (Phonk)", "value": "6fc7bfc186b8207bcb43a0b012cf8aaa20b9c59ba3582ee48635044abaa1598e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701662336, "uuid": "14c5727c-96c4-4ee2-9744-076b24f1e9c9", "comment": "Malware payload (Phonk)", "value": "49d3ac6f095af87c2940b16f52f1c72b81646b0d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701662336, "uuid": "38c9849d-41ae-4257-be9e-54d743f160c6", "comment": "Malware payload (Phonk)", "value": "1dd4cefd46cb1cfd62821d18b424f3e17b3f80cb1b9115584ce7e6d80a7bec7f99a7c51780b2c3b30ae964eb7cb6a710", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701662336, "uuid": "3c6e0b76-5586-40c1-95ae-48617dcc7e67", "value": "T128562301B8B1C075C9AB61B049B69B3A67E8EE204F608DDB7295FD4C26356C17D3933B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701662336, "uuid": "7ff04b25-d1d0-4f10-b8ea-d59e4fdeaaa3", "value": "623456a7b63d30d546bd2b9ab9a50848", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701662336, "uuid": "647ce8e4-d4df-4f8b-b5b2-58373b99b548", "value": "98304:wUQqpYQUHxoPmuVk77pC9RwQic/WkkQldxy6Qn3g64UFkcSJNsPGw7Wb/DibBZNY:wjqi+PS7Qf+OdkExPTpUC+Gwqb/DiNzY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701662336, "uuid": "2ba165fd-8e0e-4245-90a9-f41a90822c59", "value": 6274936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701662336, "uuid": "7eae986c-a0c9-4bbc-9c85-df677b68fc5e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701662336, "uuid": "7e46a7ed-3ca4-48d9-8425-aae4cd5bb244", "value": "66055eb5779265037160e80546c6de3d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a156da1d-92a9-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701696774, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696774, "uuid": "bb08af25-f2ac-4a24-8b29-b62cedc8dc05", "comment": "Malware payload (Gafgyt)", "value": "4ee2be0f152c80c2f432e120fd3196ae", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696774, "uuid": "369dcd6a-214f-425c-a228-59177e192683", "comment": "Malware payload (Gafgyt)", "value": "7099eda8cb002729ba749e7e6ec9919129dd0cf0ac83ff5ed439ab3ac8070e97", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696774, "uuid": "f8756fa3-274d-482c-b7f9-05317d3b5d6c", "comment": "Malware payload (Gafgyt)", "value": "2053b4d30d588b05a8283f977d9707bef95768a2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696774, "uuid": "24314d74-6805-428b-b4a6-f701f4502f18", "comment": "Malware payload (Gafgyt)", "value": "d336391574114716a5706efb5ded56140a15e01fa6d764c36de1f6f75b49f8863d8c8cf20fd9a81148514c40b1215799", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696774, "uuid": "b4e05ee0-c9a1-45e6-b85f-e2d522add620", "value": "T15CC31976F1568BB3C087567115AEADB10F22A5C3278F364926385BF44A0F5CA780FF68", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696774, "uuid": "418526e7-c682-408b-a33b-09fa651dc08e", "value": "3072:uIeQQdKz5xli8RtZImgMsm/xV7NXERB2Q:VeOlntImgDm/xV7NXERB2Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701696774, "uuid": "76d529cc-2b6e-47f5-84e3-0117fcccecf6", "value": 126693, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701696774, "uuid": "6b1d60b3-c42d-464d-97a8-64eaf4b0042f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696774, "uuid": "154c9468-f95c-4254-bf42-58f2af38f7cc", "value": "4ee2be0f152c80c2f432e120fd3196ae", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "453e2bb6-92ca-11ee-b7ea-42010a9c0006", "comment": "Malware payload (LummaStealer)", "timestamp": 1701710793, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710793, "uuid": "4e603dc5-3e20-4b05-b6e7-e1a17ace2ea6", "comment": "Malware payload (LummaStealer)", "value": "539f817f571f39a00ebbc911e37b8975", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710793, "uuid": "8a1e5a88-592d-4986-a849-4d049812c5dc", "comment": "Malware payload (LummaStealer)", "value": "70ed2f1cfb4235a5753f1f8288c55f7fc95cb7e6abdb4e77be154901171f4222", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710793, "uuid": "351d759d-ba60-4a18-8e9c-2798d30f9307", "comment": "Malware payload (LummaStealer)", "value": "35e7f450f37d3c741ca83665552c6d46988d38ad", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710793, "uuid": "420fd8ed-933b-42f3-a5d2-7768e532d638", "comment": "Malware payload (LummaStealer)", "value": "3140dcbc66f203aa00b0785d55f55b011412bf7e88f3adc4fc2cc96e914d84abc74b085d004813d42d87061448881eed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710793, "uuid": "0e3ce9d3-a5e4-41ba-a477-279a2e355aa3", "value": "T15054075382E07D45EA268B329E2FC6FC361EF6418E6D7B6A2118AF1F14B1173D663701", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710793, "uuid": "69cc747d-b587-4a88-a556-ce0bf7a4333b", "value": "01f6fc978b1d93c9a83c4aab7e4e75ac", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710793, "uuid": "f040107d-30c2-45e8-8f93-8486d1d93f81", "value": "3072:OyIabiYXd+3B85ATJtL9/IY+MrEpLMClTs+UabXVD9RxmADy5UhUpwVZkTkS:OdVd3BptVIloWLDBNX9ddLhieiT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701710793, "uuid": "9436601b-a0ab-496b-92b7-94603f65af6e", "value": 296448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701710793, "uuid": "7d1868df-42b0-4f9c-8e86-f0eec3e302b0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710793, "uuid": "4b7b68e8-6ac4-4a42-913f-fb6e7593af94", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1e2c08d2-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698272, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698272, "uuid": "487b5c02-4dfe-4656-83f0-c9a25a9ff0fb", "comment": "Malware payload (SMSAGENT)", "value": "3d0e7159da4140d2b29e57e7ea5033d6", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698272, "uuid": "fe4e0522-3331-4dca-be11-36763d0811d7", "comment": "Malware payload (SMSAGENT)", "value": "728a3374e02bb89621c67087b1eea7bd41bfd88937eee3ff2fa8db6addd8394f", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698272, "uuid": "2ae6e712-f988-4152-80e5-fb85accde198", "comment": "Malware payload (SMSAGENT)", "value": "ae0ca2355535875a2e138248635ae2277b0eebe7", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698272, "uuid": "9c042382-9a83-4ed9-b22a-7597000855c4", "comment": "Malware payload (SMSAGENT)", "value": "6e306abb42f85054d90c57d61f8c076c659e1ceac6a62b0cc7403df189e595128dd156f679dbc899e9d37aef5e392733", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698272, "uuid": "ece34ed9-9c9e-44ba-95b4-9050dc2ab2bc", "value": "T128560175731CF40BE073DE316371814F71E185E51A72E312AB07B8185DABDC4AAAEE1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698272, "uuid": "b123aa11-3ab0-4af5-ac12-beab40cfc8ec", "value": "196608:/DDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYS:firUVis8O/0giAZ9PDW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698272, "uuid": "dcf05d81-45f5-426d-be01-9c638b9de052", "value": 6376380, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698272, "uuid": "f1ef5b00-18ce-4da3-b343-17bf2af47282", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698272, "uuid": "94e4baa2-2955-4572-8e11-73b10d4e7ebf", "value": "photo-2023.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a27fda1-92c2-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701707258, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701707258, "uuid": "ed390d71-5155-4e2b-94f5-7e51cbc796b3", "comment": "Malware payload (AgentTesla)", "value": "8c74ef4787f3d56402bb591145205e7f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701707258, "uuid": "8bea7968-2943-4a00-927a-8f482e68d2df", "comment": "Malware payload (AgentTesla)", "value": "72d54df06cae1c5bdb3dabd71cf3e37435800616d359acefe73672ccd7501cf0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701707258, "uuid": "c156fd65-9b36-4c8a-9e58-1e46617535bb", "comment": "Malware payload (AgentTesla)", "value": "bfb1daa8d8f87f96c8063af636d2887fe46a7fae", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701707258, "uuid": "103e8ca4-6047-4c84-9998-1d69afb8e175", "comment": "Malware payload (AgentTesla)", "value": "33dbe17293f8ab013fa24f6fbfd3cb17b3742bf60eff091ac7da471192c7c0acd691c4dca9cab4b752aef7da83a43d82", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701707258, "uuid": "d458c553-83d9-4977-b622-b02d7a7a6463", "value": "T1E205D029AE785F8FD5BC81FC90045E1647F849A2698AF7C5CDC260EA4EC67C2C787607", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701707258, "uuid": "cc55aba3-277c-4705-8ba6-e16f96b3551f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701707258, "uuid": "bc9b8bae-2490-4ab9-ab25-93df4f65dd26", "value": "12288:n4E2Gf45+po29NZOaPLSoNMQlsgsxQYGI+giFieNJXSYGMdI+Ca7QFUqb:n4FP+pJ9NZOKLS7gIaI+gi5FCs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701707258, "uuid": "979bbe5b-0b13-4886-ad2a-515304b4226c", "value": 815104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701707258, "uuid": "0ac23792-dcc7-4e49-b75a-3f8b94cad63a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701707258, "uuid": "cb5cde10-20d2-4f74-aa6c-3d63ba89ffd6", "value": "SecuriteInfo.com.Trojan.MulDropNET.68.9906.22909", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d059938-92ca-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701710833, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710833, "uuid": "f66d48ee-1a40-4ac3-b0d9-34ddbaa0261c", "comment": "Malware payload (AgentTesla)", "value": "c556abc2e04d6889cf0a059f9133af60", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710833, "uuid": "b36a4b47-60e6-44b4-a85b-060f4db52e39", "comment": "Malware payload (AgentTesla)", "value": "7313bba3ca9b2518cc049ad47ab159f47675c0199fc812b6bc5a0584616b220a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710833, "uuid": "cd611724-193a-4205-a9ac-12cec0e49baa", "comment": "Malware payload (AgentTesla)", "value": "80d768a65c200d34517bdf788e8ae649e4f4addf", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710833, "uuid": "21d00aaa-7593-4d01-bf11-f17f9101af7e", "comment": "Malware payload (AgentTesla)", "value": "e8fdfa05a9e61e437a3b1582b8de9ed2742b63a00fbd9aa98d82b51143ef878e98a66403ecfb8f4ca7e9eabd8ffc5286", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710833, "uuid": "3a948e74-e509-407b-8047-2d178e1acb01", "value": "T12D25F04562F85F4AE47A67F486A4020007F77AD5603BE34C6DDAE0C72E75B020E5BB6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710833, "uuid": "4bf04603-f078-4776-9129-ebc0a453f134", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710833, "uuid": "a969fc65-7be0-430e-848c-678e6427e6d0", "value": "24576:p1tk+pJ16fvFeZ81CAH9ddcuq+vHWH32M4L:rZJUf9HH9Euqn32r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701710833, "uuid": "42e8e907-6b6e-4dc8-85e3-38a9ca262631", "value": 1032192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701710833, "uuid": "979ac798-f922-4a7d-bdc9-1343ed98b777", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710833, "uuid": "81c31f29-2fd8-4b38-ac48-2c695cf6c30d", "value": "c556abc2e04d6889cf0a059f9133af60", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de8a185a-928d-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701684851, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701684851, "uuid": "82553638-fd3b-4848-b1dc-fb44e33bd451", "comment": "Malware payload (AgentTesla)", "value": "8412a2cceb09519e18c3419df99efbad", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701684851, "uuid": "0157d33c-e603-4172-935c-0f45e4caec3f", "comment": "Malware payload (AgentTesla)", "value": "7318815c5eed7085d6d336406e6c3255a23e255f5caa954b6b1b4549b7519701", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701684851, "uuid": "15baca98-4dcd-47a3-b157-08d3e29706b2", "comment": "Malware payload (AgentTesla)", "value": "33fdcdd1ea11818c2928d80c52e786b0cca9e522", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701684851, "uuid": "c0f6b162-d7d5-4783-84cc-3cbbd72f0aa6", "comment": "Malware payload (AgentTesla)", "value": "05473695a32b18912b3954aec68a784d562071b02fc51010d7d61a0e3f95a88963475abeb0abbdfe1d55f0467ddd1d88", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701684851, "uuid": "f06fc440-4566-42b0-86b4-9f6be6440338", "value": "T18025D0DC7540B5DEC867CE7289682C60A6227C7A971BD207A057369CAF3F7938E150E3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701684851, "uuid": "a0eb7e69-b889-4833-b368-419468a4f14c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701684851, "uuid": "d6b6d176-5b49-40d3-be12-661911b58d88", "value": "24576:RBm634/up+pJtwFbGyArZTDOYDD/ckaCFUBkMIHpDqDDBi:RX38PJtw5Ag6D/6CFMkzpDH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701684851, "uuid": "305d9e9f-d23d-4055-83a6-bc9d082a7ab9", "value": 1048576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701684851, "uuid": "a11fca91-76ee-40f0-b832-081962662eb1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701684851, "uuid": "8c8cedc6-627f-49fa-a2f4-a3811c91b2e4", "value": "LAM CHUAN Q710901.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "480d2253-9291-11ee-b7ea-42010a9c0006", "comment": "Malware payload (GuLoader)", "timestamp": 1701686317, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701686317, "uuid": "9e9a3739-699e-425c-aa6d-03e7e8e7c3f9", "comment": "Malware payload (GuLoader)", "value": "0cc069caeb033f07c49e0349e394a383", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701686317, "uuid": "f4e1a99c-273c-4080-a1e7-8a716d7b8f74", "comment": "Malware payload (GuLoader)", "value": "73b5723f64fa0da9704571c290a0025ebd9ef2a4a348331f44c77074b27e8cc0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701686317, "uuid": "9e852d1c-a490-4bba-9a38-d7280429c25a", "comment": "Malware payload (GuLoader)", "value": "b00efea601ebefda8efcddaac9fda1236a6e1dcf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701686317, "uuid": "1e556316-d5e5-4af1-afab-c02b4027488b", "comment": "Malware payload (GuLoader)", "value": "9ae32db55990f398a4a79761883b02396588337827d95efb69087d3a301a4d2e5a0f90a392e6e5104d1839e29d00d6b3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701686317, "uuid": "c75b7fbe-eb7a-44cb-b383-2d0489e2d2a7", "value": "T1C93523526780C8E6CB7986785DAAEBE7AAB03D54B442130603E4FF2E3CB9753C51F506", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701686317, "uuid": "b76ac27b-0189-44d6-977b-e8bb95896374", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701686317, "uuid": "d299f377-e7c6-4ab7-9ffd-6093eef19858", "value": "24576:WS1jK3DnOtfOo11zheWKDgkN4WnEWIHBlJNasLV4UNjGQJs3lEblp/:F1KDnOzMvJvExosLyUgOwIB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701686317, "uuid": "12b8a4a9-0304-48b0-a8ba-1adb17711d71", "value": 1095632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701686317, "uuid": "af9c0142-4cdd-4af1-91fd-a28628221582", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701686317, "uuid": "6845861e-f7de-407b-9e05-2e62d832c37f", "value": "Tidinesses.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ca7e0c7-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701680875, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680875, "uuid": "eb3237db-e102-4bfc-9bd8-201eb0351134", "comment": "Malware payload (AgentTesla)", "value": "d938337b29065b1d0a4d4c375ac9b6ac", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680875, "uuid": "59b1c1ab-80ce-4bf2-9f5b-36937de096c2", "comment": "Malware payload (AgentTesla)", "value": "743ae15d3849044f1e67fc43b58ad6a701bee9826e90ef6119ab9697835cd88d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680875, "uuid": "1865d869-2cfc-49b5-8133-cf670f4b2c77", "comment": "Malware payload (AgentTesla)", "value": "0e439109d66f905b4c0643a4e55806373fc4e1f7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680875, "uuid": "b3a74004-a638-4085-b604-5173d77a8907", "comment": "Malware payload (AgentTesla)", "value": "cc0da4d060d39829782fb0fb2a9062634fca1b94aea2b80e2ad7b1e4dd35b0c0567ff2724bb771e2daf672031836dfee", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680875, "uuid": "b1f76ab1-fd11-410e-b56a-1f96109527e9", "value": "T1AED4238AB27DD31BC92D06F6D4F4095283AA465A7156FFAB1EE010D977C7BE22D200D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680875, "uuid": "a5f30e96-89c1-41fd-81de-1139716ad527", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680875, "uuid": "4b74016c-7766-477e-a4ff-0cd878ef00d1", "value": "12288:eNb45+po2GH2n0XKKx8pq4orY1H73FFIgLKyuJY5hhpNe1ifJlFUw+Huxm:Ka+pJwKKx8pqgb3YgLpvfXFUnHux", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680875, "uuid": "15530466-4f31-4d77-beda-ccbbf5b5530b", "value": 641024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680875, "uuid": "daf55464-bdc7-440e-9170-880823e5dc9d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680875, "uuid": "1156195e-d583-4254-86ff-556ec61f79e9", "value": "Zaplata,jpeg.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe51b657-92ac-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698219, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698219, "uuid": "c8ef9d89-34a4-4f88-ad41-f0255b3dba1b", "comment": "Malware payload (SMSAGENT)", "value": "5e06df432080bb6c6f8ef49fa1dcf998", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698219, "uuid": "fba85180-6cec-4c56-8482-fb24915e6299", "comment": "Malware payload (SMSAGENT)", "value": "75130ba300e911782e9cc3b0338e79aa55098e0ce56ebd2a9552cbd1e502441d", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698219, "uuid": "6ab4821d-f991-457e-96f0-02e0d04f5e8a", "comment": "Malware payload (SMSAGENT)", "value": "a803c2f1a71f444c80fc6d8696caf80d3ee4e468", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698219, "uuid": "dfc90f5e-bc12-4693-8fd5-5a2febce8571", "comment": "Malware payload (SMSAGENT)", "value": "4b18f3d8ecec1b85ca4e53105ae16e16ac204857758daaff6c0944ca3d48d215e3094ba2a44f88e31146fdb4e5e8db54", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698219, "uuid": "f12bdd3a-8b87-47cf-a3ef-4d1f3a6c6a7f", "value": "T1BB560179731CF40BE073DE316371814F71E085E51A72E312AB07B8585DABDC4AAAEE19", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698219, "uuid": "907c0a7c-19dd-4325-87db-f8465e5efe69", "value": "196608:/kDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYl5:sirUVis8O/0giAZ9PDZ5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698219, "uuid": "f44dcc44-bf69-41b8-b69f-73a66ff0ee38", "value": 6364096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698219, "uuid": "d9f1bb7a-71d0-441a-9e7a-f07b1e95d3da", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698219, "uuid": "597e9a97-cdd9-4862-b0d0-97fea34d8566", "value": "Sber Promo.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0435cae6-92e6-11ee-b7ea-42010a9c0006", "comment": "Malware payload (njrat)", "timestamp": 1701722710, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701722710, "uuid": "08750338-2036-44cf-a35c-1b928ec11dc1", "comment": "Malware payload (njrat)", "value": "47d5914f687278cf73a9d48779716e87", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701722710, "uuid": "d605e51b-3653-4e45-8fbe-964d0a6565a6", "comment": "Malware payload (njrat)", "value": "754f250eb41af8423f743c14b1a77088c50c1446b5ab5032c411aa018fd53df5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701722710, "uuid": "b3c8650e-733e-44be-837a-943c3319bfd0", "comment": "Malware payload (njrat)", "value": "107213253be6d4dae494528c6cd25daa2b9ace9b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701722710, "uuid": "e0444d2b-33eb-42a0-ae1a-f969b6cc8463", "comment": "Malware payload (njrat)", "value": "bcde493fbf54e824ae4c1355992e2d97009ab30cae7089028632f5c0d0e2ecc9584ad1bfe21198feb63cb11ad6aef8f0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701722710, "uuid": "170b0e21-efa0-455f-8057-889a3405cf02", "value": "T1C874E7243AD9C617F0B2DEB281D7756087FAFAA33632D6492D84138E0913BD2DD8517E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701722710, "uuid": "aeab429f-377b-4d0a-ade7-e1c231f056be", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701722710, "uuid": "64dcb5a7-193b-4e35-9d7f-de795a71ab49", "value": "6144:NoM6jhF9Bx5kfN4f9/w/KxluW30ROUx+7sATubFrrd:8hPPQGNw/KxUW30UUx+7sATuJr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701722710, "uuid": "c68931ee-1984-4939-8999-f05b2960dd17", "value": 366592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701722710, "uuid": "218d96d2-2e79-422c-8a38-992660cf3f0d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701722710, "uuid": "c0bfeb3c-d5e2-4aa7-aa79-895073055c68", "value": "47D5914F687278CF73A9D48779716E87.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38ef9acc-92e1-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701720651, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720651, "uuid": "d375f7f6-8fe4-4026-bd4a-902d9aaa0754", "comment": "Malware payload", "value": "d233a9e8e5401ee8959b66731313d30f", "object_relation": "md5", "Tag": [ { "name": "cloudeye", "colour": "#D797DD", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720651, "uuid": "a5bed9c6-de7f-46ad-a0a6-564f07f348d3", "comment": "Malware payload", "value": "7561a5c626310483b34f53a89626636902f32337022230e27c1b26277d87e189", "object_relation": "sha256", "Tag": [ { "name": "cloudeye", "colour": "#D797DD", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720651, "uuid": "5fea6d15-f113-419e-9457-447914b77ec5", "comment": "Malware payload", "value": "40d2865c8832d02ba3859ec8fce1f04eb7d11c03", "object_relation": "sha1", "Tag": [ { "name": "cloudeye", "colour": "#D797DD", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720651, "uuid": "21fe1266-c8ba-4cb9-9d56-5297ec607305", "comment": "Malware payload", "value": "0b891a2092b974634b7215cb0490901ee875ef408229226c72339018b591974996a4579803ed603f958310f536179178", "object_relation": "sha3-384", "Tag": [ { "name": "cloudeye", "colour": "#D797DD", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720651, "uuid": "ef62880d-c308-4b58-95bc-fe335d79bc3b", "value": "T10BC2C462DE13210A858B19F7C40D2CB9A6F500F61A2110F62DCDB16E5D46B88FE9F76B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720651, "uuid": "b0b523d7-d2e7-4b05-8346-ab58e10d4888", "value": "768:o1lFJLItit1yrYnXS2sUzN+FYAFBp7UAI3Jzz:ubJL8it1yrw3sON+FYNAIFz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701720651, "uuid": "91ce25fb-13db-4cc6-9238-53ab2273fa8f", "value": 28266, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701720651, "uuid": "9c5ae77c-898c-46a7-a9d1-2141c061df96", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720651, "uuid": "e652084f-eec5-41ff-97be-bdacf6efa9db", "value": "RFQ_PO_december_order_sheet_design_and_ specification_04_12_2023.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6c47d82-92f4-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701729049, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729049, "uuid": "0b0e67f8-f888-4071-bc5d-ede9a1e61ab7", "comment": "Malware payload", "value": "02af55d0b342daa922756051a50528d7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729049, "uuid": "38211127-334e-4a4c-b931-ea1351a56f02", "comment": "Malware payload", "value": "757bfe7baa14a89de806a73437b3aec27d8ae6638a0de45e6a81b4d4ad8f3c1c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729049, "uuid": "5da54bc4-4218-4d2b-bd26-fadbcf64ec0b", "comment": "Malware payload", "value": "d6ded62ccfc38237c5f7cb989e8acd963fdf08d5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729049, "uuid": "5fcd7678-cd13-4eb3-8e53-18448ac21cf6", "comment": "Malware payload", "value": "7666249b9a945f87ae19ec9b96a801e07ee1a500285851a089f20bcaf8ff0728cfd3dfb6d784517d67952992bcc20945", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729049, "uuid": "f5211b9c-a5bf-4319-a1ab-08c013ee8f9d", "value": "T16FD32E3E35B16846F5ED0B78F0F4AA1752003523BDE64CDE2D04DA2CD3339A7369AA65", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729049, "uuid": "6333dc56-6f3c-4a8a-bd03-3e3f4a3ca806", "value": "bb9dc484d891a7cf70c5c51b76b5d7db", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729049, "uuid": "5f7029b3-bae7-4bba-8f75-1303439083e9", "value": "3072:BrKiddDSt4dtH1G2hfdEjgGRas377PhrU:RKiddDIK7GiOMGR17jhrU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701729049, "uuid": "04caa186-53e9-41a6-b909-7d62f5e58408", "value": 140288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701729049, "uuid": "5a2c1e11-54e3-437d-9f33-8b87ce96e646", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729049, "uuid": "b75f292f-433c-43c6-878b-12a416fe7319", "value": "SecuriteInfo.com.Trojan.RunPowerShellNET.8.1922.27994", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "698f6ffa-92a4-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701694533, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701694533, "uuid": "be45f529-d7e2-41fc-a7a8-3d5eabbca786", "comment": "Malware payload (AgentTesla)", "value": "90e190c3408826e766371bd9d119c42c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "com", "colour": "#1D22E5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701694533, "uuid": "d1223e78-8136-48e8-936a-1017cf4a3600", "comment": "Malware payload (AgentTesla)", "value": "75893f209bcf5b0b66a98543d16cd820a861d5f3e916845c1ccdc619c0c09fab", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "com", "colour": "#1D22E5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701694533, "uuid": "9ac1195a-b2e0-446d-b6fd-fadf60e871b3", "comment": "Malware payload (AgentTesla)", "value": "7ed705ab9a55eb01374ebf81e89a9acb273ed363", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "com", "colour": "#1D22E5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701694533, "uuid": "d9f90429-638b-4dc7-afe2-1bd59adc5e3c", "comment": "Malware payload (AgentTesla)", "value": "d2b2b181dc8a1ec4b9726907a2ee0efc25adcb480dfe3860a7b60e8ee2b4f380e9c6879f9f3a500fcabc9d37923784e3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "com", "colour": "#1D22E5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701694533, "uuid": "667fb599-6442-4530-af47-fc17b623aeee", "value": "T1FA05CF64F7C4057FF98ECA79A40042A403F89616A187F38B6A7576FD2DAE3917D01B83", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701694533, "uuid": "57748d0f-642e-4b8c-ab0b-1892c04201f5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701694533, "uuid": "6f9f4a4c-9df2-4896-9f16-8e9142953fb8", "value": "24576:aza18Xv9hnCf+fSIOJPA+zG0KgRbqiRB3CTrPf:ZWfvnCf+IJPZZF1B34", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701694533, "uuid": "baf56808-154d-42f3-ac86-c2da0eed4c76", "value": 838192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701694533, "uuid": "31d601fe-09e2-4ce3-b05f-4d4bc6cc4fdf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701694533, "uuid": "a6fe7ba9-8a75-4eb8-8eb7-5ab462cd255a", "value": "PURCHASE ORDER 300136710.com", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "88765d28-92c4-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Zyklon)", "timestamp": 1701708329, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708329, "uuid": "10372620-654a-4c40-ad66-1c4962f1c39c", "comment": "Malware payload (Zyklon)", "value": "af7609aa27210fe58d49fc673ad0984b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Zyklon", "colour": "#67ECE0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708329, "uuid": "5637cdd3-5124-41e6-a177-59625b3cde7e", "comment": "Malware payload (Zyklon)", "value": "769c5f497f142d38e72c13783c0459a2fa4345826a4b1bf8118b35fb84f812c3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Zyklon", "colour": "#67ECE0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708329, "uuid": "a57c6de7-06c8-4260-bf34-54d3f089c4f7", "comment": "Malware payload (Zyklon)", "value": "a5ec402eeb9b7e0751c17cf93d9b10dfb145ea1c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Zyklon", "colour": "#67ECE0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708329, "uuid": "555b565b-0d1f-471f-a8cc-4465556c19b7", "comment": "Malware payload (Zyklon)", "value": "ca7dcae707f83aeb63999cb4aaf8fce10f4cb1bf93851bda6ef78e934d7c62e2bc6031825ac18a6d50be8e7b9252a222", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Zyklon", "colour": "#67ECE0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708329, "uuid": "7b81e70e-a0c8-4cd2-b4e0-ccda07ad5449", "value": "T198C5D01655928E3BD26597324057403E8290CB7639B2EB1F361F25E26903BB9CE731FB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708329, "uuid": "66ea4984-6d29-4a08-9ed5-58a5d680b15b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708329, "uuid": "80c16a9a-4328-42c3-bef3-96b997e31788", "value": "49152:RZfXoANNaXy7o+0Yxr02zS94Wo4X00G9SgY6VATvt:RZfYANNP7o+Vx4394WXiYKAD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701708329, "uuid": "f755e7ab-dfb6-4014-a6ef-24b610b9e138", "value": 2703872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701708329, "uuid": "c8e3a145-1926-4691-a87d-701762514c3d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708329, "uuid": "e76fc6bb-fb69-4b98-a05f-cc67b06bbfe6", "value": "af7609aa27210fe58d49fc673ad0984b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7e55bf6-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Socks5Systemz)", "timestamp": 1701682209, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682209, "uuid": "042b3dfe-c9ba-4c59-a2f4-a5ba6fa29033", "comment": "Malware payload (Socks5Systemz)", "value": "c6139c8cba91fb0e68024ab1ad6ce620", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socks5Systemz", "colour": "#D268CA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682209, "uuid": "bec67530-33f4-4de1-a3c1-82ade32f5e25", "comment": "Malware payload (Socks5Systemz)", "value": "76e947de7f2487c7d1ac649d8743d23ebf08843a6532053e96c13a3db9e4b545", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socks5Systemz", "colour": "#D268CA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682209, "uuid": "fac26c9d-a61c-490a-a29b-b36cf36a9138", "comment": "Malware payload (Socks5Systemz)", "value": "17fb64fbb5610ddd3d1453507df3cd54388fdc5a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socks5Systemz", "colour": "#D268CA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682209, "uuid": "d377be5b-35f0-46d1-b92e-ec202de05301", "comment": "Malware payload (Socks5Systemz)", "value": "4d07efc2118184e8cb0919d195436ed84414a5de3c60ba319567ef09dfd27cef9733d77e55ac891a87675028e85c25fe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socks5Systemz", "colour": "#D268CA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682209, "uuid": "7fdf9b7d-5613-4c97-8e6e-b8707200548c", "value": "T19B8633BF9521C9F9DAE0EA3A6C180136D0E17BA71D77B50094CE5AED6F48F52870B708", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682209, "uuid": "3bed29f5-7881-46ad-a28e-807e40caafbc", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682209, "uuid": "975e7880-a428-4c1a-a6db-dc12b0881cad", "value": "196608:aePHjr2ec1okUSuNq85klHawrFbHPVoJMgtWXjvQbVvYd:aePjr2jTOqKklnrZvAHQXb0Vv0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682209, "uuid": "678c6539-e863-446a-8b85-ee6a170b602b", "value": 8140856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682209, "uuid": "1a167b75-e503-450c-855c-f366a87044e0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682209, "uuid": "dadebf90-c35b-41ea-8db8-e0fa29734536", "value": "c6139c8cba91fb0e68024ab1ad6ce620.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "677f3bb3-92c4-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701708274, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708274, "uuid": "d5c62329-cd37-4819-9227-5624f9a6f71f", "comment": "Malware payload (AgentTesla)", "value": "3e33c8cf5b3ce2fa86f1b0ab22d2d3c2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708274, "uuid": "f04d0f47-d489-4da6-8ced-538f89a9bfb2", "comment": "Malware payload (AgentTesla)", "value": "7712b3d4b61189ccbafdbcc285b7a761d517bb68295626e30c33c24c38fb95cd", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708274, "uuid": "185ee713-46ad-435c-88ca-d48d01ba835b", "comment": "Malware payload (AgentTesla)", "value": "de4c28fc5c4eab8c71b09830ff295b901be6a844", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708274, "uuid": "945377e0-f735-46e0-9874-ef709b0c4b36", "comment": "Malware payload (AgentTesla)", "value": "368f2dde0b04164bd954fca3752cc977ee45754582933e2cb41207d0e68dd7cc6a0ad8ec84f75fc845664c2e7dbad55b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708274, "uuid": "ea7a805d-cf1f-45e4-8c3a-433a47214eb8", "value": "T1B384022AF292C71FCD229430DCC2F4DA8229FC598F45974B72D9B70F02357E6D162A92", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708274, "uuid": "3ce36a71-b27b-4878-8035-990185314d5b", "value": "6144:ln1m9kdbQS6vsB3qfLWnNnBkbE9UX3yhnpC3quvmb6SrnV3LYpMMAI:lOeuvsB351Bkr3yh9b9hr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701708274, "uuid": "0d60c524-3fc3-4e74-926e-7111ca429996", "value": 400896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701708274, "uuid": "1d8d1809-18a8-43d2-8f26-203b4ca55e5f", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708274, "uuid": "918db013-5192-4ccb-af77-b80f44dd72f0", "value": "Package.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c7d8556-92db-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701718241, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718241, "uuid": "2ed4678a-e3f6-483f-a3b9-3b81cebc7c44", "comment": "Malware payload", "value": "05740eac1d2007de3f06f30cf3664826", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718241, "uuid": "4048756c-27ab-41bb-a747-777b00e2bd81", "comment": "Malware payload", "value": "7741009510d169e747ae6339d3df998a4d544992f963d6aebd5a62f433e5ab6c", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718241, "uuid": "0d947c49-0427-4b8c-aaf9-29b227206af4", "comment": "Malware payload", "value": "3b4b0e252879beca7329cab75a2fa4d72955a5a9", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718241, "uuid": "9b77b3c7-ef4b-47bc-92df-76bbbd196437", "comment": "Malware payload", "value": "d2e598b0086718a3ae2b5bc08ea40475b77ee5dbd8a8aef0e017bd44d6e2f1c406fbd0830d6644146be4976b6e7f8ac9", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718241, "uuid": "059a28b6-d732-4b40-b703-ac214f81aff9", "value": "T1E676011AB71EFC0BE263DA3263728D4B772F85F51251E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718241, "uuid": "d77117ef-df06-4361-8299-c79573bc9627", "value": "196608:DrzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLc1F3nswU/Q6FKNcnFs:nw0pdMGbwBAej267nswxgFs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701718241, "uuid": "ba83c63a-aa32-44c7-8451-9b7cd0e6e29f", "value": 7332736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701718241, "uuid": "d21eae40-ec10-43c5-9697-804ae88297c2", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718241, "uuid": "d51a9326-4d54-4d98-89bf-388292eb65a7", "value": "Camfrog Video Chat.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f45febd9-9238-11ee-b7ea-42010a9c0006", "comment": "Malware payload (LummaStealer)", "timestamp": 1701648381, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701648381, "uuid": "4937b782-14bd-4fbe-89bf-ab9965720d1e", "comment": "Malware payload (LummaStealer)", "value": "c9625af37f5c06f5558e5bbc7bc8f0d0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701648381, "uuid": "aae61c39-daac-4622-88ad-b79b446f1fb0", "comment": "Malware payload (LummaStealer)", "value": "77fcdc366eed4dc0205f980830716d5a3f97063af4a860023a09787b37e8dc59", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701648381, "uuid": "472ceb1e-b7eb-4ed5-b8a6-56d5565dc584", "comment": "Malware payload (LummaStealer)", "value": "97ddde94185186a2495edab3b1bd174d9afd8fd4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701648381, "uuid": "16088fc6-d195-403a-8e8b-8db919104425", "comment": "Malware payload (LummaStealer)", "value": "fa84ea972cd4dd5e9d5036a34d09e9c27e0696d7f445bf6a04b6062de589234ce4e9830341046eaef0f1bece2aa55c4c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701648381, "uuid": "04f30122-4528-4065-bc59-c42e77e6d6a9", "value": "T16E44AE1273F1D431D52346389E6AC6F42B2AFC714F256ADF23966A2F0E742E1CA76305", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701648381, "uuid": "0aadd538-9865-4b12-adbc-d20d60899fca", "value": "5fb506b70643f37b65928468364d30e4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701648381, "uuid": "528f29f2-7fbc-4331-8a37-2fb6ba7f35a0", "value": "3072:LxRxKeAo920kivO/qTAbmJ+nQ7W9b0usqTl5CGa2gnY04n46ZBhvTOfDn:VC3oS/yAbmYntgqrCiUH6dvT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701648381, "uuid": "2c20ea11-c22c-4310-8296-0da60dbd19c1", "value": 255488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701648381, "uuid": "a7af1622-b848-4fec-ace5-d7c06c89ccc2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701648381, "uuid": "6bceeefc-9dab-456f-9c44-d81aa88f67c9", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b38e7550-9276-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701674901, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674901, "uuid": "38381cc5-a604-4a59-be68-b54bd6e0552e", "comment": "Malware payload (Mirai)", "value": "aa07f04ec98462c12ce3c8d034485908", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674901, "uuid": "4532ae30-a866-40cb-a837-97db1393cd71", "comment": "Malware payload (Mirai)", "value": "784e8f34e417ab9c9a6331892d0ed763f4f5713ce7e4c8476e609722855fff2e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674901, "uuid": "f8890ef9-68f4-43c2-8d08-8e6d3e907118", "comment": "Malware payload (Mirai)", "value": "59336c6f743c4c2bc7e65501002bff1dbaa1aeed", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674901, "uuid": "e54661b2-cadf-4754-a47f-89b114ba47a1", "comment": "Malware payload (Mirai)", "value": "50c22a4b342dcf390c1a1c180cd6005ea90c4e8ec43dfcf1cabfd43b753374e52dbf3a991a9c0672e2823255d4c39a1b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674901, "uuid": "38fc225b-bd55-484b-8278-e7af31fb53b4", "value": "T155433A51B8819613C5D4137AF6BE428D3B3537E4E2DF32179E222F41378A82B1D6BE85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674901, "uuid": "68e1efb1-39f8-4892-aa7a-04c53874e12b", "value": "1536:Ciyb6jLf4zeTrJNxNNByFas5Yx+B9GJa10h:Ciyb6hNBoV5YxIG4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701674901, "uuid": "efe5e283-1427-4886-ae98-190494b67bbe", "value": 60472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701674901, "uuid": "85da2e2f-474c-4308-b3b1-f548b83434ad", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674901, "uuid": "8795eca4-bf6b-4e61-bca9-64f5688e40a2", "value": "aa07f04ec98462c12ce3c8d034485908", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eeab4002-926e-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1701671564, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671564, "uuid": "068828e5-efec-44a5-ae10-8540da917136", "comment": "Malware payload (SnakeKeylogger)", "value": "c39926da378faad0c950ea349890c989", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671564, "uuid": "90b33794-45eb-405a-8453-bc939e88938b", "comment": "Malware payload (SnakeKeylogger)", "value": "78a6dd64fa777ed37c0ffeae2cdda73789dfb56cd8552083e87dbf563f6039a8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671564, "uuid": "4dae9c9b-4ffc-4458-810d-45ed1e4096ae", "comment": "Malware payload (SnakeKeylogger)", "value": "f904d0f53e30591a7064c6b2d0602e2831db3ee1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671564, "uuid": "ec6a37f2-3f33-485d-bf65-93ecfbc5f644", "comment": "Malware payload (SnakeKeylogger)", "value": "9fbc47fb8237be9d30e9b0c1a471fe6622b304301cfb9d1d85159d14f228bcc4c54bcd912eb4b098ec259fc714f90250", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671564, "uuid": "a5e3cf56-c59c-40ef-8df2-1c45d7043e2b", "value": "T198B423A2B3E74352C83187BB2CE21840B7F4965E6064FF892C9550CD5755FA30BB2B8B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671564, "uuid": "8d83a091-2cd8-4800-8204-1d463f6a1bef", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671564, "uuid": "c0402c38-41be-4ac5-8d62-43106b7956e5", "value": "6144:MC245gVpoTWvYExGZXGRWYiDApqMP9nknrUuOuOtkUGamdJ5wVAWzLla2JXPyTbr:M145+po2dx03gpvAOuOtFmWzE2Y7ZF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701671564, "uuid": "30d93518-7e1c-4b10-8db0-fcab770a3bfb", "value": 530944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701671564, "uuid": "4039f28d-1426-482c-abc6-e99ff8224e2c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671564, "uuid": "dea48efa-ce64-40f9-97a8-405d932c07a7", "value": "SecuriteInfo.com.Win32.PWSX-gen.11199.8902", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b05195ac-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Glupteba)", "timestamp": 1701682197, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682197, "uuid": "923b1609-f417-457e-98b6-134255aa2fb2", "comment": "Malware payload (Glupteba)", "value": "54fb21c36656bcb0776075fc18224be2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682197, "uuid": "9be503c5-7b0a-4612-8494-fc404afd26d3", "comment": "Malware payload (Glupteba)", "value": "799cde477706f70c4f7ccdf560cdcafa60012683440eddecfe2bc2ef0c839e2b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682197, "uuid": "2dc8b3a6-01c3-4f87-bb79-5e32ca5a72c6", "comment": "Malware payload (Glupteba)", "value": "979dd274cfa135729460903b450e4cb611565fb5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682197, "uuid": "f684e7ee-f00b-4ffa-ad8c-799930255f22", "comment": "Malware payload (Glupteba)", "value": "e2b526365db0f33e6460e396ea496eff51e4c36a44a8aec6b84f49cb94c69a25d0bbd846fbdabb12d34bf802a6e82669", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682197, "uuid": "7e1eda92-bf7b-4ea6-94a3-4999a8bcfa3e", "value": "T1D094D0E4139D466AC7DE4978C0B5F21C213D81BB3282E762BBDC6CF9564BB81C943396", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682197, "uuid": "f90957ef-1ef7-4588-a2c8-a255d24f6db8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682197, "uuid": "88ba6a1b-c56f-42ea-9782-416580675840", "value": "6144:0PqdN4yJRKGs603WmORMhfJalGBayB5yWI3DhieQ5XxdXmHy3YiZpe18Lt:aqRJEEaWZaMIBaI5E1ieA/WHy3YmLt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682197, "uuid": "2c8db973-62f7-4665-a6d8-d5b67011d134", "value": 427368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682197, "uuid": "d0dac596-8b36-4a46-9fba-cfc3f577d523", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682197, "uuid": "2c8cbe51-f55a-4282-bf8e-c77ca53c79f2", "value": "54fb21c36656bcb0776075fc18224be2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5c72914-92de-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701719545, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719545, "uuid": "f5003f3f-8e60-4a33-942c-7e095a2e05d3", "comment": "Malware payload", "value": "5976bcd5e7f558b6aed4e84ce4b0eeb5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719545, "uuid": "9bccd077-4f96-4a76-a861-ecc013a832e9", "comment": "Malware payload", "value": "7c3ac84e096ca5f2bbb36520dac302bfa00b6cd61598eafbffeaabea66bfa307", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719545, "uuid": "388a8c10-d11b-4c5b-9e5d-334b9b060613", "comment": "Malware payload", "value": "2d7efc8dfbb0672d9e14fae3fdc38a634abebeb9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719545, "uuid": "7fcf2352-1791-4f39-a087-d2a514f71eff", "comment": "Malware payload", "value": "3b699fce1bd1f7ad0c9c50ab04f243dbefe14a80150f854a1ca350f65e2519c81aff4c913acfeee02e107fe0c404e614", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719545, "uuid": "ea1bda67-9f97-47ee-a301-a318e4df97e0", "value": "T1B0247CB1B6C1DCB3DA6E1A3958F587281F3CF6838B828F172F24553A1F621C0EE55946", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719545, "uuid": "5b7645ae-a8ab-4448-8d35-3eb40ae21322", "value": "bb9dc484d891a7cf70c5c51b76b5d7db", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719545, "uuid": "e24a1e12-8e0a-45a3-bf28-b26ce73bef11", "value": "3072:GppR5Ootvzcj+M+xVf/iMFO0uQaz2RKmoT2t+YTq5RNvw:Gh5jlYIxVfBtRGTO+2q5RNI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701719545, "uuid": "aa13b24f-a33d-4863-9e5f-bccc62405ee3", "value": 225979, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701719545, "uuid": "ef28d56d-d2ac-4b31-bb3d-cfb9d2dddf3e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719545, "uuid": "9ffc5ad0-ade0-4997-96f7-3348c5e54062", "value": "5976bcd5e7f558b6aed4e84ce4b0eeb5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9fda5706-92de-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701719535, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719535, "uuid": "f8d57936-abae-403a-94ca-cdbc4b8e7244", "comment": "Malware payload", "value": "84b10d8d399f2c2a9b017295fdcc6f21", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719535, "uuid": "0293af3a-f40c-4a40-9eae-6b3c819431a8", "comment": "Malware payload", "value": "7c3f8d84b7cb379acf14a5395862b51f94936b5db1e4f34e8e3c8f39c4350192", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719535, "uuid": "4d290be2-a978-49a2-b49b-25391b619dae", "comment": "Malware payload", "value": "c6cba0451aae231a1a50bdc85acb1e7e7ec1dab7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719535, "uuid": "3e6fc702-96a3-445e-9c3e-d0037d4f1e26", "comment": "Malware payload", "value": "d6dd222b457c1e1cf5d1169de0016b515e538f73dec85f37e0442d7cb9793c1abd0c8387b59170821c3bb861b9535871", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719535, "uuid": "5ef88710-1056-439e-b382-fd1823367dac", "value": "T10CD31D3E35B16816F9ED0B34F4F4FA1642103123B9E25CCE2D14AA2CC3739B7769A664", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719535, "uuid": "1e9823e2-6395-4012-b96f-b6956a9d0898", "value": "bb9dc484d891a7cf70c5c51b76b5d7db", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719535, "uuid": "833ffd98-3a8b-45fd-8b88-fe99fec76fdb", "value": "1536:KrYs78QUwp5nKiddeoS8647JtA7KUPq9ve2h+AFdgBFasrDi0AVMpCxmi77h1h+S:QrKiddDSt4dtH1G2hfdEbQMs377PhrU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701719535, "uuid": "4d7b467d-4dd8-4cac-baf3-af0dd879d8b5", "value": 140288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701719535, "uuid": "e1f09710-c8a1-45b1-a08b-4c4c303a2f7e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719535, "uuid": "5f1f1e28-a34e-4e29-9f8f-b9e514b62a81", "value": "84b10d8d399f2c2a9b017295fdcc6f21", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c85fc336-92f4-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701729052, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729052, "uuid": "6499e49b-4974-48ca-af50-e3cd26f32812", "comment": "Malware payload", "value": "c31045954d6264b6c27ca1d1c2de6cab", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729052, "uuid": "914188d7-1c3a-4b7b-8534-3c7ec078ed4d", "comment": "Malware payload", "value": "7c71cdf31a4ec57919e8df00d35679556e36d001417d5753a1a44e3b14e5f9aa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729052, "uuid": "9a291c22-2004-4a2e-9ca9-f1d5b9c2fec4", "comment": "Malware payload", "value": "c19d7c8a407cea0bcaca559d1476c6c627f5881c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729052, "uuid": "f82038f6-8aec-4f9c-9f2f-c0713af604aa", "comment": "Malware payload", "value": "70c46913d44a51a4812e81b765172b48363599d89730a9700f4b111fc88ee28db73a6a83b135f4e49317cb23f6ca0f3b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729052, "uuid": "a2cc1ba0-eeff-4120-abd9-8b5a9738a6cd", "value": "T12182212539D9113FF1639FF13FE4299ABCAAF6FE235754061472078B8B40A80DE52639", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729052, "uuid": "4c1c26c6-0f58-4703-b580-91d8a93531b8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729052, "uuid": "d57a6360-6e6c-4b47-b689-7569dda80dbe", "value": "384:jvKshdsnxmH3wBpIhECN/QACwUGLefokj+Z92DmOrZ2:jvKN4vUs0SZJT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701729052, "uuid": "3e2c3b8a-0724-4fa6-b315-8d1ea1dc2759", "value": 17920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701729052, "uuid": "a91caf3c-9fc3-41f4-a466-e103e9cb579c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729052, "uuid": "3b6e05f3-9ee9-47ff-b959-59fb7ff9deb5", "value": "SecuriteInfo.com.Trojan.RunPowerShellNET.8.10465.21998", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea8c62aa-92ca-11ee-b7ea-42010a9c0006", "comment": "Malware payload (zgRAT)", "timestamp": 1701711071, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711071, "uuid": "e07d467b-6090-4723-9fc2-dc70f0881a3a", "comment": "Malware payload (zgRAT)", "value": "c8f04c795163f302bd6ebf40cea0333e", "object_relation": "md5", "Tag": [ { "name": "com", "colour": "#1D22E5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711071, "uuid": "a92fb724-f78b-4527-ae87-8f014fbbcd35", "comment": "Malware payload (zgRAT)", "value": "7d8f3dbd510012c8919450a435e4246af4b82cfabbc607152e24b5f695230797", "object_relation": "sha256", "Tag": [ { "name": "com", "colour": "#1D22E5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711071, "uuid": "ce7bf4da-4749-4148-b3e3-5e7934369528", "comment": "Malware payload (zgRAT)", "value": "8c8467716403d3608d6c84ff52e9cb988ef5ce40", "object_relation": "sha1", "Tag": [ { "name": "com", "colour": "#1D22E5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711071, "uuid": "c4684997-1a99-4c3c-9c32-e679921f0b05", "comment": "Malware payload (zgRAT)", "value": "afb13bd6c6978b1af17445338b706b9879083802346608ac0097c3d135685ac3739444e9e72750f875efea397934e4b2", "object_relation": "sha3-384", "Tag": [ { "name": "com", "colour": "#1D22E5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711071, "uuid": "e6ed3c77-b62c-4e69-aaef-af68a33d887b", "value": "T189C4125AAAC28051C9048B3755F27F951BA0ED77E0ABC31F19283C9A2EFB3913F405E5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711071, "uuid": "68629884-62c4-41ba-90de-3f52c9d49611", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711071, "uuid": "af3031cf-d42c-4e4d-aa8d-1e9f35d8624c", "value": "12288:Em3iyNXA91r/adcWelxnfQbB1p8cWgGRaTG3q2Q1Xk4mhbOWl:JNwDSteTfuC80jQ1X3mh6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711071, "uuid": "9643433e-e509-4e7f-94f6-edb736992434", "value": 570416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711071, "uuid": "9ed6dea1-77be-444a-816a-c5101d4874f8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711071, "uuid": "4d3c0fbb-471b-48bf-9f3b-3ed3a8fe9916", "value": "1250232-00-Customs clearance information SHP2311-A4A1120-440pcs.com", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc4ed619-926e-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701671506, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671506, "uuid": "812a62d7-093c-41e7-ac6a-55c0c43a6a11", "comment": "Malware payload (Mirai)", "value": "c36a79767ebab3aebb44d9d528ec05a6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671506, "uuid": "3b68f402-55fd-427b-abbf-2c6a1e8413bf", "comment": "Malware payload (Mirai)", "value": "7ddf1e44e66467c28d2d78fb1222b8364e2050706d4290d8e3d2d06696ede6d6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671506, "uuid": "8a80b857-131e-4ef8-82eb-eae163121e05", "comment": "Malware payload (Mirai)", "value": "60eb6d94bd0162cb7c29e2b88bf771a9e8e48528", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671506, "uuid": "67a268e3-7d8c-470b-931d-f1dc947cb869", "comment": "Malware payload (Mirai)", "value": "240de5e82ba1c34bcf88bc848f063e47ec00e1e46e6ae8fd2ffb9314e686e52e22565724c052f9f4b8817545c4d06103", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671506, "uuid": "e94e66a9-7ebb-4253-b2fa-96ab0b29735f", "value": "T13BD33A56E7414B13C4D21779B6EF42463323EBA493DB73069528ABF43F8279E0E63A05", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671506, "uuid": "91700feb-84e2-4243-b6e7-a52b1169f89d", "value": "3072:x8M+l5Hajnm/JB2tvtXRY9fRzMjbkYM/9/ta6/:uM+zHajnm/JBKvtgZzMjbXM/9M6/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701671506, "uuid": "71a4a3a7-7d29-4280-adfd-004e89ed225f", "value": 140763, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701671506, "uuid": "1d27b4f8-2aa2-4098-b498-a5c02d0695f9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671506, "uuid": "013eefcf-814a-4a79-aa9f-032244c361c7", "value": "c36a79767ebab3aebb44d9d528ec05a6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5fa35751-92f6-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1701729735, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729735, "uuid": "80a4980a-64e1-4bda-b0ac-5da324d43bae", "comment": "Malware payload (RaccoonStealer)", "value": "fbc23f684604df94871c9b3536ed3b47", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729735, "uuid": "c19c063e-89d7-4472-ba72-1151209fce21", "comment": "Malware payload (RaccoonStealer)", "value": "7de6361871c145ff5c33f189fcf5ac612066df73af7d0c8cd1f59cbe1ffdec75", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729735, "uuid": "dba1a64e-3950-4872-9294-2f2e5426f560", "comment": "Malware payload (RaccoonStealer)", "value": "f62a55b9f8ebd74260c61d4ae23b47c053251408", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729735, "uuid": "49389b3d-0507-4ea3-a427-878ac08b5561", "comment": "Malware payload (RaccoonStealer)", "value": "cf1017606eaabc72153a9d6e09f283225da5e39d9080fe1d2f35996ecc71590215f19429f44ffa1e7f736df88abd0484", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729735, "uuid": "9a0b45ec-c14e-4e51-a52a-64457de7f37e", "value": "T16D54085382E07D45EA224B729E2FC6FD321EF6418E59BB6A2118AF1F14B1173DB63710", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729735, "uuid": "dd87c6c5-1a64-43b7-a8dd-01dea36c9958", "value": "f93900f7ca0f03abdf4da6da510ee5cc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729735, "uuid": "bcd31dfa-a714-40bf-98b0-0639fdbb3ae6", "value": "3072:zYVb3FNbRZ4tjQzTWG8QKPH2T8RAIG05KqEQVZkTkI:MB7oivIQWH2QRq/+iT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701729735, "uuid": "1f2a7b4b-6cb9-4f4e-a201-7f1762e07abf", "value": 296960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701729735, "uuid": "c26cd495-3803-41b7-9613-c96e57dad17f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729735, "uuid": "9242a225-ec7d-4b33-a9e0-abc71ae7c07d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "491431be-9294-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701687607, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "df3ab221-5492-4483-aee2-7e7e8a20a67b", "comment": "Malware payload (Gafgyt)", "value": "1806b57737463939123a33b2a3b2c87a", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "199f9c7e-8643-43bb-ad72-6a969183fe84", "comment": "Malware payload (Gafgyt)", "value": "7e27cd3eb50d71dc3556f48040adde98841c4f741b464ae61a29054b54b9e197", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "2cb22fe6-9f9c-4e69-80f3-234910c84a63", "comment": "Malware payload (Gafgyt)", "value": "caaf648a76caf861d6ae7eaa6f804d762c79e4bc", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "7a1db980-07da-49dc-9c16-fca4c0d0fb3c", "comment": "Malware payload (Gafgyt)", "value": "f3ab55f33784486a94d53d5758b7390476d305f2910f84c87ab85eab9c989876bcf326aa78d67edea5bc760799cb1207", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "b50b30e1-963e-495c-9ea2-0edf8989c539", "value": "T1B6148425892AD217C4D6EEFDFFC5BACE6219F6838BC6A3027590515D0FE1E94242FC84", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "df98a3a8-375a-46b7-a748-b3e60dce08a2", "value": "3072:ucX+THMxTjwN/k+NaBWxT6cCpK75Gx1Y7K/vfmND4ZK+RPx:ZX6M1wzNaMxTEK7sPvfmND4ZzRPx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701687607, "uuid": "dc7a0b01-62cb-4113-bcd6-cdbb0c81665f", "value": 208270, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701687607, "uuid": "775594b0-33b7-4760-898d-fdd27bb52f09", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "cfaef7fe-a915-42ad-abf0-c1909bef9f24", "value": "ssh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a706214d-92a9-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701696784, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696784, "uuid": "f0a199c1-8af6-42a0-9d2a-e8ebda205a3e", "comment": "Malware payload (Gafgyt)", "value": "0c61137aa052f3f3a3fc2954bba1080c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696784, "uuid": "85e92b24-ed30-4097-ae25-1df0d51a2b69", "comment": "Malware payload (Gafgyt)", "value": "7f19288e689f5ebd05fd8c8375b1a3a216c5c07f36df6ffbec2b1e90efeb7770", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696784, "uuid": "24062d91-bf89-490f-9af4-25189fd0c921", "comment": "Malware payload (Gafgyt)", "value": "b20afc4819f08481a34fb14adb3b453bbf1e9117", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696784, "uuid": "e0742c21-addd-493b-af5f-9de933293336", "comment": "Malware payload (Gafgyt)", "value": "3a857ef3156cb45fd996f506c235db87e4815f9c3ab366ca15aeae3c068eafb33fb5c5c19b84a6f55a02cf5df817d717", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696784, "uuid": "db1496a9-d354-4c2b-b97e-4af2f1aac5fb", "value": "T1E3F34D79B7618EB7D85FCE3301A949521C8C92C753997BABB2B0C528E74798F08D3D48", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696784, "uuid": "3415b601-7b1a-4f08-b21f-7784aad24a17", "value": "3072:luXzcNSzYVe6IRDW01uk+vy/mkm7FAwsH8LE:8c/ORDW01urvy/mkm7FAwsH8LE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701696784, "uuid": "666468e7-3aa0-47bd-a41b-8ac44d5b1770", "value": 169207, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701696784, "uuid": "45d5c978-139b-4f1c-8497-76dd4662bc0e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696784, "uuid": "be7bd4b0-0dac-4eef-9106-30fab1ba1c9b", "value": "0c61137aa052f3f3a3fc2954bba1080c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc692dbc-92b8-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701703289, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701703289, "uuid": "fd2857a0-011e-496f-aa73-5f3714f7472b", "comment": "Malware payload (Formbook)", "value": "9870e92d2865d48074d599e1dcd7001a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701703289, "uuid": "58938400-2ea5-4c77-afed-25898f2a8f95", "comment": "Malware payload (Formbook)", "value": "7f44887a14271366d29b2bacb0f4857755b9024fbba358a11ab4472a498b3da5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701703289, "uuid": "7a391307-b996-4fea-983b-f6112707074c", "comment": "Malware payload (Formbook)", "value": "3c3f99f9319e42a3e2f25c28714c060b29c56a30", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701703289, "uuid": "9f86d581-d574-46ef-8bbe-de084b44e6fb", "comment": "Malware payload (Formbook)", "value": "336e1c31237e6cbfadd4497ea7efa364266ee0b67c7e3d4970e854fffdeb21ef9ed02d214a15ec91cb1df32c85aee87f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701703289, "uuid": "ba0ed4a6-244b-4fe1-a33b-ddcd5958a9e1", "value": "T1B405E00562F51F19E47E67F58294020047BB7B9A613BE35C6EC9E0D72E71B020E1BB6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701703289, "uuid": "4ddbb83a-4d4e-4eec-98c7-2a6b0d1520ca", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701703289, "uuid": "4d62ecfc-c424-4ac7-8545-7705f043c64e", "value": "12288:xfYNr4R9cxP45+po2duWdKxMCnjlSH9f8rGij/UBT/p3o6VoYwRtPmrS:Hck+pJddduNnj40kT/xoK/wRVm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701703289, "uuid": "b7e81c64-44ab-4b03-b717-94b6256a7b93", "value": 861184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701703289, "uuid": "86fa266d-67ca-4432-ab2c-46fd569685ad", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701703289, "uuid": "bbfeb912-70cb-447a-9763-b1805783a5a9", "value": "PIqLeJRHKnukIQd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d9fff4a9-9286-11ee-b7ea-42010a9c0006", "comment": "Malware payload (zgRAT)", "timestamp": 1701681837, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681837, "uuid": "f3fec1af-f214-40db-8bf2-1cb2e03ef02c", "comment": "Malware payload (zgRAT)", "value": "88b873c00515baacede5453748029c37", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681837, "uuid": "814f8ba1-b2ca-4e5b-8712-16c0a4305263", "comment": "Malware payload (zgRAT)", "value": "7fcbf5a3aaa682b0eff951400bf5a5c8d0fab8152aae1aec099fe0ad916c1a82", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681837, "uuid": "7504ae07-0410-4273-93bc-4fddd4e311fa", "comment": "Malware payload (zgRAT)", "value": "58b340e073c34cdbc70f722b9d33f2bd39dc3c4d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681837, "uuid": "7a843418-1c3f-4436-84f8-466e787ab7d6", "comment": "Malware payload (zgRAT)", "value": "8ff4fdb987ea2a269a35a4733a231ce0557450fe01aeb3bb8767b1cbe8b41df679d12757552872eae8ab9b9a352ac1bf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681837, "uuid": "aa2604ed-52c4-44b4-baca-ace8fe4d57a9", "value": "T1C2A2E6C9EDCD81E2C52941750CE233491276AE2BBC62EF4F8D59B6A164336D025329EF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681837, "uuid": "f46c6f0d-7bf0-4446-b16a-dda8b52a13d0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681837, "uuid": "a94adebe-8de6-4296-b4f2-fc8cc6318669", "value": "384:ClugZ4DQpORsdZ9Ey0eMEklGvBsPYyMg:U4Lg9H0u2PYFg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681837, "uuid": "bc2dc3fc-3d32-402c-a739-684ed185f1f9", "value": 22528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681837, "uuid": "7a6b6ed1-a952-426b-b8e2-7cee20f08ec0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681837, "uuid": "46876454-7fb4-42f5-a430-483f7f69257a", "value": "1256- SPN-EQ-V-2023-PT. SURYA PUTRA MESINDORD-V-02277-BSN- 2023.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da253eac-9286-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Stealc)", "timestamp": 1701681837, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681837, "uuid": "81ff4eae-63e8-473d-9944-f03915e02160", "comment": "Malware payload (Stealc)", "value": "d576273f83be051a7c6a4b3d37c80cda", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681837, "uuid": "05203ee4-d161-40bb-8fdc-d6820eed0b59", "comment": "Malware payload (Stealc)", "value": "7feb43b21e76fa15ffde58a8bf076f2a3885ffd2c81b5fd1bb608332406fd17a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681837, "uuid": "42ea615a-b96b-42ae-ab80-e8262525af9f", "comment": "Malware payload (Stealc)", "value": "e8e72e53ed5b48ee109ea39b838e70970e1f0dd6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681837, "uuid": "86db2a64-d69b-4e2e-bad0-e2a937b6f0c5", "comment": "Malware payload (Stealc)", "value": "4861aa8a3aa52348c0eaec8a6df8bf9735749cb082ce7ca253ded7a1c6262bd7083a06079a8e952949d5f091ca130247", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681837, "uuid": "4313b7bc-a4db-47de-84ff-9e47962dddcc", "value": "T1C154F74392E17D55E9658B73AE2FC2FC760DF9408E0D3B692918AF1F10B1172D1A3B16", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681837, "uuid": "6c9a2c3d-e6b6-4b66-9bf4-15f181c86f1e", "value": "4218786bdd48185e04ca1848e08c3d21", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681837, "uuid": "da4ae5dc-1a0a-4add-99b3-fb0969fdafab", "value": "3072:P2/1jB4w+QPFmK0Z/vkQTBPSQ5mUokfbhemOibTUyGTkH:u/z0Z/s2VSXURdVOibTUyGT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681837, "uuid": "b8e3b887-dd6f-4ad4-bb9b-7cfff285a590", "value": 287744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681837, "uuid": "9b3b9d4c-309e-4c03-b82d-acb2d1cb4112", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681837, "uuid": "b79b1eeb-99e4-47ac-bfd0-2b13445bcfcb", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "245a6345-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698283, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698283, "uuid": "01581687-6b09-4234-859a-cd5ba9600bac", "comment": "Malware payload (SMSAGENT)", "value": "04b8b329cf82b7196646c3fb0403b3dd", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698283, "uuid": "5694cbd2-eb48-4103-a858-23393ed63696", "comment": "Malware payload (SMSAGENT)", "value": "80728c24072b396f27442f5325a55bad4eb733953beb7a8b998455559eada302", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698283, "uuid": "b0329b6b-5552-49ce-ae46-ad2e2b0d8601", "comment": "Malware payload (SMSAGENT)", "value": "51e299dd9c2af534f8a10606ea0414b0a4f33322", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698283, "uuid": "0175b6d5-1583-4df3-9fca-1fe79655b491", "comment": "Malware payload (SMSAGENT)", "value": "86c82911f21972204f4e6f6e0e32f46c8da9517eb65687d9cdaac4dbf2934e9719f79e9695b6f50ba54eea572333f9e8", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698283, "uuid": "faa980da-79dd-4aa9-bdc4-62639a773ca4", "value": "T124560175731CF40BE073DE316371814F71E185E51A72E312AB07B8585DABDC4AAAEE0A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698283, "uuid": "53c51bd1-174f-4473-a84d-4c1fac8faf47", "value": "196608:/GDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJY9S:iirUVis8O/0giAZ9PDhS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698283, "uuid": "11efa189-1954-49c1-8669-4d53c072f95d", "value": 6364092, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698283, "uuid": "95d3ca56-dcf6-4973-bcfc-f26420c28cba", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698283, "uuid": "e4e9cad5-c9fa-4790-9be3-79a0419ad428", "value": "\u0422\u0415\u041bE\u0413\u0420\u0410\u041c\u041c-\u041cO\u0414.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e68870d3-9295-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701688301, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688301, "uuid": "3e10ff94-a605-4062-9dc7-8bbdee7c0039", "comment": "Malware payload (Mirai)", "value": "66c5eed305f3d62c114d6dc0d7d9feac", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688301, "uuid": "6b467809-fb97-4a9f-be64-fc541a41febd", "comment": "Malware payload (Mirai)", "value": "807640a100f54d3317694fdd313345e867db6eaac2de026e9c7e49bbbf450f7d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688301, "uuid": "dc83ad7a-f99f-423f-9874-213147ec2fca", "comment": "Malware payload (Mirai)", "value": "a2fd6a9b2afd3a5ef3b706339dc0628d8b282913", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688301, "uuid": "c76f58b7-88da-462e-bcb0-902dc400ece1", "comment": "Malware payload (Mirai)", "value": "6ffc77703709c48ce8d05b7a4c970102ff09444b99b4036857abeac36522323a4f9b16a8fe40b0cc2fca50d0bef457eb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688301, "uuid": "351464ca-6bb4-444d-97fa-4891ec888457", "value": "T1D5539FA5C5ACAD58CB1445B8B614CD388723F408A5E72EFBD646C796800BEECF1587F1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688301, "uuid": "99a07a8e-dfe9-456c-919f-d98937a828f3", "value": "1536:XaoJRnrB/mUU5XtiYmG6u1KUDYofs3Qb9jQrNUxb9CH:XHJRrBeUUfw9MXBf+QJjWNUxb9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701688301, "uuid": "16e839f8-88c8-4da1-86f9-766680840385", "value": 63768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701688301, "uuid": "32d6eb87-34e4-4aa5-8e9c-c72a0395963e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688301, "uuid": "33e20a30-176a-41e4-b313-6c26f4372d6f", "value": "66c5eed305f3d62c114d6dc0d7d9feac", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "abacb68a-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Amadey)", "timestamp": 1701682189, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682189, "uuid": "ff27e4bf-afa1-495b-a5bd-b877d60c8afd", "comment": "Malware payload (Amadey)", "value": "24e6360c5bb6c80155d7894edaf43d03", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682189, "uuid": "c91827a4-13b2-4304-b2f6-2b0ff0991fa3", "comment": "Malware payload (Amadey)", "value": "81bf0cf226609f2e57348cff8cd45d5ecca385e113fd7f44a330aabcfc55381d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682189, "uuid": "bbe6693e-1c9f-407b-9fc9-8782a039ae49", "comment": "Malware payload (Amadey)", "value": "d355a14472b60b60f29bab77d9c82ca6c8260dd5", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682189, "uuid": "eea4a59e-8a49-4dcc-b927-92618b23ebe6", "comment": "Malware payload (Amadey)", "value": "a3e4e87698c459c6220aae380f3e2517762b055510dc819961e19815860e314c63662370fe0d37d73f68c9f06eb8b6e9", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682189, "uuid": "90c00e18-7363-4d54-9405-f018ecc53a2f", "value": "T1F635E0A7AA09205FEF2E03FBE18A15113220974F313AD6532B5CD64D6FB664381758FB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682189, "uuid": "41810bcd-5577-44e7-a2c6-22ccc57af7f3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682189, "uuid": "4c17d6a0-52ba-40b7-b27f-b149c260fb9d", "value": "24576:zJCe7R4SCLPgtFF96ao5cGkDELLa9ktbBqHfd58yVYCLqAYI:F77xtg51MAak9Bw6CLqlI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682189, "uuid": "55040889-d693-4d6e-874d-735d2ce8f86e", "value": 1156984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682189, "uuid": "619567bb-dd56-4e51-bb26-1ff44dd2bf26", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682189, "uuid": "4313f60e-e69a-4e9c-97b2-9001abf19e24", "value": "24e6360c5bb6c80155d7894edaf43d03.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2639b163-927c-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AsyncRAT)", "timestamp": 1701677240, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701677240, "uuid": "a9a06389-d884-4b02-b7ae-f2500ab8f03f", "comment": "Malware payload (AsyncRAT)", "value": "808e7cd14ef26b8060beb85b883e6426", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701677240, "uuid": "1e7fd770-a256-4883-aaea-2bd5c3a87b38", "comment": "Malware payload (AsyncRAT)", "value": "83d944990a78952d5defbcc1ab47a9f9464a6e84890816a01310bc2d2f97b2c1", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701677240, "uuid": "4989ac64-f4ec-4097-9a00-5f07cc1b6f87", "comment": "Malware payload (AsyncRAT)", "value": "47f2bf06551cddf4734eead636327b8bef29b7b6", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701677240, "uuid": "96e936e5-b149-4c35-b592-3768027bf87e", "comment": "Malware payload (AsyncRAT)", "value": "d5b4ae320301129495a260f3a1c7cc9e56c2b3b22f765440e809406550099f71aeee84fe80d5755bd16e9fe2e7fdcb97", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701677240, "uuid": "ecb685fd-c836-498e-94db-26166d101eec", "value": "T147F23B487FE4832ACAFE2BF529F2651512B4D503EA13D75E18D845AA6F37BC08D013E6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701677240, "uuid": "7880d561-4b65-41ef-ab1f-bc15e745fd6a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701677240, "uuid": "072ca1f1-f158-403e-a218-a267a4c29a53", "value": "768:8o4fK1pDGkptwyZScCBSUapNgqVXU/kZl+Bcgo5tlTF592qO9hLdRP:9DGkptwyZScCkU4rRUsZcB5o5HF592q8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701677240, "uuid": "c8fc624a-234a-447d-b934-c13f122dd7ec", "value": 34304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701677240, "uuid": "70bde485-d29b-4e83-8604-3d23a9706e67", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701677240, "uuid": "e690adc0-9989-45cf-a0df-0a6c2050bdfa", "value": "bSgJ.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5c0e74e9-92cb-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701711261, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711261, "uuid": "12d5ae4e-7d0d-4e7f-a96b-fe557a3f6cd1", "comment": "Malware payload (SMSAGENT)", "value": "5421516adba9f52ebe42dafa1566fe9a", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711261, "uuid": "70dc4814-951e-4104-8ead-b353993bc892", "comment": "Malware payload (SMSAGENT)", "value": "842ef769ecbf2dc95418261d1919b3f3515314160817058a53ea3056299defc0", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711261, "uuid": "4d728f32-d759-4570-b552-1580a40d6fe5", "comment": "Malware payload (SMSAGENT)", "value": "48a09cf2a8e664e73d9fae9c4d01ee97b41d00dd", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711261, "uuid": "7fb17b25-ac8f-4f14-819a-13e40d846a5d", "comment": "Malware payload (SMSAGENT)", "value": "f32e987bcb85d1c7619770ccc46293c4318078eef7d1c6882a96adc3faee3fb582a9dfe8414bc289d54e55e8711c5285", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711261, "uuid": "fdb62761-ff96-4a69-8065-3bc832685d5b", "value": "T191179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711261, "uuid": "bc7ca11e-b924-4ad7-996d-e750c387eefa", "value": "49152:SuuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvg:Kv+49UBEIIddXHNqjeceOnMI+lEaAQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711261, "uuid": "f42b83e4-d8e2-40ab-bb36-a3903cb9227d", "value": 18565169, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711261, "uuid": "4209b40d-97b9-4c6e-bbb4-caf261fc791f", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711261, "uuid": "ed5847a2-b126-4831-b2c0-19f1086a0408", "value": "Durak.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27c08326-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload (GuLoader)", "timestamp": 1701681968, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681968, "uuid": "008b33b3-7bba-44f3-8049-c628efed9f1e", "comment": "Malware payload (GuLoader)", "value": "6fc9ef7d1c035b3073e0fee849609695", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681968, "uuid": "7b62b15e-8d6c-4dc0-b194-24757ac22bb0", "comment": "Malware payload (GuLoader)", "value": "85407e0947fde678d6abc0d8ebf96c35240a7467b6cf1347ec798072d4f393e2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681968, "uuid": "b0d3c780-4ddb-4627-af5c-c210941ccac3", "comment": "Malware payload (GuLoader)", "value": "e6c9464a90e75654e344c75bf07cde093c922c04", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681968, "uuid": "0ff7104a-c0cb-4769-9840-c271c7afbf6e", "comment": "Malware payload (GuLoader)", "value": "9f57f79ec7836f1291caff5899e66621768fb37b9151cafa720934bc779bad347e38557da86c0560621bbb0e0cf4913a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681968, "uuid": "6ab5f148-1303-499b-b650-8ec1ab65ec92", "value": "T1C684F12E3694C0E6F48C83F52B369B0B15DEAC476142151A37717BB8AF39683CA1F5C4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681968, "uuid": "4a9732c4-cb43-49ab-b0c0-242610fdfcbd", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681968, "uuid": "e4dd9bf0-f353-44ae-b4f7-6800c8d50b89", "value": "6144:6Q606xNlmkDngv/vWgdpBaw/wl5AFJ644wimH+fi9FxIjCfAWmyTdRN:UFLgH+m7F/c2xiomi9FbfAWmyTd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681968, "uuid": "ce056801-830b-4916-9dfe-67d52248a297", "value": 379466, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681968, "uuid": "166f7374-e47c-4f6a-aba2-dce3f7b3bb17", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681968, "uuid": "f85ba63d-01c5-4fe3-af34-658452eea015", "value": "Technical Offer.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97b499dc-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701680867, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680867, "uuid": "c5ef617b-5380-44c3-853e-e672e2780679", "comment": "Malware payload (Formbook)", "value": "1fadb4180cec90e54c0ea48730c6d1f6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680867, "uuid": "85a0b361-110b-4509-8898-bacccabc1a95", "comment": "Malware payload (Formbook)", "value": "871a29a5b20d5534205d177ec159eb6984e1b543b31d66f5d2110838e50fb86e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680867, "uuid": "65ee7206-3fea-4942-bbff-cfa3d998ac72", "comment": "Malware payload (Formbook)", "value": "65587cf279f0ef4d7177a2570d8fd1ba348be33a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680867, "uuid": "fb2c43c5-72ca-4075-b790-b4a595016705", "comment": "Malware payload (Formbook)", "value": "099ddc34d1d9fe9e7cc729ae737194ec0f854ad8fa42d423f8b259bf35847443b43f98ae87d87f086875170f7d28c999", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680867, "uuid": "bdaf8c21-c398-41ee-89b1-717fb4dcd651", "value": "T106D423ED31A95B91CC7E1BB6F094D65416BCB2813113EF832EE512CD6524B2B4BE072B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680867, "uuid": "48d7d119-0176-4417-a3bd-cf821dae43fe", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680867, "uuid": "877485f9-2824-439b-9f83-7ccca3296f18", "value": "12288:I45+po2jfLiGo/pYlHl8x46LO7xi5y22uJUUOPg3cNqS:L+pJ/W/a1l8x46Lkf22J4cNqS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680867, "uuid": "57d0b15c-be22-48b1-b0d1-db29b6ec6173", "value": 614400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680867, "uuid": "acb7254e-e107-4450-a9c5-cde6a3058204", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680867, "uuid": "f8bdd549-2893-454b-b807-081698a858f1", "value": "S004212823122940,PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d59dec6-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698325, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698325, "uuid": "5af03401-5a54-4a53-b451-6ffe5cd5978d", "comment": "Malware payload (SMSAGENT)", "value": "4a71033bad85605e14ee6c568555e381", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698325, "uuid": "f171b106-25b4-4ad3-ad63-942a58ed447c", "comment": "Malware payload (SMSAGENT)", "value": "871bfd683d67a6b558ff744ca9890d2b4585c5d44e0c932e6067e70c99e84a79", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698325, "uuid": "b822ccd9-79a3-4b9e-be3a-5e1217740a0e", "comment": "Malware payload (SMSAGENT)", "value": "6faeaa9c4f35158a8aa401b5f64885a41396c355", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698325, "uuid": "9453d347-0f95-4af9-8545-5bf4b94a02a2", "comment": "Malware payload (SMSAGENT)", "value": "2565cc77f7a1ad1662a4a0a8b1eeb1ac9d002cf5d0ad2b9887c9f24556dad698e7b2ef3c982f76bdc10b86e13a26603b", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698325, "uuid": "701c08ad-3bf6-447e-abb4-8ab618db24b4", "value": "T111560175731CF40BE073DE316371814F71E185E51A72E312AB07B8585DABDC0AAAEE1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698325, "uuid": "609d58ff-5161-47fb-bce0-d081d3609628", "value": "196608:/yDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYjJ:2irUVis8O/0giAZ9PDp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698325, "uuid": "93af73ab-e004-4ab7-a472-7fc896c54599", "value": 6372286, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698325, "uuid": "7cae82c7-697e-49d8-894f-84cd4508f811", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698325, "uuid": "9684a387-ad85-42ef-878a-a0c84e57b160", "value": "Getcontact+.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9cd0b99-92ca-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701711069, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711069, "uuid": "3eed3343-ac7d-4b1e-a4c3-c92d1b51d315", "comment": "Malware payload (SMSAGENT)", "value": "2878d79d8b56f42846e2832312b0bbf7", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711069, "uuid": "b7b1486c-d0f8-4ce8-a59c-8a5103fdf8e7", "comment": "Malware payload (SMSAGENT)", "value": "873848c502704ba57e3b36d413d65fcc7c72af2750c4e8e97b7a22faee4429d6", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711069, "uuid": "7a660186-5e96-49ac-9afb-1a2d019cb25b", "comment": "Malware payload (SMSAGENT)", "value": "50b9614351a02a10a17108fa59dfb3410badd9ce", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711069, "uuid": "f086acf1-5d10-41d9-87d5-64b1e00eeaec", "comment": "Malware payload (SMSAGENT)", "value": "c333bbfde14bdc295dfbaf9bddf564413ecd023eec31c49b64f7d3cec6fc4a0dbae848210a6965c01a3dd8a4d0f3730c", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711069, "uuid": "0adf35e4-8b12-4ced-924d-0737e3420d93", "value": "T147179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711069, "uuid": "a1244e53-b7bd-4e04-a400-cb31e019ffb9", "value": "49152:2uuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvO:ev+49UBEIIddXHNqjeceknMI+lEaA8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711069, "uuid": "efc721cf-0f2e-49de-b5bb-78f45c226a9e", "value": 18576560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711069, "uuid": "1419fb81-ad3d-45e2-87d6-87d4588e82aa", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711069, "uuid": "2b225dd8-3f58-462c-b0f7-0038ea896010", "value": "Telescope messenger.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "097ddd12-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698238, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698238, "uuid": "46c88a74-1060-42ef-bdd5-1d1d405d38ad", "comment": "Malware payload (SMSAGENT)", "value": "5eb0a123390f1705c524b08a55b36f48", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698238, "uuid": "45317f4e-645c-435e-9406-b0cc8dcdff16", "comment": "Malware payload (SMSAGENT)", "value": "8749efab119cb35a5a7e57bf72dd313877a13710f5200851f6c331c97e315e37", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698238, "uuid": "8ede00fa-dee1-4c33-a120-a2b7599eed60", "comment": "Malware payload (SMSAGENT)", "value": "fcecc6cbeb95a7ab998bc088a50c7d2627cbde9a", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698238, "uuid": "0c4c2dce-943f-42f1-b0fa-eb0b99f41b76", "comment": "Malware payload (SMSAGENT)", "value": "94d9b1ea374b58c3b075e01798a2d1b4f199233f0633a0f19e3a850a2285f7422562515c9dcfd4e0c4e69dd14f1e62d0", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698238, "uuid": "aa9e37bf-55cb-4185-af1b-1d26a7f8b590", "value": "T101560175731CF40BE073DE316371814F71E085E51A72E312AB07B8585DABDC4AAAEE1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698238, "uuid": "9a70e4b3-9415-4f37-b649-cca777456fc0", "value": "196608:/gDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYPJ:girUVis8O/0giAZ9PDt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698238, "uuid": "0c228181-9e62-4a97-a1a5-c301a5157143", "value": 6359996, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698238, "uuid": "07d10ac0-5e59-41a2-9fef-3fcea57b3b55", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698238, "uuid": "f6cd843e-52e2-41b0-ad95-6f3d6bda877a", "value": "Verify App (2).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48036576-92f5-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RemcosRAT)", "timestamp": 1701729266, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729266, "uuid": "8d6c402d-cc3b-4027-8dae-2c6612c45b3c", "comment": "Malware payload (RemcosRAT)", "value": "c884f7e8beb885a3ed6ef33db42a747d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729266, "uuid": "65452c75-85ba-4264-9859-045710ff9829", "comment": "Malware payload (RemcosRAT)", "value": "8784e0d535205d0ec5d8506d019f382404e0aebb1b10b4d3e9831ff5407631ba", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729266, "uuid": "c71a3cbd-20c3-4b9a-bb0f-2894534f40ba", "comment": "Malware payload (RemcosRAT)", "value": "3f53820f3dcc62796eccda8c680ce2d04cc6b5d6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729266, "uuid": "48a876b9-4951-40d0-8712-54c50728dbbf", "comment": "Malware payload (RemcosRAT)", "value": "625d27b1a56228c30561b42bf54922858d91af2f858b1e63ace98b6ebe4882cf8bd9c919cc6b698e418cac78a902a802", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729266, "uuid": "e3bb6477-8039-4da6-8b02-20e14a48cb85", "value": "T106B49E01BAD1C072D57524300D3AF776EAB8BD2018364A7B73D61D5BFE31190B62AAB7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729266, "uuid": "9220c8c2-a035-473a-81b8-f41474c99ff4", "value": "8d5087ff5de35c3fbb9f212b47d63cad", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729266, "uuid": "3ae7fe67-82e9-4394-a140-850672b2113c", "value": "6144:8XIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZsAX4cNP5Gv:8X7tPMK8ctGe4Dzl4h2QnuPs/Zsacv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701729266, "uuid": "a35eb5aa-8768-40bc-9eec-8a03a14ea305", "value": 494592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701729266, "uuid": "228cad58-251c-4564-81c4-e6f10726a7bb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729266, "uuid": "6a724080-819b-4f87-a0c6-e2cdda5cc0a0", "value": "xRLFvVQQUHlv.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f02e4dac-925f-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1701665124, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701665124, "uuid": "fdf9cb31-43e5-4f57-ba20-681e8b7bcf6f", "comment": "Malware payload (Rhadamanthys)", "value": "7a0bdb236159804a677953a5518d5184", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701665124, "uuid": "e8665f10-1675-4794-9aa0-26a9fd91f946", "comment": "Malware payload (Rhadamanthys)", "value": "878e881cb00de3297651a06f1d2054c88183e9f8010c1c30f5eeb92d7154e816", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701665124, "uuid": "6d8677c1-aedb-449a-a70a-ffaf9d6672ec", "comment": "Malware payload (Rhadamanthys)", "value": "337cf700131b80e2774c2ac9ad48e57f5f9596d8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701665124, "uuid": "eb0ef59f-b3b3-46a4-a600-25286472a0cd", "comment": "Malware payload (Rhadamanthys)", "value": "dbff7cd89d64b7617e6b1440ab8cb60203f774bbd3fbea701cba578edaab33ba31c40144856eb14aff9239ded73d2ef3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701665124, "uuid": "e153bb13-968f-4848-a130-9e70e61bd5ec", "value": "T17CD4CF22B3B5C562D18A5AF04418B53CD670DEF25EDF891B7FE60D0EDB78EA24C18A41", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701665124, "uuid": "7f44954d-7008-4ea5-8445-d64be20a6672", "value": "492605aa7b8aefac51399cf6619dc6cf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701665124, "uuid": "beb6f5ed-07ee-4e3d-b8a7-34fc8e21e5fb", "value": "12288:eGcbKnZU2Z1r8d1eI8CvZLahOE3B5lQc8ovXTb+UBljT1aQFGhFAwwG:eGcmnZ71yghec8KTbPBd1aQBww", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701665124, "uuid": "c3ed1a2d-9221-455e-8f91-3b512fb4cfa1", "value": 613376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701665124, "uuid": "dc2727ba-9d5b-4cce-9832-7dc78490d617", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701665124, "uuid": "ffd8465c-9b55-40f4-bb16-e1908839235e", "value": "7a0bdb236159804a677953a5518d5184", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "37aa798c-92a2-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701693591, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693591, "uuid": "1ce11516-4c9b-44c5-90a7-ef8e0a087859", "comment": "Malware payload (AgentTesla)", "value": "6bce4b81445b12ba2669ce0f19f43aa0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693591, "uuid": "79ac8b06-27cf-4a52-8dfe-43326a1c8a46", "comment": "Malware payload (AgentTesla)", "value": "888879dc6984765022bbe60559d28cf3bd550f641f2034f11a10052acc7240ad", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693591, "uuid": "641025eb-756a-45e9-b4f9-7a9d820f6d10", "comment": "Malware payload (AgentTesla)", "value": "01bdba6daa6da8d966f004afe104ae871a9155c8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693591, "uuid": "7d336eb8-5278-4c33-bbbd-a6c0ec94ea1a", "comment": "Malware payload (AgentTesla)", "value": "5fae911009767f71981f26ba6f5d2551ba4bbf455e13b2e44bd077eef4985e99b07cd5236b785da5920fd81b92fabbf0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693591, "uuid": "4cf75d7a-3fdf-4e0b-b6b0-10d141e231e0", "value": "T11315AD84E5A95B51DDB9A7B05536C93007733DADA878E22C1CCD7CE73BBBB824412A13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693591, "uuid": "47d4889b-8373-499d-8cb9-52389cb9abc8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693591, "uuid": "956c0916-8d7c-4f64-ab22-77dba1690492", "value": "12288:w7lxIyzucL5ZRNmiVs2ON3vd12RaRm+n4j4C41eElP7r9r/+pppppppppppppppX:w7lNlx/V0hd12R44g1e81q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701693591, "uuid": "8a1031c0-7038-4c98-b630-a4d8f9f8ab98", "value": 950784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701693591, "uuid": "fc4ff675-875f-4cf8-8da6-6335036fddcb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693591, "uuid": "0510c7ea-7d88-449c-bfb2-5e0509ebb984", "value": "Swift Copy for US$ 17073.36.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a24c0db-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701680871, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680871, "uuid": "15b9de25-6b61-418d-b966-ff7c6bd21b83", "comment": "Malware payload (Formbook)", "value": "b64f344944ba03a5454cb5e3458c3670", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680871, "uuid": "f3e0f954-2089-46fb-aab2-0dd01e75a52b", "comment": "Malware payload (Formbook)", "value": "88f646bcc3692ddd21205ec14a93ababd3ab2e9bb017ed838a2f375ac153d21f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680871, "uuid": "b52cb7ac-9cf7-4eb8-9408-3bae9b01f91d", "comment": "Malware payload (Formbook)", "value": "200eefce81b0a2991cf7ddd487ee7ff2a1144ef7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680871, "uuid": "3f151134-700e-481c-a0c0-25b31fa38357", "comment": "Malware payload (Formbook)", "value": "c3ba092360c2a36b0f052d2da156a378101daef6fab3f21661821d45259e619dcafdf89026146064c8b385a2a2c99cf6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680871, "uuid": "ca9f55bb-5962-4c56-83b2-3a2f1a476558", "value": "T176C423EB72D60752C8BB53BB202D4190B3E477A87075FAEA18E2F15C1515F2A1F52B0B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680871, "uuid": "e6132f0d-9913-45b1-8a5d-af7d087909ce", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680871, "uuid": "ed4bbea4-da64-438e-894b-b9a8c9f98374", "value": "12288:zp45+po2YxjS4k+jjG14iV3mUpfpI8wncCgt3ogPm:z0+pJYxZZjFitNxiiogPm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680871, "uuid": "dd608501-1a78-490e-8556-0feb5f994840", "value": 588288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680871, "uuid": "df8b0a9f-62f8-4cf7-b422-f876c6c4dc51", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680871, "uuid": "7056ec6e-815f-44f5-a821-77524dff685f", "value": "INQUIRY ORDER FOR QOUTATION.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5032ac0d-92cb-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701711241, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711241, "uuid": "fc32165f-906a-4121-a885-53577c1d2523", "comment": "Malware payload (SMSAGENT)", "value": "6a3ef376d4c375250054c19935308b51", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711241, "uuid": "19feecc2-bd4a-43ca-922e-74500cf30233", "comment": "Malware payload (SMSAGENT)", "value": "8995d9da53e58ad608a11f15996ffdc233f99755f8853cf966747cae5737eb97", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711241, "uuid": "aaf47efb-67d4-4246-a8a0-c346a7630d0c", "comment": "Malware payload (SMSAGENT)", "value": "23be13b09872243e62d971601f41f41fbc9ae201", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711241, "uuid": "82cbaa2f-78f7-4151-aeb9-bdc86d6ba3b5", "comment": "Malware payload (SMSAGENT)", "value": "8c33e7974bd0bc76ccde45f1539f2c26509ddf9caf732c997341a88692a3405610c90eab7083776aa5deaf83529ec13a", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711241, "uuid": "7c86f190-fc16-4d9b-9d37-2445e08d5f32", "value": "T1F9179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711241, "uuid": "eb3d8f45-dac1-4356-b09e-5924f8e89b42", "value": "49152:puuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvk:Dv+49UBEIIddXHNqjeceGnMI+lEaA4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711241, "uuid": "02d92c5f-dae3-461c-8b8c-5370ca66c830", "value": 18579584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711241, "uuid": "76dbc180-214e-4dd3-9208-6c5245524342", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711241, "uuid": "b6d9d282-820f-415a-bdcb-aa00081ced05", "value": "HexCheats.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5f09b53-92c3-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701708003, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708003, "uuid": "567586a9-8b3e-4581-b315-700dc5071738", "comment": "Malware payload", "value": "1836716b2f372522b52f865d74f59dc7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708003, "uuid": "a68b8611-6717-429a-b23b-a707bcbd78b0", "comment": "Malware payload", "value": "8bc73b56e4f82591734a80dfae67191e5fb269ccbe313635be904d9d9f85009f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708003, "uuid": "f40e87b7-d990-459a-a448-4923c27ec93a", "comment": "Malware payload", "value": "f642a469e381c3ec8f3fc9d29b791baf2d654b63", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708003, "uuid": "d55dc763-25a7-4281-8be1-e03b68e7afd1", "comment": "Malware payload", "value": "ab2ec144146e85f58f89820cfdbc6a6206081131cf8b09af1e4eba38b25441e7d02588b6582681b3aa9616e9644fec47", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708003, "uuid": "2f0f0133-ffeb-424f-ba49-023f8bead3da", "value": "T178B5E720EA10604DFDE707BF4AFD6478846C7EA0DBDDA0D300C56ADAB23E5E67936146", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708003, "uuid": "ba95b5cc-dc3f-4fba-8bbd-873e6bb30923", "value": "e7d79f06bfc04ada764066273cf9101b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708003, "uuid": "89ab901d-e81e-4e6b-80c5-9a3860ba785f", "value": "24576:aCKJMjFsCBqTsGlZdYRcUfuTZIeTcfa7luMuUmK0+ds:HKUFsCBqTdZdIaT0Uf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701708003, "uuid": "9f04c014-a3be-4547-bf10-a2c322b21be3", "value": 2281984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701708003, "uuid": "84927337-6dd4-4178-ac1f-84b209300af0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708003, "uuid": "8400bca6-cd22-45d1-b2f9-0365d4a87b7b", "value": "1836716b2f372522b52f865d74f59dc7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf1f842b-9289-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701683080, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683080, "uuid": "5ba3666a-0cc8-41ab-acf9-6767b1c25a5a", "comment": "Malware payload", "value": "a2b56a267f83be08fbf30cb772733384", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683080, "uuid": "8aefba05-f2b8-4e17-8a93-2a3af3d016a0", "comment": "Malware payload", "value": "8c5d3199cf17dfd40b2b306e5f9a8310c47560d87fdd6751e81454d43f73ea66", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683080, "uuid": "856c6e52-e9d4-4376-81d6-836d095ca395", "comment": "Malware payload", "value": "fab48d36edf5f56998e89cded2158bfb4e071805", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683080, "uuid": "14b703e0-c85f-4ac5-b24d-35ed8dc8e402", "comment": "Malware payload", "value": "59f140b37ccf30486f6ca11d04d7aeb0b87f61b75f9dea26a96be820803c00969f79ef5ea9eb9e775feaa6f78aa29c20", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683080, "uuid": "9164209c-a15d-4df8-95eb-b5b04b35a04c", "value": "T12E92BFD875481EFBEE7954B1330B0A5C8707F72678FF1586944A528CDB9F22B8B088C1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683080, "uuid": "dc1120a2-f111-42e2-89d2-1557d3ddf455", "value": "0f56e95236145eb5c70e114d82785d16", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683080, "uuid": "895b3204-72f6-4e68-949e-6baff2310c39", "value": "384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXmHuH:rRkiLw3HsDSARGG/WHQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701683080, "uuid": "b389dbe6-bb0a-4ad2-af0a-42264f93d155", "value": 19973, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701683080, "uuid": "64f14fe7-75d7-4e11-8aea-cc4ce488c57e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683080, "uuid": "d6d3a2c9-5733-42b4-9579-6e9cd875e00e", "value": "a2b56a267f83be08fbf30cb772733384.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d1706172-92ca-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701711028, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711028, "uuid": "221859e0-f294-4c34-8645-979c2f7c9caa", "comment": "Malware payload (SMSAGENT)", "value": "c9f97fe52722aab1347a56667b78b596", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711028, "uuid": "a2a2378e-f830-426f-b443-b8d081358506", "comment": "Malware payload (SMSAGENT)", "value": "8c7eb13bf3850d7fbd27e51773696f0eed6f45cd643a208dccf08e438df8100a", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711028, "uuid": "54ff88f1-5cbe-4374-95d9-4a040f6e5337", "comment": "Malware payload (SMSAGENT)", "value": "ad4bed79b9f8b30b1d2d5fdc7e2e298ff06f4dd3", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711028, "uuid": "39e6e0d8-aace-4bc1-a503-486c3bd97e1d", "comment": "Malware payload (SMSAGENT)", "value": "73c655f8652b82a17d46861a2a9947236f087e8129b9f8ea58a4798ce486263ef1c4f810b12d19cb507fda9bab22b21b", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711028, "uuid": "fd2d737c-a947-47f2-941e-da154b4aeca2", "value": "T1BC179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711028, "uuid": "e173027f-27e6-44de-9d1f-c3ecfccdc789", "value": "49152:zuuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvD:hv+49UBEIIddXHNqjeceNnMI+lEaA0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711028, "uuid": "c095f02a-0bb4-4bad-ac48-5906420bccb5", "value": 18568566, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711028, "uuid": "987efcee-bf53-47e3-bd32-aa2b04f3745e", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711028, "uuid": "153e09e9-67b8-4c49-9267-289d00cfaa64", "value": "\u0421\u0431\u0435\u0440\u0418\u043d\u0432\u0435\u0441\u0442\u0438\u0446\u0438\u0438.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5df2224a-9297-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701688930, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688930, "uuid": "7552b8e6-5c75-486f-a30d-39c19bc11a3b", "comment": "Malware payload (AgentTesla)", "value": "7fa63943be0c41feebbf5e22cef17cd5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688930, "uuid": "c38047ab-4611-40ed-af0b-19de3f18fddc", "comment": "Malware payload (AgentTesla)", "value": "8c9e69c484e159acd88a9c50d70db9f104d9cd804ac6855d657c077c54faa4ac", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688930, "uuid": "7665fd3d-c1de-427d-aab5-cd95c40842fe", "comment": "Malware payload (AgentTesla)", "value": "29e622e497c415607c0f7f7c911e223ac0212669", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688930, "uuid": "cc216d09-bcb5-4aba-8f38-50a42d31e4a2", "comment": "Malware payload (AgentTesla)", "value": "e51df42f8adf6202dfea0b676186ed60ce47a9b1fcf62e55aaddb735cc99e2c4a27828b7fa68391d2dd1823945ea7634", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688930, "uuid": "3ecaf48d-efb9-410e-83c0-dffa5d671b43", "value": "T172051252B2E99B1BD83A83F1D13A628413B1FC2E35A1F68E5EC370DE1671B015E11B5B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688930, "uuid": "61e7f018-f102-4f4f-baf1-4dbafa965062", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688930, "uuid": "089e3cdb-48f8-4600-88e8-bae2df4e5534", "value": "24576:o34/up+pJBLmeqhqCQoVNwL0aJKp//g0fo902jKFNe2qIa:o38PJRUQsyL0aJKBIL0DI2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701688930, "uuid": "5135fdcc-d724-4d04-b790-53a68774302c", "value": 832000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701688930, "uuid": "e3205973-71e2-4faa-a66e-2775c3542220", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688930, "uuid": "0dcfd734-614e-43c9-8a83-e90103afecee", "value": "SecuriteInfo.com.Win32.PWSX-gen.6832.6006", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c742df2-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698296, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698296, "uuid": "f96db7fa-5b6c-42a2-a38f-b70b53961b03", "comment": "Malware payload (SMSAGENT)", "value": "89c32552a442cce4a51290b3c4b59d74", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698296, "uuid": "a3470bf4-11e9-40fb-9a30-bf103b9d873b", "comment": "Malware payload (SMSAGENT)", "value": "8de19b5631815fcb379c7b3d7016865bd2b446be885c58c6b8e0ef70babfd235", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698296, "uuid": "baae8caf-9eaa-4639-88a7-befa9e4c3cc6", "comment": "Malware payload (SMSAGENT)", "value": "fd760a4a5a206f41a7a17b961613aa64ccb95280", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698296, "uuid": "27bc10e4-3d66-4181-882a-4eee3a51fac1", "comment": "Malware payload (SMSAGENT)", "value": "00fbd00f7e83dc357ba0074fd2a931402997029fd8ac293f0b3e53c4bbdf5fc90b8dfcc93bb8fe5c05baa33b368fe898", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698296, "uuid": "8460f184-09c5-46f8-9db3-d7a01553891b", "value": "T170179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698296, "uuid": "fa733841-50b3-43ad-97fe-1a61db86c0b6", "value": "49152:MuuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvP:gv+49UBEIIddXHNqjeceTnMI+lEaAC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698296, "uuid": "8f3fccbf-c229-4579-854f-0f4ce049ef08", "value": 18568924, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698296, "uuid": "6c7b5f09-204b-4208-bb75-54649239b568", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698296, "uuid": "6cf184f7-ec09-49a0-b9c3-10b975ea9cac", "value": "\u041c\u043e\u0438 \u0444\u043e\u0442\u043e\u0447\u043a\u0438.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9be87c7a-92c4-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RevengeRAT)", "timestamp": 1701708362, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708362, "uuid": "d28f4373-5bbd-4ff0-886f-084924cd64e7", "comment": "Malware payload (RevengeRAT)", "value": "0c237f1f94b063f653131efd3076c03d", "object_relation": "md5", "Tag": [ { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708362, "uuid": "399a862b-4d6e-48e9-a547-360a450604ab", "comment": "Malware payload (RevengeRAT)", "value": "8e0cb5c39affda851ee3274988f7d9f94ed5d6e61e2cc92b9d5c7766fdff439f", "object_relation": "sha256", "Tag": [ { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708362, "uuid": "dea19863-afcb-4092-b44e-68491d5fe85b", "comment": "Malware payload (RevengeRAT)", "value": "92e5f498031cb0da4b69a29850495354fe1bac38", "object_relation": "sha1", "Tag": [ { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708362, "uuid": "c376df8e-f83c-4416-b600-08ba19be4984", "comment": "Malware payload (RevengeRAT)", "value": "6ff8719023c4b1264606e045a27056645a69a568e98563785e80f6a18d5e6a97935e2d360881a929642673f68643adb2", "object_relation": "sha3-384", "Tag": [ { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708362, "uuid": "be190796-eb2d-4b34-a66c-b7fae4f64d29", "value": "T14962C0A9CAA7DA2CFA360379817B20EB2315004E9985B2473151F85942B03D7AF0F9C7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708362, "uuid": "29d103f3-94fa-4989-8e0c-f160642283bf", "value": "384:dXPZkBFGSqxehI0gxFXjXeKbrOIDzHWh0:VPZqGUiFTuG9h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701708362, "uuid": "169a4132-e37c-4927-bb87-13ca613926f9", "value": 15197, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701708362, "uuid": "a9671dc9-2e03-4ba9-9aae-9d20b696f6da", "value": "application/vnd.openxmlformats-officedocument.presentationml.presentation", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708362, "uuid": "5bcc2489-13cd-4cc0-8926-ed79210547c7", "value": "OmnibeesReservas_0039823612.ppam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff73d06e-9288-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701682759, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682759, "uuid": "262b89f1-3193-479c-a9ad-72f283440842", "comment": "Malware payload", "value": "a247377c0baae4b0165c1acef3272ec9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682759, "uuid": "4adc0822-f264-4325-9ed7-99358b2555bd", "comment": "Malware payload", "value": "8e1c5056401b95ce5bc19af8f033cca84890e2e52b739afb252d966fb2e6d540", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682759, "uuid": "76abf8c1-770f-48a6-b28c-6c2d59b65e28", "comment": "Malware payload", "value": "86028df071216967d4a268461f4d3e44cf033688", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682759, "uuid": "dd0ba780-5736-4fdf-8356-449de816efea", "comment": "Malware payload", "value": "a4034fec84a4f9463938045460c47233cf4ff435a69df8a43185f96f6f33d7c8155c99a1bc0b8d9ee956c7b67c7b25de", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682759, "uuid": "d1879905-7a5b-4235-973d-b7d2aaa35185", "value": "T1028633A4C3A96931D1742BB15896C1C0A9393A721CBC4943F5DCCEAA3B13B4C67977CE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682759, "uuid": "1513cb48-6708-4912-b134-3fc30ec766e3", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682759, "uuid": "1141d8b4-596a-4f1a-b251-74774dc6994e", "value": "196608:8aFkwbCYvDu7IusrobXe9XVv2RLz+clOF68K66+rYA:8ahFvShC9XFWWclOFa6P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682759, "uuid": "e079c5fa-ed6d-4a78-abff-995425c39d3c", "value": 8119345, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682759, "uuid": "2cbf215d-b112-4c4b-b291-3a5fe23fd177", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682759, "uuid": "436b2653-223f-47e9-8f2c-9c45c36fab08", "value": "a247377c0baae4b0165c1acef3272ec9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d38d3281-92f9-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701731218, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701731218, "uuid": "aa9792a2-3e65-4cf9-b256-04d47a8a9d36", "comment": "Malware payload", "value": "3de056f9bb82bd056d131489e38577e5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701731218, "uuid": "5b1aa64c-3845-4cac-a1a1-c9e1386c3722", "comment": "Malware payload", "value": "8e294b1e12c1b7f09ad2762e703624e070b1d847922ba44e8a5c827c37a31423", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701731218, "uuid": "aafb8c89-cb15-44dc-91b6-48bed7de7aa6", "comment": "Malware payload", "value": "21b982d82b05d967f602d785a97169c029250cf5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701731218, "uuid": "59d5044e-d71f-4b02-a864-f9129b836da1", "comment": "Malware payload", "value": "b8d3e0eacb13b37a6f8eca7b4f1544a32748d2b27619cd1fc018bdbf417c3b316e6d6b52eacf91a4029f1a6b546ca28e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701731218, "uuid": "4fc39934-4138-4f2e-bc5d-5e0e9d1338e6", "value": "T193643A1D6B998A67EF6F03B892914715CFF1C4036252CFDB3A8490DB6BCF3806D4A586", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701731218, "uuid": "4ba64809-260f-42d1-8867-4d930b24dce3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701731218, "uuid": "356fac91-46ab-4cd8-8613-000d68c187a5", "value": "6144:mH3sqWqDmUEHNvJPMkhdFSI4znHW/xpTE2y:m3st1ZEDHMpTl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701731218, "uuid": "3f0aad9a-ec2f-4989-94ba-c85868399848", "value": 329216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701731218, "uuid": "af3c6cf6-307c-40d3-92c4-3bc55978bc9d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701731218, "uuid": "4939d62a-c95e-4706-9311-2f6c91084be1", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf96e085-9289-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701683108, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683108, "uuid": "b314c29b-9e4d-4c0e-b69c-946b0363c820", "comment": "Malware payload", "value": "a2cf2a02f33cb2643b78409a672471d6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683108, "uuid": "2d760867-ebd4-46e7-9e25-490bce9047af", "comment": "Malware payload", "value": "8e790b549626f4869a0fcb41ca72bcf790bf8f3d71369ee6df128e1d7d3c28da", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683108, "uuid": "9a30053a-06cc-48b0-b564-6ee6e7ac7c08", "comment": "Malware payload", "value": "ade34d1bd5ac5c20580781e0e416250aa66a8557", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683108, "uuid": "0c1546e6-6cf5-4fef-bd5b-a1014f3bf958", "comment": "Malware payload", "value": "33e2f55e9097e4b63c6df30127c49be03f92dd18b512d7b9c66eac73cb52b37a498fe5bcfad80ef8c60265bb1d4d785b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683108, "uuid": "62c05e79-8521-4390-83d9-0c095494821a", "value": "T1D2D39E03B6D4C0B1E5A3063248A58D610A7FFD2A8F70CD57778A121E5EB51D19F3AB63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683108, "uuid": "e3062fd2-4e87-476f-a406-c5998462d39d", "value": "f1f1baf38b423594b8518ba963d591cd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683108, "uuid": "b0865a91-e923-47f0-8cbf-6d3c682d6a97", "value": "1536:gI1XTuiHKnRDuXXnaLcP9c4oCTsWjcdWcspCuvm40InHTtXEL1XkhIKy:3EDMrGWcspCuvm4HTpKWC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701683108, "uuid": "fbb9f963-1369-4d68-94e8-405e6b9d2aef", "value": 130652, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701683108, "uuid": "2b0e66c7-9fe0-415e-b177-03358423ece1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683108, "uuid": "aecbced4-9405-4d01-a32a-052aabc9863a", "value": "a2cf2a02f33cb2643b78409a672471d6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3904e75-92e6-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701723004, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723004, "uuid": "1b640807-c3ee-43ec-af54-df15b21251f9", "comment": "Malware payload (Mirai)", "value": "e9a6c7957bf7a3ec47d8ef7e4cfacd40", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723004, "uuid": "93236eab-83a8-416e-98b7-2cb7c923676b", "comment": "Malware payload (Mirai)", "value": "8ea9717e9ba2bc425e747d955e1105586038317ebcc214d5f0f3ab60a9cd771d", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723004, "uuid": "e541d2fd-4293-4e9e-9207-d97625dd9b2e", "comment": "Malware payload (Mirai)", "value": "07d62a689dc3d0bb5c8571b530b0417467a574ab", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723004, "uuid": "7ed1946c-63dd-433c-8fd5-c2d1cf313e7b", "comment": "Malware payload (Mirai)", "value": "488d5a7fd492a1d1bf42b3af86519bbcd311c000b8dbf49af2af014d8ee1f124190dbf6bbea14ab9468ab167e0aacd92", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723004, "uuid": "27783a3d-ca63-473c-b89b-4db88a3faae9", "value": "T14DC2E0F63E77395BDE25003935A9CE3682B4F022C7AEA7239240524D200B17CBB369DD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723004, "uuid": "6b2a6076-dd2b-46a7-93e9-71815e71ef09", "value": "384:Mn1DMwk8JPyGYhDZREXVZVBy6sIye1iWLRYh4Sw4cGJYeRzOFGBzd8QqYqy6JuNz:CMwKDZOFbBy6sSHRYfeAxdd8/jV50NT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701723004, "uuid": "74952a47-3f03-43f6-85b1-573e3b702560", "value": 28056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701723004, "uuid": "de0d07e5-c238-4b02-81ed-3cf375bf03e2", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723004, "uuid": "cbb656d0-d805-4206-868d-41b5aef41d9b", "value": "sora.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ab6e7f6-924c-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SchoolBoy)", "timestamp": 1701656632, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701656632, "uuid": "d727cc91-2994-4a22-8994-2ebac7a8aeff", "comment": "Malware payload (SchoolBoy)", "value": "bd52acbe6fba86dc602e5a851d70c665", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SchoolBoy", "colour": "#609074", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701656632, "uuid": "d36c86cc-8e82-40ca-9c6a-3e67fcad1311", "comment": "Malware payload (SchoolBoy)", "value": "8ffd4fd0e29d6888e9eaf78a6f698436f8a4477cdba8b6271015f7b012d1f8e0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SchoolBoy", "colour": "#609074", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701656632, "uuid": "72de7f29-29b8-427f-8320-6c5e7f00bd46", "comment": "Malware payload (SchoolBoy)", "value": "b5371851f50ff84372553b296208d97c4a04c9a2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SchoolBoy", "colour": "#609074", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701656632, "uuid": "5f39011b-afbf-451e-a9eb-c8a7f617fce2", "comment": "Malware payload (SchoolBoy)", "value": "74741621ca4576d09686549ff0b9b17b12532017e570a43e4ba99d0d995b39f1b198110899ebbd0fbf45170eb0c38c35", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SchoolBoy", "colour": "#609074", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701656632, "uuid": "5c9ed0ab-daed-458a-86f0-51bf5b77a920", "value": "T15866115BB00BD74FD28061B4D0C23EE165079D7ABE65DB9B91043AE83736EEC391AC52", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701656632, "uuid": "b2797055-9517-4b5e-bde3-37ebcb091fd6", "value": "9aa72e326f234de080a0666006671d0a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701656632, "uuid": "1315da93-0686-44ef-bcdb-e2fed965d814", "value": "196608:7C7EEQed3SdBeNmPDgohMXVuHAeGnyprMFamB8UTowy82tQCni/T5y4w0ute/N8H:kxd3S+uMoh0VUAVnyprKT88bs+o4bVTK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701656632, "uuid": "f24e357d-c9d9-4155-9934-8a003f6ee12a", "value": 6904320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701656632, "uuid": "9d3231ac-9a29-4055-9ba3-d6f2cc84bade", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701656632, "uuid": "4d546db4-fd01-4f1d-a35c-d34ff826aab8", "value": "bd52acbe6fba86dc602e5a851d70c665", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad1fdc78-9286-11ee-b7ea-42010a9c0006", "comment": "Malware payload (DBatLoader)", "timestamp": 1701681762, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681762, "uuid": "a5af539e-68e1-4bf8-aabb-9354bf2c444f", "comment": "Malware payload (DBatLoader)", "value": "7494bea6a28b3fa0c89467baad979c48", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681762, "uuid": "9e92b41b-bb06-49ff-9f22-a7634d97b401", "comment": "Malware payload (DBatLoader)", "value": "900bac7f4138efd174067bc8738e8357c97e50abe23af40b0d5825db8b55ce29", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681762, "uuid": "dd7d3eb6-8d5e-44bf-a585-dcfe6760bc61", "comment": "Malware payload (DBatLoader)", "value": "71926b5ee16faacc0878b9983362ee3a09902382", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681762, "uuid": "1bbc7977-6fc8-4c6d-8587-926178427810", "comment": "Malware payload (DBatLoader)", "value": "db66cdc109613e7f71c251a208282a07adbc5d3ff7ee6689b501c153db7dd83b1c8f2a38638bc02d7cebf10578e44199", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681762, "uuid": "584e3c73-3a75-406b-ba8c-933081bfb937", "value": "T16B35AED11ED0D5BDE17E66B9884BE2A8482ABF301E2C060D35E9D58C1F3D9D3392F196", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681762, "uuid": "315eb515-ffe0-4af2-8fdc-4748064b3789", "value": "10ea1b1ff7d4c4809d2c0a9a6ae44619", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681762, "uuid": "54f9d02f-107a-4882-a33c-92826ee7ff07", "value": "12288:RtVsGMuG7PS2wDtCU6NdObmC/RJqKqMQZLGdVNXbUWsK9h9wAPft4:R0hOSNENZJqKOGvdUWVJt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681762, "uuid": "5a02f053-d4db-4d16-b10c-cd4140d1811c", "value": 1121280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681762, "uuid": "377628bc-6148-497f-b9a8-23804931b619", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681762, "uuid": "9c99b477-f3af-478c-b740-c5e93feec617", "value": "Inquiry Order Specificationu.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "898c648c-928a-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701683420, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683420, "uuid": "f0e0c877-79c7-4c7d-a186-384a1ed00b25", "comment": "Malware payload", "value": "84ee89790592755093f5147d3772494d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683420, "uuid": "72f251de-f0dd-41e9-bbcd-97cc53850b35", "comment": "Malware payload", "value": "90283fc399456f17b8753375694089e22319b8c35e4a7008812b95240aedcacb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683420, "uuid": "6487652b-f11f-41be-84eb-22228a0dbe94", "comment": "Malware payload", "value": "0ddd25733bbfffc25ab71b16a58d61c7ca45fafb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683420, "uuid": "33d8f672-7757-4dba-ad5d-869875fcbf58", "comment": "Malware payload", "value": "227892cb65b356b8a6dd612d331a4c8874f807b8844dcb1b1409650f3da15e318e65febc90b62f55aa459b22b936b013", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683420, "uuid": "31a9eb67-df44-435f-8f09-b0e49d977b53", "value": "T1FF158CE27BF64428F2F79A316DF188750A3ABC721E26859E83C0861D0D727509AF1F57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683420, "uuid": "4e98bf51-1870-4706-b0a8-cc24aa8c04a9", "value": "4b3a0043a7e3db0d1e5c9aa801085a13", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683420, "uuid": "24d40ddf-3400-4078-ac32-c31efea3f7b7", "value": "12288:d/31BWc4ER44lne4yWBWr7Sr8r5a36Drxc32/fs4gs4jT3Zg5u/oFkDa:d/Kc4l4leb+6DrxoWba3Z0qoF6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701683420, "uuid": "8bda8a8e-c135-4dc6-ba5d-96f98e8d3cec", "value": 912384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701683420, "uuid": "3b361af1-4ed5-4bf1-bf63-ae37c1c63d93", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683420, "uuid": "8352ddda-bdde-4854-825a-f6108c78a80a", "value": "84ee89790592755093f5147d3772494d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "959512ab-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701682152, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682152, "uuid": "2fe49c32-0a45-48ed-99b0-63f95363f727", "comment": "Malware payload (AgentTesla)", "value": "f74b812551e86b72772d6cf756540651", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682152, "uuid": "d4fc15c4-610c-420c-ab8b-adca270c9d57", "comment": "Malware payload (AgentTesla)", "value": "90692f33abb1c304523cbd1ef8faf16d31a9ba0ef1a99b00aaa267ea14b2fecc", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682152, "uuid": "f9051e49-0482-4ec2-830a-d4c6741291e7", "comment": "Malware payload (AgentTesla)", "value": "7f0d403e730da4b523b7196e6069628d0d5ca69c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682152, "uuid": "2f08b404-8ffe-44c6-8c1f-0751bd0cdce6", "comment": "Malware payload (AgentTesla)", "value": "118b98f4096aec2a9f9ef61a599f55df5ead79b96f21da4bdd9433f9cab2f2ac90885f8e18c7b02be69c538187654fc1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682152, "uuid": "e711481c-a512-41bd-874e-85f2af5db6dd", "value": "T1DDE4230461E8DE95CE7D03F94AD5B0D043B496831831E51A4DE738DFBF73B1486A2A5B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682152, "uuid": "2403af1c-ee65-49e2-812e-2a1f3324f8a1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682152, "uuid": "9c5040c5-4746-4e27-a762-9c70d8aa0273", "value": "12288:q2iNtI95D9GFQf+mgnwmiErxOH6Tva8oHHrDY:q1G5ReGNgLz4sForc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682152, "uuid": "a4ac53f1-497b-4b1d-b217-d63ae7d58be9", "value": 711168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682152, "uuid": "f2d1b1f5-8c45-44e7-a3e7-492a4ff25d99", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682152, "uuid": "c6c36445-8ddb-460f-90b7-765e7479621c", "value": "f74b812551e86b72772d6cf756540651.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7feab22-92ba-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701704114, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701704114, "uuid": "9e4c8687-6e2b-4194-9846-c41b140e44f8", "comment": "Malware payload (AgentTesla)", "value": "a29307c13d4b580215cb1f3cc7817798", "object_relation": "md5", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701704114, "uuid": "7ed85261-6cb8-4d25-aa49-9ededf675b36", "comment": "Malware payload (AgentTesla)", "value": "90c88e7e322573fed7a186f9caa5c856388284ad3228e3fc01a9a08f616b0fb1", "object_relation": "sha256", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701704114, "uuid": "d2c2029f-9943-4081-9cff-b5a9ae6c6fe0", "comment": "Malware payload (AgentTesla)", "value": "086b2f182a39aced3883ac7048f40caf31566604", "object_relation": "sha1", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701704114, "uuid": "8f09a1c4-7283-4ff5-a38e-664f44b59041", "comment": "Malware payload (AgentTesla)", "value": "1642685a60e33c60994136d3d8c3b1fc89be6662621108690e12de6cb2acda01da9b84927c985ca12a33a4fa2af41ea3", "object_relation": "sha3-384", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701704114, "uuid": "e53f6dc6-b006-41f9-b635-54ebc28ded47", "value": "T144F43373A321839D138CBCB758A39F7EB4E95246E0D64683BCE7CCC09E2504656691FB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701704114, "uuid": "51e19178-f5fb-4895-a075-90978d73f488", "value": "12288:G+1uHu/tuovlMvJbPnwrXDJkN7V4pZt1kK3RHfkxsCsCHEecE3n3I3jyzKP:G+6Suova9PnwrXuzKfyK3tMxsIkBqn4Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701704114, "uuid": "1fe5b632-9ccb-49a4-be6f-65b76e78e4b9", "value": 742707, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701704114, "uuid": "ebb32c63-09ac-4f6a-9cb6-9c47f5531bff", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701704114, "uuid": "f96712ca-f831-4a37-91ad-294e0150e45a", "value": "OUTSTANDING INVOICE.pdf____________________________________________________________________________________________________________.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "996c823e-92c4-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701708358, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708358, "uuid": "74a3f085-2bb8-4fd8-a655-9d99de8ce2eb", "comment": "Malware payload", "value": "3da8394fa27cbe8cd7cdee55dc83c0a4", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708358, "uuid": "4d0f0727-32b7-42a6-a475-0f1fbc543f7d", "comment": "Malware payload", "value": "9169698335e88e8bbb62c857155d9a60dda29f59dbd5820675dfd0f8bdb65706", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708358, "uuid": "c94c058a-3671-4c0f-b873-f05f1c64e744", "comment": "Malware payload", "value": "ea77b7577762b153b32f88dd6042d946e26d5dc3", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708358, "uuid": "01b1a250-077e-409d-a9a3-7b2c53ffd4ad", "comment": "Malware payload", "value": "71086bcd0d549db80d35adf5145ca5f2351e8f0edf4e2fe5d2b4210e4336dbaf241f21dd7292ed3667943db623436711", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708358, "uuid": "8bd11e1e-0529-46ad-b338-892e6ce18c39", "value": "T145310548688096D567927FAB7D35E559E89FCF4F8B828808F321BE86F454904CB51F32", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708358, "uuid": "21f0362b-8ad2-40e7-b723-8671a8f79b5f", "value": "48:/K8Xot+KFAuOLREcx2Bt76nCBUaTJG0yV:/HYZ6Hon6nsXFG5V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701708358, "uuid": "c4d3b30d-dc98-4f48-82e4-bc69859fee64", "value": 1799, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701708358, "uuid": "f57542f6-d87c-4b2a-9f6c-7447f1aef435", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708358, "uuid": "97736fc0-29bd-47c5-9f0c-2f9271dc9f87", "value": "_MacOSX.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17507ac2-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698261, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698261, "uuid": "533758bc-969c-43e3-b64e-8c316920d205", "comment": "Malware payload (SMSAGENT)", "value": "a2dd486240b554d0d6ced92c840d2533", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698261, "uuid": "1a95556f-55b6-47b6-868a-0deb0e99c5b5", "comment": "Malware payload (SMSAGENT)", "value": "91bbf7d3ec577f7767cc825084d9e8488ae3d16f32f4fa40ccd7995f49e6b779", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698261, "uuid": "5834f856-ac51-4269-8d69-110f6b70122c", "comment": "Malware payload (SMSAGENT)", "value": "f169a80897aba90a53c07c35a055bc3ae771a5c1", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698261, "uuid": "cd422cfa-0354-4df0-ac89-ad21579a146b", "comment": "Malware payload (SMSAGENT)", "value": "e6d6f9091542f2d7a3089c1b46ccff247bf22c88eff2057705ff5d012770937e3cf9cec9da497d529aca2d780e753539", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698261, "uuid": "7e469d98-57c3-4e29-9877-ed597d577f34", "value": "T16E660178771CF40BE073DE312371414F75E185E51A72E312AB07B8586EABD84A5EEE0A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698261, "uuid": "ec24a55b-b6bc-4288-b0c6-eeb34801e721", "value": "196608:7yoEI25FawilQcbk2fwDBCKAZ9J9DCJYdr:7ZG50qIkjFAZ9PD5r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698261, "uuid": "020fa9d2-7a27-47b0-b56c-c38e7d372fbe", "value": 6704052, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698261, "uuid": "614db54c-aa33-40f3-b1d4-da6ef1a1c83d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698261, "uuid": "9f1898c7-7870-4cce-8a98-184d3a337c36", "value": "VideoCh\u0430t RU.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6b0223a-92a9-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701696810, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696810, "uuid": "ef8f12c4-f81c-4525-af70-4ebf1352a8fb", "comment": "Malware payload (Gafgyt)", "value": "733ccd4fe6c5be87968bad3e7f043d57", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696810, "uuid": "053b3002-eba9-48b3-8231-45958ca9054b", "comment": "Malware payload (Gafgyt)", "value": "91ece4e7e2357fe19c60f796dc9240461a47abfcf5b43ea489c2f30c2a24194d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696810, "uuid": "5d0a7654-5e70-4429-84e8-38af6afae183", "comment": "Malware payload (Gafgyt)", "value": "cf8375d8044ad6b3bf5d73bc4ab7ab68a775e79e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696810, "uuid": "3c100dc6-f2b5-4269-9388-6a4c9794756d", "comment": "Malware payload (Gafgyt)", "value": "919fa3e63f5f9847edcef8c7834a3c5d52fa2f2b23d61fe8fee1dfb62cf104f29246a127925b3987756eb0a4b669ef0a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696810, "uuid": "dca2dc5f-a70e-43d2-90fc-72e4b505ed08", "value": "T12FD3C83BF7174B63C0DA117111E72F326DB4D2C731EA62976AE06D6C2E1A6C43806ED9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696810, "uuid": "33472bd3-8f4e-486e-9686-c1d6b2a0626c", "value": "1536:kIJ5ELZ5vGo8TqNM5FtmtgvWCzOw8/Ar9Qr3WxEVmWoF7M/eIRvfOE:F2TFaqN86yeCzOzaxEVmWoF7MWIR3OE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701696810, "uuid": "4e76603d-c2d1-4e2e-abb8-f3b02a9beeb4", "value": 141839, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701696810, "uuid": "28d2ebae-6649-4be3-8f86-8623c60d523b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696810, "uuid": "df5c48fd-a236-4d3d-8a36-b40490845953", "value": "733ccd4fe6c5be87968bad3e7f043d57", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b1451bd-92d5-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701715662, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701715662, "uuid": "35e8234f-cbcf-4b0b-aaea-fb22a5239fdd", "comment": "Malware payload (AgentTesla)", "value": "3d0e43113603bf2f7c7773ae08d1e03d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701715662, "uuid": "b7c44b80-e14e-4ca6-b1a0-eabe233c16b4", "comment": "Malware payload (AgentTesla)", "value": "91ff3998adf51757d7580e1c190ff9f4c12e9b2de48b56c7507824753a9930e2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701715662, "uuid": "abc2d603-2009-4850-a7b7-e0c37f852727", "comment": "Malware payload (AgentTesla)", "value": "8d90a13d1e29bec0d4167fdcc67e6710724f79dc", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701715662, "uuid": "2c27ab34-c3f1-45e5-98f2-4aa2edef761a", "comment": "Malware payload (AgentTesla)", "value": "449760d4232b3213af9b5506b1481fc80e451f3ed176315c4b487353f3a12748fcc6d2be3de15b0708e0a82e7a5679ae", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701715662, "uuid": "aca35840-244f-483a-8ffb-7f90e143c132", "value": "T10F25DF84E270D366FC2E9A7070BF8C2493A689B66970DD1C0DCFF1BE15D239224A745B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701715662, "uuid": "c5c98b86-5b42-44b8-ac89-a72241a4b848", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701715662, "uuid": "10bdb1b7-436e-448c-9827-e5186ddd3af6", "value": "24576:Vb34/up+pJSpEBTxv7/S6buFPTPYMXu71oPX9Ikq2rMx:F38PJSoJ/iF8M7Pqkq2rMx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701715662, "uuid": "03aaeb50-3b6d-43c9-bcee-49d67f2d5205", "value": 1015296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701715662, "uuid": "00d52a80-07bd-427f-9b38-56733a7f069f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701715662, "uuid": "4a3c388f-028f-4de1-8dfc-f5ae7c7d8050", "value": "shipment invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc740550-92b5-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RedLineStealer)", "timestamp": 1701701974, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701701974, "uuid": "23bb2093-206b-4f94-9232-2573f49ca1f7", "comment": "Malware payload (RedLineStealer)", "value": "e37a8606dc54371e954b69dd732a7cd4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701701974, "uuid": "b2a234d2-2a9b-444a-978f-b44e9696c5c5", "comment": "Malware payload (RedLineStealer)", "value": "940c700e6d9796aff9e533e8a52148bd6acc36847a1a79950684cdea25e7208e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701701974, "uuid": "ce115bbd-9d63-430d-ace0-3508182d5422", "comment": "Malware payload (RedLineStealer)", "value": "8f02e3d50136a3c98482b324bbca78dab340c273", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701701974, "uuid": "2501b839-bacf-4de9-bd48-92a081d49fc0", "comment": "Malware payload (RedLineStealer)", "value": "25a9653513a173364c21fc804acce04a605d9c38d9cc97aa36e92a7a4482cc7a66b6d9484172839078a14de606253a98", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701701974, "uuid": "8819ffd5-9c59-40c5-999f-30266d698698", "value": "T1346419302BB19173D7953F7D13A184D8C1FF95008F812EA7F5B2482AA22ABB26475DDD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701701974, "uuid": "30141d0e-22b2-4119-8e93-d15ebe1dc4bf", "value": "1ee05438782cb7040e10c1d388320229", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701701974, "uuid": "f415352c-775c-4b5f-9ba5-b1db01d949ba", "value": "3072:Px0L7mj0DuHYFk2lPvX6D9oDUHOAy8NMnkUiMhZ6cZK0lC41qqWybV5XCNrWEjZT:+JRvl36HMk5SsiqqWpneCXhFFFt4b/e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701701974, "uuid": "b6b0d583-ce23-4f46-ab0e-28a3973eaaa4", "value": 324896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701701974, "uuid": "b6e61073-8710-4095-b8c7-68c3623bcde8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701701974, "uuid": "3b560bbf-29b5-4154-b448-ddfedf960854", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb8c2c95-9286-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701681786, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681786, "uuid": "24445616-b170-4ba0-902b-8cd6d2ea62b5", "comment": "Malware payload (AgentTesla)", "value": "efe89d1da63404c434d56b59b1c3c6bd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681786, "uuid": "929e0723-f51e-4215-bb8e-692c7c999558", "comment": "Malware payload (AgentTesla)", "value": "9421788d5825b5db448507b79370f84e7972a1851fa06730423e0a3176a164c3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681786, "uuid": "33a4a4bb-fd6c-4933-987b-62c2f5fc72b3", "comment": "Malware payload (AgentTesla)", "value": "51d3bd2d1bc60a598f6fb26613732d3c3444dd92", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681786, "uuid": "2c09327d-4f5d-4d5e-8fb8-e68ed27fbb84", "comment": "Malware payload (AgentTesla)", "value": "27af0f30d108e5207b9a32c6755f007f0ae6696e347f3c9cf902b510b08ed6ccd822fe3e061c0708aeaaed21d88578b9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681786, "uuid": "64eb012b-e1f7-4b62-b99c-10bf7d9332f6", "value": "T17743224F6E7703052CBF165A74CC6999F4B6405AEB7810B82CACF95A48F4A041F7BE63", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681786, "uuid": "b7d21827-196f-435a-b1f1-36e32f69db47", "value": "768:xrjq4Kw/FiEVWKbkNJFuABuTunNWQwB4JAkIx3TUqtp8s:R+4JdNbkLFuAgiEQw2J5STz2s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681786, "uuid": "1351bba4-f17d-4098-9e31-89c542596803", "value": 56245, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681786, "uuid": "7102d5dc-df35-41c4-aeca-247db3b3f001", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681786, "uuid": "2f64602e-43c6-40f9-9d07-dd7d6cf99541", "value": "DOCS-KM209903348711 PDF.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e0ef7897-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701680990, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680990, "uuid": "eaf9648e-b7a2-491b-8efa-a996457d90d7", "comment": "Malware payload (Formbook)", "value": "1176d9cca7689d1c8556c8aba1bacd88", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680990, "uuid": "1a1ce48a-b061-479a-91cf-40795f694ef6", "comment": "Malware payload (Formbook)", "value": "945e176b7aa6d3b13ca4f6cd758fe5ee04c49ab1778c2b5433166dfce5adc9e2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680990, "uuid": "48e9106d-4168-451b-bc47-834555ca3919", "comment": "Malware payload (Formbook)", "value": "f92eb85a60af4e0f5952455639e515d1155c0425", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680990, "uuid": "8ef43a93-0984-41a1-b953-84942fbea072", "comment": "Malware payload (Formbook)", "value": "cf8d480aa902e534a1dd3c85ea66515ad948a5bd51c59532a1901d6939efcf5d875e1882825fa15e34f4f4b5707c450e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680990, "uuid": "53021830-a94b-417e-bb4d-9556c68e17b5", "value": "T1C7A4015BBE5C47ADE39A4AB2783113328759AF671660A846FFE8FD1D483138D19032F1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680990, "uuid": "334e70d3-d821-4c41-baae-5709c82b5f3c", "value": "66fcdd6338ffed276966867e7cf86116", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680990, "uuid": "1b486c98-bf75-4909-9390-cdf68ff91ef0", "value": "12288:xaWeoF7enyZ9NodKDMIWJ8HpnhE3xHGeomWpHXr:QWemCqi0MI0wnyGNv5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680990, "uuid": "d86bcaee-bb3e-4ecd-a058-306486eae559", "value": 479750, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680990, "uuid": "fd0809cf-d21e-431a-afbe-b6dba4e7ccbf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680990, "uuid": "7d78cbfe-593b-4597-9b98-25e9c0033654", "value": "RFQ5#467_DECMaT_PRODHangzhou_Zhongniu_Import_Export_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "910acf25-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701682144, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682144, "uuid": "ea5e0a04-c382-459e-a028-3fd879eb6ab4", "comment": "Malware payload (AgentTesla)", "value": "a0187b818def9365be23b0f345e6aecf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682144, "uuid": "bece7556-066a-4b04-8615-03a1fd3db4f0", "comment": "Malware payload (AgentTesla)", "value": "94ad0ebd6edbf7b06cc194abb9d35a8bd8ce47245a99b603bce5a2c459bc875b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682144, "uuid": "4496dd4b-797e-4636-a04b-05cf45b3f1a1", "comment": "Malware payload (AgentTesla)", "value": "173aa9a1d29f64fecd62603431cd9c3b2910d86e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682144, "uuid": "0c42f917-b249-4d1c-ac2a-09ed58e2c0ac", "comment": "Malware payload (AgentTesla)", "value": "efc4792ad1fa10c5fce08061c8d79f42029be7eeff825d9e2687ccfc5b6209d62a7ba8b53eaf3b1057a9d6e87eb8a394", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682144, "uuid": "2ba5c4de-ead7-43ee-84e1-c19df39283c8", "value": "T1BFE423107578D7ACDA7E03F9BD65095402B0C79081B6D66B5CB834DFA2B73108EF2A6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682144, "uuid": "a9b03e35-e5a6-4ab8-af60-c1d1e8732014", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682144, "uuid": "f2e7a45d-9921-4aca-ab3a-3c09c7c89b61", "value": "12288:E2iNtI4LutaSdiq/Soi+GdO3WLPr2KovO/HWMPYnzHVBZNKICZ:E1/u1vvUdvLPSKovOtPGBmF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682144, "uuid": "c3aa3f99-d2ab-4610-baa1-06b60fe3feb3", "value": 709120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682144, "uuid": "f20e6c9c-22f5-46b0-bc88-e68b6d70a801", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682144, "uuid": "9d3f6bb6-244a-4228-b38b-1b5f6de8d6ed", "value": "a0187b818def9365be23b0f345e6aecf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "994b79c4-92de-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701719524, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719524, "uuid": "214ff074-b35b-4927-8cac-ab6755feab6a", "comment": "Malware payload", "value": "a62e61061b477cc06319293cf78397e0", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719524, "uuid": "354bf848-3e7b-4a6a-b18f-d2aae04fc27e", "comment": "Malware payload", "value": "94b147a123876efbe451d23eeba676233af55842822a121dda0d0db141e612d0", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719524, "uuid": "22afafff-100d-4b25-801e-238b21386d55", "comment": "Malware payload", "value": "e92a93a67109ea8f90236056564699f54af27a65", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719524, "uuid": "395efa17-bbd8-4f4f-8b1a-4f147d292eef", "comment": "Malware payload", "value": "634b28431dca9b1a4c8836fdb1f5bab69c6bb3853045afcc12d4605c82a56169afa50dfd089ff0d52032ea7f328059eb", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719524, "uuid": "15a7f4e3-239c-4f61-ad23-1a97c6d70fc5", "value": "T10AF3CE2F25B06842F5ED0678B0F5EB1653107163ADE61CCE2D10DA2CC7739A377AEA64", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719524, "uuid": "68934bb6-7b9c-411d-860f-f2987c0e36be", "value": "4514c46259fb71fea289f87cc46a4112", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719524, "uuid": "caeaed21-ba3d-4377-82a9-5abe8dd9a305", "value": "1536:4hJ8ZNB0ahCYsuut5bj4tt2AKy+7Kq7hkGXefJ2srsXvNKDqdOpdtKbUM/TCOIV3:4/8ZNuottY7exHr+dAtKbfZIVCj1OT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701719524, "uuid": "62545db6-92ce-434a-8e76-2e60429c911f", "value": 163328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701719524, "uuid": "1f777d61-0c79-4dfc-a1d6-7d8b04dc284e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719524, "uuid": "34f0fecb-7cf6-49c1-9998-8f1debde8d09", "value": "a62e61061b477cc06319293cf78397e0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6787f7b-92c4-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701708379, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708379, "uuid": "8dc2f4c3-1d70-4501-bbb5-2d8d0c48653e", "comment": "Malware payload (Formbook)", "value": "3341ce013137aa7dd1658f448f700eee", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708379, "uuid": "38a50bcd-a003-45f2-943d-d90a4ceb3cb3", "comment": "Malware payload (Formbook)", "value": "965f65d0873e8bbe9352ddb352941058bdef0e8c6a529141f742caa4f35aef05", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708379, "uuid": "3f333eb7-a0fa-4df5-812c-fbf7bb6c732e", "comment": "Malware payload (Formbook)", "value": "4f53461333dd4afa77878264e7b6e535d8342b56", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708379, "uuid": "277d554a-1ad3-41db-9aba-0d3416482b83", "comment": "Malware payload (Formbook)", "value": "904b1b6a1fd1401f69ec507de30301d50185b61733fcdbed492adf395c19a2b9387ea4838dc3b6dbdd680f3939fb37a4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708379, "uuid": "bf038704-8931-4cc2-b608-e2a87db83152", "value": "T176F4E09C326075DFC467CDB6EE981C24AA60647B830FD247A06716AC9A0DADBDF141F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708379, "uuid": "c7dcede1-adf8-43fc-8ca3-ee853931575e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708379, "uuid": "fe5e4e08-bdc4-482a-a0eb-d2bc45d8d0b0", "value": "12288:uN2iNtIl3gvj7NFggyYu/odNA24OHMOKXzsFrJv+e7DHldeqiIkPTFE2h:uN1AyNFpDdNAIFKDsF4gDFA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701708379, "uuid": "a0c67abb-c311-4eb1-94d5-334b18431011", "value": 729088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701708379, "uuid": "827d1a3e-292e-4be2-93a7-3971d7dd42f9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708379, "uuid": "a158d153-1642-4d5b-89ba-96bd98b4a8ae", "value": "\u041a\u041e\u041c\u041c\u0415\u0420\u0427\u0415\u0421\u041a\u0418\u0419 \u0417\u0410\u041a\u0410\u0417.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7167e68-9276-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701674907, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674907, "uuid": "0edbe26c-8a20-40b7-a861-0875703915c2", "comment": "Malware payload (Mirai)", "value": "5a6784d5ee30aed983c4513ffd37387b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674907, "uuid": "77355873-fd12-47f4-9a41-7e234a00abb4", "comment": "Malware payload (Mirai)", "value": "967535011425e6a62e4744c836cf0e77a47a5d4ac390b2bfaa3fa76200163f55", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674907, "uuid": "b9f95c76-b1f6-48dc-81ac-cc7fe0a8834f", "comment": "Malware payload (Mirai)", "value": "db667a726ee29927ff00a2cf38d85e5926641340", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674907, "uuid": "cf18905c-707e-47e2-bc9b-b76b68d8ed48", "comment": "Malware payload (Mirai)", "value": "c46c66cc30c56e7cb16ef2e148236a5397ea3757d6fb0fb411e0c8734bad763f4f968ca64f5e6acede6b0a54b61595cc", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674907, "uuid": "3da38b29-5256-4c86-9c93-c6aa7e0c2c3b", "value": "T100B39D9BF6072591C8A347F007CB4FDE6E2722C2AF5BC5E36C6A253A4C750DB5906B81", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674907, "uuid": "03c265e8-1427-4d0f-9038-7101ba9c6960", "value": "1536:plgWI2jLqQ1ayoULwwR25WUpqtgw3a10F/LWMT:plgWI2qQ1JfLwT5WUpqtgwWUqM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701674907, "uuid": "8cc93470-e7f2-4f5a-8da9-69777268300d", "value": 117288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701674907, "uuid": "0624c972-5b4d-4848-872b-6bd4a6a523fb", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674907, "uuid": "b09d3165-2439-4051-b1f2-af1d9369dba4", "value": "5a6784d5ee30aed983c4513ffd37387b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4877191b-9294-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701687606, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687606, "uuid": "fcb13cc9-c786-450f-bb98-17e024d38350", "comment": "Malware payload (Mirai)", "value": "8c686289b9557a72816dee7e716598f1", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687606, "uuid": "68d65afb-27ab-4c97-98de-71325ef23595", "comment": "Malware payload (Mirai)", "value": "96eb38ac51493a20e0f8309dc02fdb2543a1bd1d71c03ed823918f73b17f0604", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687606, "uuid": "f44f8d70-223f-4ac2-a5a7-08d28fb6e105", "comment": "Malware payload (Mirai)", "value": "2c9f00ea0f63373d8b20a4272cad9dbed0aaddab", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687606, "uuid": "4c1e53d2-82f3-46d5-aeea-ab82b2e5b4df", "comment": "Malware payload (Mirai)", "value": "aaa6bdfce60207414451ef24992748cc17f23a158a95488ececef128013c04f63545df39a8f944c1d5b2cbb9ea45efa1", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687606, "uuid": "aac71b59-e8e1-44fc-9a40-59f715e07560", "value": "T1F4C2E1FDBCBB1E8BD903113BE56CA833C2B4E094E35C724627C4611264072F9967AED4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687606, "uuid": "781aa98e-7f95-478f-9bee-64e698444a78", "value": "768:qMwaDZqFbBy6g4021ZTTq1l5eTx+aL0Nv:qekX/T/Od", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701687606, "uuid": "a629e4d1-c5b6-4a12-b90f-551728a89fed", "value": 28048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701687606, "uuid": "bc0277df-3264-4f6a-adfb-04cdc1fb9ff5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687606, "uuid": "c72c9fc7-99a1-426c-bd11-6a2f40641338", "value": "sora.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a926083-923f-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701651075, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701651075, "uuid": "95d7e255-0453-4033-8b3d-0a78f160c3d8", "comment": "Malware payload", "value": "90265ea38db1d2056274afce6248f18a", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701651075, "uuid": "fb8c9059-1716-4d03-9846-2db16d5cb752", "comment": "Malware payload", "value": "9702999ea6e01289672a03ede114313d50b022e78f4aa0225ec1e7f7a2a9d57b", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701651075, "uuid": "71407329-d438-402b-8d5f-79ba632a2fba", "comment": "Malware payload", "value": "af7c4d705c273c1ed808bd005ffcbe885833f321", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701651075, "uuid": "9a2b9462-5d33-4b44-b19c-e0112d62ec22", "comment": "Malware payload", "value": "9b4844a12afbf016ca684fac6836d3e11bfa0dcbabe76e457ec1fa8cce4ffdb0fb59bf149716f371b1f83b15d92fd972", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701651075, "uuid": "850626a7-bd5a-449e-b6e4-9e70216aa00e", "value": "T1B3563378AB6165F0E41BCEB20E64D52744E139AAD2CCF6164B46ECF82FB0F59467213C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701651075, "uuid": "61898ed0-f533-43fb-b31f-4354f9b5c710", "value": "98304:/2SwmX4Dc0nAPQmJpd+3MmbLmNzlosf+A+K:/2rmXH0nrmcqNn+A+K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701651075, "uuid": "3c669297-c221-4796-acff-e7efc9e4f557", "value": 6217056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701651075, "uuid": "b6133397-1691-4166-8fc1-02d48249d907", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701651075, "uuid": "2da3951b-0ea3-4c31-aa1c-743d7f26190d", "value": "SecuriteInfo.com.Linux.Packed.1241.12467.21665", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "10fc712a-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701681929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681929, "uuid": "7eeaf10f-e18b-41d1-bf05-38a4b62fa2c8", "comment": "Malware payload", "value": "6d27abb06dbce64570d32c8703fbe454", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681929, "uuid": "c136df4b-134e-4027-8d93-ee50548cef3c", "comment": "Malware payload", "value": "9726a48561ae68012d9641a931c56f943eff27fd3c31f8be7759319e30ad65fb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681929, "uuid": "874e6cf9-7ce9-4016-a6bd-bbf141a5cc86", "comment": "Malware payload", "value": "7373eef532d399beaa5b98ef4e7edc1b62950cc5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681929, "uuid": "48fa56b1-6e78-4b74-be89-24c3666aa725", "comment": "Malware payload", "value": "76cda63bcb4346c13568e29b2179e8e9939630fc30dff3827ea080cc953d8b79b495a1f8264135b6d187a822ab4819e5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681929, "uuid": "1a005799-80ed-4a65-b006-8c26ec3d718d", "value": "T1DA053B056FCAC9ABD28D32F5E822186867B8C54B6147E7CF598FA7705CC3324191B37A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681929, "uuid": "e4782e51-8f17-4141-b4d6-e46d406aaa35", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681929, "uuid": "defb4e23-7c6e-4e50-8906-098577c6a742", "value": "24576:18HA8IiM0sxovLjz/LWvjS6UcfsnaDPe:18HA8IiM0sxovLSmaT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681929, "uuid": "f1c75553-c6a5-4309-bac3-c284dac949fb", "value": 824320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681929, "uuid": "b5f17112-d12a-488a-ac0c-e2ab9e2d992d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681929, "uuid": "25e44f97-4876-4b2f-afe5-cb38607abd1a", "value": "6d27abb06dbce64570d32c8703fbe454.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "88deae27-9282-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701679983, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679983, "uuid": "3e1970f6-ed0f-4297-8e49-7687df1d108b", "comment": "Malware payload (Formbook)", "value": "437dfc50258fb9f3a1b281fddba64be4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679983, "uuid": "5af78cbf-987f-42a6-b864-b446078b2281", "comment": "Malware payload (Formbook)", "value": "9746ead9b047aec37e86310c5e02d00fa7cd31f8fa286df6f9811fb59483daf1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679983, "uuid": "4b0d61eb-a952-414f-bb93-7e56efaae445", "comment": "Malware payload (Formbook)", "value": "6756e8c2794fe05495bb748fed6d9d5236e7e4ef", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679983, "uuid": "60bbf25c-91f7-460b-b10d-a2980aa1db58", "comment": "Malware payload (Formbook)", "value": "c6cfed093ead0a3c5023a36ce8b44f362eb6990302b1c975a8016092463b0951aa6aac30796acb4a38e2f222ae472e1b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679983, "uuid": "19b11a13-33af-4475-8d48-1bec853d2585", "value": "T17E6402C93FB20AE7D9D257304835DBA4AA219C3546008A5B4B60FD7BAAF58D7840737F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679983, "uuid": "e8a5d33a-f6b5-4827-9c27-80f3b52f0caf", "value": "b76363e9cb88bf9390860da8e50999d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679983, "uuid": "5584bc0d-52d2-4f87-a4ef-7cbf6d5df9a5", "value": "6144:T8LxBcGimBhQqpk0zPBSG6HNqDITaX3sUOgosDtgnz0T+PXqg+cWq:92hQqpHBSG6HNqDhOgFtIo+P86", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701679983, "uuid": "69ffdd16-d3c2-49b8-825e-d2ed5117d7a0", "value": 330796, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701679983, "uuid": "27cd8f86-ea49-41c3-ab1d-a30aaf039b92", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679983, "uuid": "bcbb05d2-848b-4373-9b03-963380d00533", "value": "PJS-4021339 IND.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e35b11fa-9285-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Vidar)", "timestamp": 1701681423, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681423, "uuid": "4f313ab8-c489-402b-aece-6c620013ef62", "comment": "Malware payload (Vidar)", "value": "1202bfa93e8a4ab3f6804ac76bebea07", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681423, "uuid": "828463fe-9512-400d-ba04-94f5ce214aa5", "comment": "Malware payload (Vidar)", "value": "9811b0445c22a2a3575a2bdba766ab244a18160985a3e761475436307d9ea25b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681423, "uuid": "feb800b0-bb55-4a94-bd2a-d2926f88096a", "comment": "Malware payload (Vidar)", "value": "1805b30953a55a3b17d2993493d22acc28792e30", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681423, "uuid": "a40befaa-c35b-4846-af36-76393976ec9e", "comment": "Malware payload (Vidar)", "value": "346d6790e036d90de2279a23cf515cbe592975fd0dbf18b0267bc881aac8a26ec41f76602466dfbc41cdfced206df466", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681423, "uuid": "1e297f02-478d-4e32-9e63-b2df8f63aa8b", "value": "T1DA647B52B740D032D193813B5E86E3764ABCBD712421E247EFAA152F3DF46D19B6838B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681423, "uuid": "3a881ad3-91d4-44d9-8d38-2bd29d9a9ce5", "value": "83879be4940ea1da6b449192b44e02c9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681423, "uuid": "59b10669-6b5c-428c-b735-4cecb05e15ed", "value": "6144:7Z4ZJ7oMzXpdF2AX2RvzI4TJu1lnTZc4GQ1BOh2Pxybn:7a8wpCRv9MnTZc4GQ1BLsb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681423, "uuid": "d596ed72-5a76-4583-9c6f-2a516100773a", "value": 311296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681423, "uuid": "cbb31ccd-9a6a-4c8c-a2b3-ee0b1440474a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681423, "uuid": "bbf53cd0-42e4-4bea-b11b-19945742860c", "value": "1202bfa93e8a4ab3f6804ac76bebea07.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f4371ba-9295-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Smoke Loader)", "timestamp": 1701687993, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687993, "uuid": "ab49dc4a-7f35-45f8-b31f-3fff10b560df", "comment": "Malware payload (Smoke Loader)", "value": "c0ec85bcd21a2b05af396a793e72550c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687993, "uuid": "c5dc4914-9e34-482c-9b99-5cdc6e266bea", "comment": "Malware payload (Smoke Loader)", "value": "9892fea1e7af5e2a3f88fe0f3a8aeb031b3f1374574cb8d0079b03b0bf3f299f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687993, "uuid": "17cb4096-3bd9-41c0-99f6-61dbb65019ee", "comment": "Malware payload (Smoke Loader)", "value": "36cf58d521e43f42a4401b6a010835cf5400dd9f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687993, "uuid": "d6d09f46-9414-4e1c-bbe6-71b33f2d6e2c", "comment": "Malware payload (Smoke Loader)", "value": "f008e290a583f9d8b97f0e5429fcb2f752c4d9c4b888198524d91dd9054c030f710edeaa81c93c3385038fba39ccdf60", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687993, "uuid": "c811d9f9-01e5-4cf5-a974-aa62199c58ff", "value": "T15854084382E17C56E9264B73EE2FC2F8761DF5518E0D3B692918AF1F14B1172D2A3B12", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687993, "uuid": "f21fe366-47c2-4768-b830-c4e607a3d9f4", "value": "c6c03f7dc47fd4d28111d0d85135fe38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687993, "uuid": "6cd1da69-5c58-4e97-b087-4dabbc92ec7a", "value": "3072:9YDwGXksr67guB34Cnm/GvkZRoitjpbCoe5olrbhemOibTUyGTkH:K/hry1n0GNo7l5VOibTUyGT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701687993, "uuid": "afb066c0-0dfd-4bb3-9764-43133dccea34", "value": 293888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701687993, "uuid": "6a0ee930-3f02-447a-bb7f-0ce0d83111dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687993, "uuid": "9466c85c-6ce6-4319-aba5-787c3804001d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e6ce7e1-923f-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Stealc)", "timestamp": 1701651243, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701651243, "uuid": "1e2838d9-bfa7-4c3d-85b5-766eec7cdd36", "comment": "Malware payload (Stealc)", "value": "e0d6be39da33f656e2035eda5fe55167", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701651243, "uuid": "6749c4b3-1587-4c32-89ed-f685c12082f0", "comment": "Malware payload (Stealc)", "value": "990ac6aef9ecd19b78b658e68523dd0ff04e44e9abf897840676d9095afbd4ea", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701651243, "uuid": "0799d162-d2f0-4d9a-b4a4-3d088dad6d51", "comment": "Malware payload (Stealc)", "value": "4295c6a17802a86f6175b8bb718277d58005773f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701651243, "uuid": "33ae8eb8-5986-4765-abcf-d8ba7d8afcae", "comment": "Malware payload (Stealc)", "value": "1c7089021e46bf4416c4817f777bf2ffa92207a7346dc098e165835bcfad75818c6c4ce7e2bc7c660bd9faeb462ca1bb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701651243, "uuid": "b98326e9-2d9f-48a6-895c-0b9872615da6", "value": "T1CA44BE1273E1D431E2520A788E6EC7F55B2AF8610F256ADF67949F2F0E702E1CA76305", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701651243, "uuid": "77e50583-bbc5-46f0-b355-398a087db6f9", "value": "5fb506b70643f37b65928468364d30e4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701651243, "uuid": "834f1d7c-84b9-4d47-bb93-f4e17f5a2523", "value": "3072:b3hWDenBgaPBoh9z+MzBj8WxJfMt/0/We9S5b9S9yqkoSyNe2cn:7sDRNh9z+gBjn6JGWH5CyqhSyE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701651243, "uuid": "b4e0b597-161d-4c88-8c92-ef9b9724f181", "value": 266752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701651243, "uuid": "94f4fafd-3275-46a7-92e0-ddfe84c84ae4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701651243, "uuid": "f05845b5-20fb-479a-a579-e5e57f97e751", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96e92380-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701680866, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680866, "uuid": "4a80838e-f055-43a3-8e2b-fb772c119007", "comment": "Malware payload (Formbook)", "value": "c900cd4042208e22d90dbf4f1ddb43ea", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680866, "uuid": "9834ed92-be85-49a4-9283-4ac37f6fb0f5", "comment": "Malware payload (Formbook)", "value": "99edcf832cb9adb552c8b8994e627f1925f20731e8f15ce82e2711f42b4411d3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680866, "uuid": "f53e5cee-ef07-4368-adb6-4034bd33a9f4", "comment": "Malware payload (Formbook)", "value": "252b6cbcb891cc8fbc507087fffc1c72a3a9080e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680866, "uuid": "a9a7ad43-8ffd-45c4-ba8d-7076622399ba", "comment": "Malware payload (Formbook)", "value": "1241b5008db1117a86db6b77b15a319640644ef93b92c770cccfbe321de684afc47970b2fd2ff283eb9b6b0fed14b07b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680866, "uuid": "16a01891-cdbb-4d56-85d9-d7992062f850", "value": "T1AFC42352F3AA8F13CC2AD7F9D5D8A35C03F5310BB288F7AD488904CA288AF5517D6657", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680866, "uuid": "2cf1bb42-6094-48bd-b50e-f2939ff21c84", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680866, "uuid": "0927bce7-ec3b-478b-8326-3c6755bc0aa0", "value": "12288:x45+po2Ds+s+fQlsQqKRjpH8+7dEAwe7fm50T0AATy:c+pJD/L4lbRjpcjAhK0YW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680866, "uuid": "07977599-265b-4991-b6db-a70f584d87cb", "value": 587264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680866, "uuid": "44bfc2c3-8ecc-42be-9a88-3b3c102a9e9a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680866, "uuid": "2fe5d80a-060a-48ea-951f-a896752b5965", "value": "Payment swift.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89783112-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Loki)", "timestamp": 1701682131, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682131, "uuid": "54c0e287-a996-4640-b866-11034e31e1a3", "comment": "Malware payload (Loki)", "value": "52ad9e1637aefb32ac974519bf9102e6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682131, "uuid": "8f71be6f-8f13-40e3-ba78-96699d57b9c9", "comment": "Malware payload (Loki)", "value": "9b84ca1d7fb41a824ccb4693789fee6b94cea21cbd8645840814dfb650ffdb20", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682131, "uuid": "90aa955a-631d-4a59-bea1-e98127e26573", "comment": "Malware payload (Loki)", "value": "87f4938d7c08c9b6f2824b5f3a466f817eefe0e3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682131, "uuid": "4eac4bbc-16a9-41d4-a8be-eb055a88104e", "comment": "Malware payload (Loki)", "value": "c85c59c739a524acb991cfbf528dd97054a111fa62f3128a9b6f62dd9e64126c7df1d2faa567a00f3ad377dc82de9a5f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682131, "uuid": "6ecab88e-ba77-469c-8535-f55aca543333", "value": "T1A2A42387B1DDDB15C87E53B5B131661881F9D1066030EAA6A9E620CEB663F430F93F4B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682131, "uuid": "2d6bdb3d-87fb-4899-8a93-d52d7926c1e1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682131, "uuid": "2fd083df-7d21-4499-ba84-36e27b014b97", "value": "12288:S45+po2HIRglM+f/i9hh3Fa0GGNYWviqwmZxs:R+pJHeg9/y3FaHGNux", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682131, "uuid": "dcc89df0-b1f3-401f-ace0-24a1e2af0c7b", "value": 493568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682131, "uuid": "45ce0360-8743-4a6c-8f9d-f5f31fd4325a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682131, "uuid": "690aa55f-e6e1-48bc-9f43-6dad64cee34a", "value": "52ad9e1637aefb32ac974519bf9102e6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c8a1501-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701681922, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681922, "uuid": "8a019c2f-9800-4f1a-a91b-de4554bfd546", "comment": "Malware payload (AgentTesla)", "value": "bca932f9df0a984231fd9855747b4dfb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681922, "uuid": "9f221d3d-bedd-4cab-9af3-f113c9999eeb", "comment": "Malware payload (AgentTesla)", "value": "9cadda8241bb7393ed10e4e3e58b0cafddb31b01334afe38ebb3f94e73190c2c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681922, "uuid": "4ac888ad-ad0e-4f03-83ba-2950995620cc", "comment": "Malware payload (AgentTesla)", "value": "fa0b4ce1a7e659e397566da2325229a5203953fd", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681922, "uuid": "b5ac4af1-dafa-4514-9ac7-24d8489ee381", "comment": "Malware payload (AgentTesla)", "value": "c1a9facbb84aa0df765403d4fd98ab06fda8a966a97ae9f3a275b895c45508f7cdb0a72a28de53d0460b9fb6723ea08d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681922, "uuid": "8f0608d1-53e8-49fb-b70b-2af308f5671c", "value": "T1FDD42241B2FB1760E5B92BF1AEB5200443F5E89F65B1E29EADC474CD151BF818B207A3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681922, "uuid": "d0ac8ade-2411-44ce-a640-55082db70478", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681922, "uuid": "900b9aa4-2fb2-4e3e-8866-06a23c6d4a62", "value": "12288:3uPm4WVKFOVclXp0pd/EUC/fzbxha6MOnvVYQazzq4Cp158SA:im1VKX50X/EUa7apYdEzVSYS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681922, "uuid": "7f02383d-83fb-4ef5-99b6-d4f9bfbb6ac4", "value": 655360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681922, "uuid": "996178fa-4dbd-4844-b20d-ba18e3634f93", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681922, "uuid": "aac06739-36c9-4831-a478-5cf1ef1028ea", "value": "New Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "47668a4d-9297-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Smoke Loader)", "timestamp": 1701688893, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688893, "uuid": "bc576cf5-9426-4e1d-9fc7-6f1f7f8edb86", "comment": "Malware payload (Smoke Loader)", "value": "f04725521efb86418c95dbe627ed4d8c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688893, "uuid": "4e501702-2130-41d4-a36d-b3732ad9c619", "comment": "Malware payload (Smoke Loader)", "value": "9db4ce3526e15d9c34778b60c4cc554ac59f5d234aff372ced21d4ad19926e73", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688893, "uuid": "b83b3a70-75f6-4fbf-b3e6-536881a64e67", "comment": "Malware payload (Smoke Loader)", "value": "5acf1a58e5d90137258cf87cb460371fe1775be7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688893, "uuid": "9e2ac9e8-15c9-40a7-b046-7b65be6d71b1", "comment": "Malware payload (Smoke Loader)", "value": "498fb70390e16a322d9f7bb46b96ca4aded44c02c1dda605a0372bb5b6e84ea7dcf48db1f58fa050b566668db7a566fd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688893, "uuid": "746cc2ce-10c5-47e5-b905-b3b5362fa976", "value": "T13754190392E17C56E9264B73EE2FC2F8760DFA518F4937692918AF1F14B1172D1A3B12", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688893, "uuid": "dd67f792-8c4b-4403-8bd9-72b26b203f57", "value": "c6c03f7dc47fd4d28111d0d85135fe38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688893, "uuid": "f6c81990-89b5-48d3-b086-38d1c445798b", "value": "3072:W/bWGXTIcBpwLV2SRVyMlfATZaUzLewMYDJ5oKXbhemOibTUyGTkH:ChHBzSyysUASyYK1VOibTUyGT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701688893, "uuid": "b60867b3-2fd2-4ab5-a7b6-1262338bf786", "value": 295424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701688893, "uuid": "881565da-38e7-4d51-8c39-243839ef017e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688893, "uuid": "c6b67f38-d5d6-4a56-964b-9c16dfbbde3f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "578a62a1-9243-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Smoke Loader)", "timestamp": 1701652842, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701652842, "uuid": "90a32741-2812-4033-bff2-26e2d7f9e485", "comment": "Malware payload (Smoke Loader)", "value": "fcad8d562572cc12c138fbfe504d8ce6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701652842, "uuid": "9b0b7cbf-3623-41a0-8897-c786131be587", "comment": "Malware payload (Smoke Loader)", "value": "9dd51832d407505efae9b587b98c151a6aaa4edc698aa40ff2f268adc47b0fa8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701652842, "uuid": "86578ecb-d6f3-4de9-a836-93b0c1ba94b2", "comment": "Malware payload (Smoke Loader)", "value": "368b555e8eb584f9f16f13db9b62a54a390728d3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701652842, "uuid": "96da76c7-e7c9-4da2-8e0d-d77056af8172", "comment": "Malware payload (Smoke Loader)", "value": "7591b60754d26123c42ec2d117882b40bbe7e3d2c6db165357b7af9c5757ea2d6b0f68df55c9da7e7932633f269d6e98", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701652842, "uuid": "e666b134-ee60-4a28-bba2-d3f01d2ea885", "value": "T14344AE12B3E1D4B1F1530A798E66C7F45B2AFC610F606ADF27946A2F0E752D1CA72306", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701652842, "uuid": "cfebaa81-4969-4fb4-b342-421fb6b3b65d", "value": "5fb506b70643f37b65928468364d30e4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701652842, "uuid": "dcb1d2a0-4904-4d3b-b643-d381050bda41", "value": "3072:WnhWDqBmgWiOVoQ3lpSeQ3ZfWFDCoPMHMpOxFNobYMVcn:CsDKUuQ3lpfOZQDCvHsOxFWL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701652842, "uuid": "9cefd2f3-1cf9-4d47-847c-5bedf7dfc22e", "value": 267264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701652842, "uuid": "2615a4a1-33b7-4310-a3fe-821031019443", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701652842, "uuid": "1d26eea3-bcfa-4a48-b305-adfe2a37bfba", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2150e9e-92b3-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701701151, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701701151, "uuid": "0c666aeb-a894-4cbf-a9e2-47b6da0ae9cd", "comment": "Malware payload (Formbook)", "value": "67e9c1839de65e763318a31ee3f89b78", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701701151, "uuid": "d82bd47b-5435-4669-acb9-f2c779e6cc8a", "comment": "Malware payload (Formbook)", "value": "9e1aff4e7b61a74823b1178a9df40c58f93d9500c45eb257758b1c5632e8d2ab", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701701151, "uuid": "cc05087a-6eaf-4056-827d-f562334fb9f9", "comment": "Malware payload (Formbook)", "value": "21cf823dd242ef418f927570e5a8720a09a4b916", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701701151, "uuid": "40ce7f3d-cce0-4f1b-acc9-03836d2d7f28", "comment": "Malware payload (Formbook)", "value": "1064a7ec8c7c89bb3f3909145a3bf71b5021403b063871f933a23a7353d44e0bc87f55bf4e0015e083d684ab8ef3c04e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701701151, "uuid": "4b00a9f6-6908-40eb-b349-209672e62d0d", "value": "T11A642307B9F389FFC2A245F11AFEDB72E273C009202327478F797FA2658126A554C652", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701701151, "uuid": "93d81435-ba3b-4dc5-8d29-01da39ff737e", "value": "b76363e9cb88bf9390860da8e50999d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701701151, "uuid": "8dcbecde-1a5a-48c4-9e77-de36370fcade", "value": "6144:P8LxB0Qkxq4BXIfiSgVqj1NyNMjb+IzQB7BplORrC5FkWJVxnwC4dMM9:x84BXIfZrXyNazSlsHsx/7O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701701151, "uuid": "61737030-0eaa-4bca-becb-ea98973233a8", "value": 329569, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701701151, "uuid": "e9313799-1d30-4bc9-85fe-f61442f53857", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701701151, "uuid": "5e3809fd-ba75-4f8a-9e4d-6f5c4520a1c1", "value": "rPOWS23768743Delivery2024_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c87dd353-92ca-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701711013, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711013, "uuid": "49d18e26-7e61-4669-9f09-859cadcbefb8", "comment": "Malware payload (SMSAGENT)", "value": "153bc726c3febc1688f46956454e55f7", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711013, "uuid": "333f8c4e-8911-4fbc-aa4b-21cbafec1aec", "comment": "Malware payload (SMSAGENT)", "value": "9e4822be866b26b918426651ef6b4877f9976145075c75f2d7ce48b3125f9f7a", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711013, "uuid": "a102a207-a285-4f7e-b3a1-8fe623553235", "comment": "Malware payload (SMSAGENT)", "value": "147c80dafb9969e60b3841585576f6b762534f8a", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711013, "uuid": "e66ef75f-0619-4154-84f2-fb0d46cd1818", "comment": "Malware payload (SMSAGENT)", "value": "776b8a3b3732143d30cec1a77d07e97b9d50c69bcb4f0b7c904c127e76106ed6200ce6d3b59e76223d7f4a13666eaa0f", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711013, "uuid": "a747290d-d8f1-4bed-8452-cf5ee32f27a7", "value": "T18C179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711013, "uuid": "14ff2550-e2d1-4028-bf1c-86f28b15587e", "value": "49152:tuuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgv+:3v+49UBEIIddXHNqjeceUnMI+lEaAM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711013, "uuid": "e1816c4a-37fb-45ed-9b40-76a717505e05", "value": 18569213, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711013, "uuid": "5508a5ab-bec4-4e8c-afa8-0720da498a23", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711013, "uuid": "fac97bbe-b5f4-426f-b8cb-3b94b24e9135", "value": "BofChina.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b014e4e6-92b6-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701702383, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701702383, "uuid": "2ce94333-e273-4780-8534-e35b45c2587f", "comment": "Malware payload", "value": "a67888a516debe71f8fac5e9073068a8", "object_relation": "md5", "Tag": [ { "name": "bsod", "colour": "#007BFD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PUA", "colour": "#514575", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701702383, "uuid": "2cdc7843-0353-4d81-95c5-a9dfb75e37c6", "comment": "Malware payload", "value": "9ed565bb03341202515219670c594dc8b0fd16153dabcc686a3ec88955d2f149", "object_relation": "sha256", "Tag": [ { "name": "bsod", "colour": "#007BFD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PUA", "colour": "#514575", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701702383, "uuid": "9ce1c3ac-cbe8-4777-b208-dfcca5a93087", "comment": "Malware payload", "value": "120b18ec52f1d5c41c82a1665a8646aff5ec4bc2", "object_relation": "sha1", "Tag": [ { "name": "bsod", "colour": "#007BFD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PUA", "colour": "#514575", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701702383, "uuid": "512fad8f-c614-4a7f-9620-64619bcf8be6", "comment": "Malware payload", "value": "d802e3db0bd57b8d0c8c03c310c46778564a2749fa7facb928487047886873b4a017bdd168e3d33b62347799fc99f237", "object_relation": "sha3-384", "Tag": [ { "name": "bsod", "colour": "#007BFD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PUA", "colour": "#514575", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701702383, "uuid": "ac96dd11-ac13-4d96-b793-73b275a34fe8", "value": "T172032B59BE244CFBEA52533E90E7CB762B3DF1814A2357B3B730B7345B136922099246", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701702383, "uuid": "410aa558-0e3d-46ff-ad19-39191f263961", "value": "626f75da4dc6ce30a150094b5a70ad5c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701702383, "uuid": "14eb2b87-d013-4dda-9f8a-40ac869355e5", "value": "768:WaE4aVSNcLfR9PP3lLuzZPKqfJfie3lN8x9m:OVLF9PP3lLuBZfAI8x9m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701702383, "uuid": "d852e1a9-db66-4681-9bc6-38bd764f3147", "value": 41394, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701702383, "uuid": "3ae0f9e4-fecf-4c74-acb8-cd03c43a5144", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701702383, "uuid": "85b9aa43-ba5c-4e85-b2c9-463813943772", "value": "bsod.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41d2649b-92cb-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701711217, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711217, "uuid": "20a2fefc-d515-4067-b51c-360da16c193b", "comment": "Malware payload (SMSAGENT)", "value": "3e17f331d1be3850330a78c8b263d9d6", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711217, "uuid": "ffe9c719-181a-4c15-8dd4-0cfe71c1b989", "comment": "Malware payload (SMSAGENT)", "value": "9f91c07fb8dc106a8cfc32ad32e4268b96688280f16f7e3806b088cbd311ef4b", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711217, "uuid": "56afd397-b521-4a55-8ba6-287f108fa92a", "comment": "Malware payload (SMSAGENT)", "value": "976c416af7a993e90a4c4f4551bf63b48ba25dff", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711217, "uuid": "221c9f3c-d062-4c67-a05d-8dd38e216ec8", "comment": "Malware payload (SMSAGENT)", "value": "baf1695ef53e2ce52dde1cf9ec066d531446b8d4a9c83e34dbe2f47d7976541b2ed8c342d1c37a9e54e8a33d1d3e2202", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711217, "uuid": "95c115d9-d4af-40f3-8985-83c36354f243", "value": "T196179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711217, "uuid": "01212e3b-956f-44a7-a1b0-e3dfd7aa7e3a", "value": "49152:buuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvu:Jv+49UBEIIddXHNqjecezlnMI+lEaAD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711217, "uuid": "e77d1f15-5184-4802-b43f-17a86d58d515", "value": 18571223, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711217, "uuid": "f308562e-f8fa-4664-87fe-45f83c7d9fb2", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711217, "uuid": "32d59282-d595-4571-a18e-1cfb7e7c7f2b", "value": "StartPlus (2).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50675cf4-9285-11ee-b7ea-42010a9c0006", "comment": "Malware payload (GuLoader)", "timestamp": 1701681177, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681177, "uuid": "66995aee-5be6-4771-af87-ceca09f64f03", "comment": "Malware payload (GuLoader)", "value": "e5affde0f5a1c4a9add0486f25a7a84f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681177, "uuid": "7823e660-1b57-4ae8-97fc-fb7410d95d41", "comment": "Malware payload (GuLoader)", "value": "a057aab2994c9b2d3214e2ebdfa28dcce023546bf7154c8832bd27112c693e86", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681177, "uuid": "367ee113-8ef3-4abd-ac92-44b9ca71ca9e", "comment": "Malware payload (GuLoader)", "value": "a162bb997b463eda62d6fbbda2d1cb3df1a3c39b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681177, "uuid": "c2c1202e-2f2e-4022-b766-49b4b5e01d56", "comment": "Malware payload (GuLoader)", "value": "d5585f93e105cbddc6b544f1de5b8410606f284428265c99f2a2d086bddee5cfc9e106b4a04d2ae1531a7eaa6a49071e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681177, "uuid": "cfa51f81-e6b8-4a8d-b927-b3daa596575b", "value": "T1579423FA2FB584EAE85B8EB464328E57C67790321468920FC7EC7D81B971181DE0DBD1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681177, "uuid": "62e42967-3dbf-4e1c-ae5d-0dd03ca4b3e3", "value": "66fcdd6338ffed276966867e7cf86116", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681177, "uuid": "93acedf6-fa7d-4860-908b-59be8c3d0ece", "value": "12288:QaWD2cfgiCZWzsACEPn1bpb5eYErd0CL4rTsv:hWy4HChACCnNpb5eYIBLSa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681177, "uuid": "a8490a3d-49ca-4df8-af97-daa5c71fa669", "value": 429643, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681177, "uuid": "de7c7ade-a50a-49f0-a57b-fef6cd03f50c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681177, "uuid": "0d11ae6f-10ae-4039-b8e3-53594c2d1a2e", "value": "RFQ#467_DECMaT_PRODHangzhou_Zhongniu_Import_Export_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0edea506-9246-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AZORult)", "timestamp": 1701654008, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701654008, "uuid": "ddd7bee9-57a5-4e41-a141-0f83d177bc30", "comment": "Malware payload (AZORult)", "value": "6e57ffe08686ab108b5a75b0c1da91f9", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701654008, "uuid": "37e3a2b1-2e12-4bb1-885d-54a041a8e810", "comment": "Malware payload (AZORult)", "value": "a0ddd3971519b62fc66cc48e16f02440dd9df5ed4c1e1ff5abb3836b8551b52d", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701654008, "uuid": "6915bcc3-8f6f-4db2-8ebf-d82f3356d2c6", "comment": "Malware payload (AZORult)", "value": "6a3835c400951ebf440bde59ccfecba59a2fafa9", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701654008, "uuid": "90115316-9252-4cb5-a9f9-8616f0c64600", "comment": "Malware payload (AZORult)", "value": "bbf79d4385eb33120159f8145011ed953b98d4d9966b804cd04561e1d77db4dd0cce483bad047fe28aa42b3c77fc628a", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701654008, "uuid": "5cc27fd1-1ca8-4ce1-a321-60d1e23fb8a2", "value": "T130B42341E36ACF51CA7987B621F597C15BF54D48E032E66E2CE930853AB2B314B72783", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701654008, "uuid": "89690272-c69b-479a-a4e5-1826723a6317", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701654008, "uuid": "a8332a7b-ef8a-4ef7-8123-9e6073e59790", "value": "12288:nt45+po2P2yDYH39iUDBn5cKDVhrJDRO5MonQJ5v:nY+pJ/Y8UdqQz1RIMvJ5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701654008, "uuid": "0106babe-1ac6-4b82-9d84-de063dfa54c5", "value": 509440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701654008, "uuid": "97a8e6b2-cc82-41f3-841b-b5d8afe2a55b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701654008, "uuid": "c0288112-f6cd-4d53-91a2-02c27caf9782", "value": "PO#110437.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d383ffd-927c-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RedLineStealer)", "timestamp": 1701677413, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701677413, "uuid": "8fdfc9ce-4e57-4aec-90e8-bbca55f2f233", "comment": "Malware payload (RedLineStealer)", "value": "fb08baadcb6824e5b48a7d1a66151484", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701677413, "uuid": "b9400b51-3560-4918-ad5a-4d09737dc303", "comment": "Malware payload (RedLineStealer)", "value": "a1000777e9da1f7a7965fbc385a9f044c7d892a9494e864fe5a9cfd502dda96e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701677413, "uuid": "4b166734-6e22-4c93-81ae-99cfd62ddb37", "comment": "Malware payload (RedLineStealer)", "value": "e9f7a40033d6ed7903d50c97ea4953695eabe255", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701677413, "uuid": "e93b3d56-7d1d-4d8c-97ce-4672d4ce51d3", "comment": "Malware payload (RedLineStealer)", "value": "c18ada4917e01f5107e78948dc863cf421b81164942216679e45df004cbadecbd159f0bb76bb67aa2bd3bb92d884241b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701677413, "uuid": "9bf1e618-e452-44df-b0d3-9024b003af1d", "value": "T1F15408A2D1A4EB13CD4BD0B5373B9C39190DA126FE7CCF176E0B1AE361B29062255E47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701677413, "uuid": "3b446e05-78f8-48c3-98cf-fbb7f6102557", "value": "b6f30f5e7d47b4dde1cbc2055bdcbcdd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701677413, "uuid": "b362f3f6-ce9e-4653-b23b-bdf8f9293456", "value": "3072:uUKx6WcVXQBbKu3f5AZvXm7JYkI1KfT+CI8wxLz8Om+9ldzZC+tSjCIsjiNl0f+b:ujdf5AZvRk2x/87mC+tSjDeZcGM2K1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701677413, "uuid": "2d434f28-3ddb-4239-8b15-8f8b81f617f7", "value": 293080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701677413, "uuid": "65e1f0d5-e3d6-416d-b68f-ac354117fe77", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701677413, "uuid": "9a29b430-2f01-43d9-b8c5-269edbefc95a", "value": "fb08baadcb6824e5b48a7d1a66151484.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "025b4f01-9266-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RemcosRAT)", "timestamp": 1701667731, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701667731, "uuid": "bea4184a-a55e-43f7-962b-9db77d62eb03", "comment": "Malware payload (RemcosRAT)", "value": "8e7aa3950773864da97a49eaff93f7f3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701667731, "uuid": "5ed3883f-7c0e-4149-b070-727c99ff3b8e", "comment": "Malware payload (RemcosRAT)", "value": "a1ebbf52b74398374d414abda4eeee981f3529189701dc7fdcf92246f83cc02b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701667731, "uuid": "321f8bc1-d6a5-4e32-8e24-c5f0e6594543", "comment": "Malware payload (RemcosRAT)", "value": "d410fae43411fc61355fd12b4536756c108dee28", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701667731, "uuid": "89e2afb3-9ce9-4fa4-a159-91928d094389", "comment": "Malware payload (RemcosRAT)", "value": "994b4989318d4b8750e80b1e1d1dcde634faa2681cecc46cbbb92481283625b20b21eb94701bcb8dfc7934f9d6c0ab3d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701667731, "uuid": "c4868483-5e1f-48d8-ad7b-54ce4361ce2a", "value": "T13D2522B3F10ECE9CDD570BB10CAB965102A75E8D8456E50E348D3E6B337274329A2E5B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701667731, "uuid": "8e9ba0a6-78b6-4e50-91fd-0b2ba3ae88fc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701667731, "uuid": "308b2fe5-e153-4b2c-81c4-95b32dfe2791", "value": "24576:i+pJ1RKW++JPKkiRQBsvI2lo1RhP8Sofc8d:tJqW5KkiaMno1Rhk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701667731, "uuid": "c81a15ae-f836-4914-a1e0-972c5df4e515", "value": 970240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701667731, "uuid": "12fae653-2c70-4bfa-b623-3e0447c0b24e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701667731, "uuid": "ff9f045a-903b-44e3-b3e3-7334c01486b5", "value": "SecuriteInfo.com.Win32.PWSX-gen.25969.6427", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3cb4c91e-92a9-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Hancitor)", "timestamp": 1701696606, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696606, "uuid": "07b8ec7a-8cc6-40b3-8f73-5894c04772fb", "comment": "Malware payload (Hancitor)", "value": "df4ad77804d72a0ca3c9bf65b5e92507", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Hancitor", "colour": "#1A394C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696606, "uuid": "49180115-abd5-4dc7-a565-9fa4a4841761", "comment": "Malware payload (Hancitor)", "value": "a28aabf82c5fdc9fa56f7e04ac35355110cdacee7332a369875d2e384b1a8772", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Hancitor", "colour": "#1A394C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696606, "uuid": "4257a46a-def3-4c3f-86f5-7537f12d06be", "comment": "Malware payload (Hancitor)", "value": "6d369e924e837fce62d66a6a888ff26deee88313", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Hancitor", "colour": "#1A394C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696606, "uuid": "9c65e4f7-351b-43e8-a3e6-19d76866662e", "comment": "Malware payload (Hancitor)", "value": "9b3488eae89d918722ea2a857e816f1a78f1f451d9ff1084dc6c35539e641aede3d363836083203e39e3e199ea69d586", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Hancitor", "colour": "#1A394C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696606, "uuid": "eb2b11fc-e014-482e-b291-0b6245b54726", "value": "T12D22F81176E5D119E87F9BB15FE39671823AF5131812BA6F18E3815B2E127C48E02EF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696606, "uuid": "daef6139-db2e-48d2-b2a2-b34db320ce6a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696606, "uuid": "9932964f-85e5-486c-85a7-800f63df6b46", "value": "192:LdxNH9ZpYQVfsamchBvDEe0ZM9jL4Q0d0CD7j8L:jNH9Z2UfsalhBvDEe0ZM9f4QrCD7j8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701696606, "uuid": "164a0aa8-81dd-470d-b282-8e72983161c8", "value": 10752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701696606, "uuid": "eca26cab-0517-4900-bbb3-513b3646f78d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696606, "uuid": "cb1cceb7-4fb3-4e5e-88d4-d68204599628", "value": "RuntimeBroker.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2dfc69a6-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698299, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698299, "uuid": "f03318ae-55b1-4c66-96a8-b2a633b6a7ec", "comment": "Malware payload (SMSAGENT)", "value": "bf582af0f6bddc07967480d7bb3c49f8", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698299, "uuid": "2d1c2454-927a-4fc7-9b73-6c202bd5385e", "comment": "Malware payload (SMSAGENT)", "value": "a362ed10d4aa72c805d59ea3bf4ea44c0fad0514eed42a252030cfa2daca22c9", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698299, "uuid": "f3d1ae57-77dc-4007-b3b8-5b5b4645af95", "comment": "Malware payload (SMSAGENT)", "value": "79227c61cc4275a74148941f64d83ab9230071b4", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698299, "uuid": "283d42f0-f1a7-4c97-997c-a22ffb42ecd0", "comment": "Malware payload (SMSAGENT)", "value": "a18bcbd90e0d3d23c03988db77e9ee28fe9ffec12664b56589a6c5473e7bdf8ddabea7c2972991e1d3d28eee099cdad3", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698299, "uuid": "a9ad8cb2-74e7-4c05-9222-1e16dff3abca", "value": "T146560175731CF40BE073DE316371814F71E085E51A72E312AB07B8585DABDC4AAAEE1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698299, "uuid": "ed5e886b-6955-4e25-8860-e6322fcb1299", "value": "196608:/MDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYX:EirUVis8O/0giAZ9PDL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698299, "uuid": "154d0fcf-bff2-4362-813d-525efb5cd685", "value": 6380475, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698299, "uuid": "dbe85513-ed59-4445-9d36-735398f2a238", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698299, "uuid": "931bd158-e93e-42d7-90b4-680e3097c263", "value": "CinemaPlus.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bccb7acc-926e-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701671480, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671480, "uuid": "6c48505d-5ec8-454d-b698-23097ee686d6", "comment": "Malware payload (Mirai)", "value": "8285f42d4e756aba55d3386c9d1e7c54", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671480, "uuid": "d0985a60-1f04-4ecb-b844-7238b183f758", "comment": "Malware payload (Mirai)", "value": "a3c514a2a951ef7c681ff9d9705716125ce0983146519dc32ac6cec3a37dce05", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671480, "uuid": "a41c6da6-ba81-47f3-a9da-c384016d0489", "comment": "Malware payload (Mirai)", "value": "7be8d2dd97d0fd9e4abf9e7becd2c7e4b27ed0ec", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671480, "uuid": "e26df16f-b7e3-4979-8c19-c52ca0de494c", "comment": "Malware payload (Mirai)", "value": "bce7054e16147bcdb7c6521d13bc9598dc9b497a24938c170e7243fcb01f22decf3eca4079a5500d143ee6908524a6cc", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671480, "uuid": "ca69ae70-8b4d-43c5-a7a8-aff97cc6aba9", "value": "T135434A51F8809713C6D1127BFA6E068D3B6A53E8E2EA72139D225F20379782B0D77E45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671480, "uuid": "55fe65e1-d2ed-41d2-bda9-1aad6dad9fe8", "value": "768:TfqvVnTBPI41oEWEQsJ1d72VfjjRlV0HI1QaX1LMSGjj7Nipwa+51g4zhw5I:Wvde4MmF2VffRj0o3uSGXgpwR5Be5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701671480, "uuid": "3c436797-ce2b-4d2f-9f20-66b5bb730e23", "value": 59868, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701671480, "uuid": "f7d2cea3-a5c9-4d5a-9e7c-1767e19e0c3a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671480, "uuid": "18c7848b-f167-437e-b1d1-339da56d8c3c", "value": "8285f42d4e756aba55d3386c9d1e7c54", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99ee1e9c-92ca-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701710935, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710935, "uuid": "21b508de-2297-41de-b513-e02ca0d16a0a", "comment": "Malware payload (Formbook)", "value": "c407e39530c60b9ec850df1239ebfb5d", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710935, "uuid": "a63fead1-6ce8-4376-bd7d-edc8201af916", "comment": "Malware payload (Formbook)", "value": "a5a714270a0b5443ed5a513094184382b5ccea37eced670b5f58e8c7587ca3e6", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710935, "uuid": "6ab49ce0-f169-4179-af32-3daeb479eeda", "comment": "Malware payload (Formbook)", "value": "d2d04b00f41d814a1268164ef3144bfecf3a6080", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710935, "uuid": "e2e4add6-9f8b-43f3-83cf-72a1221b0acd", "comment": "Malware payload (Formbook)", "value": "acb9bbdce9bd93b871eba657ccbc8bc5dffa5bb29b4bdaa4060d96d3e422e2ef4f674defc883068d82283135ea70e8b8", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710935, "uuid": "c419a405-e597-4368-a220-fe22b310385e", "value": "T137C4232A34090CB64411D89C59DC51AE2A3B0BF4384B5AF37B7E96AF97D37428F893D4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710935, "uuid": "99c1a6f3-698d-411f-9539-d7c04e1a0b45", "value": "12288:v+eYHI5lQPM/oQRS2JCjsIN46ipPbbTMk1v1D1xi015HFh2y7KKW26L:vUIl/oKbMoUaNnt1Du015TL7mZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701710935, "uuid": "765513a7-f906-4b1f-8b37-fdfdf2c7ae01", "value": 564879, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701710935, "uuid": "39142ecd-b88b-4b48-b70d-904a9efba705", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710935, "uuid": "bf4c6546-940d-4e28-85c3-f49abfcef28a", "value": "\u041a\u041e\u041c\u041c\u0415\u0420\u0427\u0415\u0421\u041a\u041e\u0415 \u041f\u0420\u0415\u0414\u041b\u041e\u0416\u0415\u041d\u0418\u0415.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "abb0fc55-9276-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701674887, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674887, "uuid": "886ea71a-650e-4d34-a2b8-777a7e9a5b28", "comment": "Malware payload (Mirai)", "value": "c73c01df64106050e3d7a8a9936a372a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674887, "uuid": "c019eaa3-0285-4971-b9ea-a85cf48fdb44", "comment": "Malware payload (Mirai)", "value": "a5c795d6a2f1614af04e32894b5b4225128401bd50b8318331fd8612853700c7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674887, "uuid": "2376fa28-298f-46df-a50a-93d1fb3d7723", "comment": "Malware payload (Mirai)", "value": "c529b18c8dc962fabce18999429fa0eb0614aa53", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674887, "uuid": "6c1e6168-fc57-472c-9a7a-79fe5ed448af", "comment": "Malware payload (Mirai)", "value": "b9e49128a9942428a80389c7d57103ec1e64ee26116fc5c53dc63c6ed35fe0c24eb15f3ff358a8093fa3dceded681ec7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674887, "uuid": "b1c82c3b-3f3f-4256-b00e-1fdaf38819fe", "value": "T180D34C46FB418F13C0D51779B6EF42453322A79593DB73069A285FB43F866AF0E23A06", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674887, "uuid": "07197420-8d18-4e4e-9060-d35ef0d1194d", "value": "3072:l6X4HkcmBnL6/L3cXV+MB736ZtnI49XkKTaM/9XmlwJHg3:ly4HkcmBLscXV+MBj6ZySXkvM/9Xmlwq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701674887, "uuid": "a1e7395a-d732-4364-8cd5-8fc9766c9a2a", "value": 135869, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701674887, "uuid": "ade9b0fb-ae4d-4000-ade6-ffe5844c145f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674887, "uuid": "d6d8c0e2-f6b5-4326-a522-700a716ac4ad", "value": "c73c01df64106050e3d7a8a9936a372a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e13ef4a-92d8-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701716821, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716821, "uuid": "7c43608e-65d0-4f08-b476-86bd73d85bcd", "comment": "Malware payload (SMSAGENT)", "value": "36ede747f2c2cb7e9921314554e6cc57", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716821, "uuid": "bcf156ed-376d-4b70-8a02-7d08cf6f3409", "comment": "Malware payload (SMSAGENT)", "value": "a67911157c9b4beb9a40b6901b29e99fd3b1d40b7f79dd621bb9931d35de7092", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716821, "uuid": "33e7c954-f58d-451f-a0d5-a43799f654b3", "comment": "Malware payload (SMSAGENT)", "value": "6cc875a05ece45ea44c2784479e324ef625a4e7e", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716821, "uuid": "342c71d2-0adb-44a2-8787-4676f95de72e", "comment": "Malware payload (SMSAGENT)", "value": "cd0b57b467dde6fb67749f3ef8032bd7f9617a5f4f97e24040e2a4ee652bc9ac0a5cdbe8d9d0c2b465574734b00c7f37", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716821, "uuid": "16e30803-41ba-4b94-922f-3be12f1d634b", "value": "T16F76011AB71EFC4BE263DA3263728D4B772F85F51250E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716821, "uuid": "49fc523b-f37c-41b9-ad04-aeb28be2ed85", "value": "196608:FrzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLF1F3nswU/Q6FKNcnFu:xw0pdMGbwBAej2r7nswxgFu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701716821, "uuid": "83d017c9-03d5-458c-b544-8af3d1cccd3f", "value": 7325377, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701716821, "uuid": "8b4c2665-906d-4172-8efa-86f2ed146077", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716821, "uuid": "ee4ba5b3-9391-4fdb-b59c-35ea987ebe52", "value": "GetContactPremium (3).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0714ff6d-92cb-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Stealc)", "timestamp": 1701711118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711118, "uuid": "5817465d-4caf-4c48-9446-f13983f3a7c8", "comment": "Malware payload (Stealc)", "value": "4c4b5fa4fd301765b4349323e3655d99", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711118, "uuid": "3c1793dc-3223-4adb-bd6c-48e4a13ff48f", "comment": "Malware payload (Stealc)", "value": "a6968c5fe2a58804ce8f4d1afbfa659a0e31b243d07cd2de64474877baf09145", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711118, "uuid": "8d85118a-5a1c-4a38-8a80-72cf08a2b8ea", "comment": "Malware payload (Stealc)", "value": "5e75846155c9e2b1198b696de0e09d32fe6b794b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711118, "uuid": "23405edd-3bac-475f-bff1-35cdf28e2571", "comment": "Malware payload (Stealc)", "value": "a973489d8805a917023bc2d4ca4824ec19612e1557a89f99dd9d3a397aab4be22f3a221f1e732e7af680b17250834dfb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711118, "uuid": "d0c331e6-7b56-49a9-a195-f90ea6ab1956", "value": "T13E45D0353160CE4AD5BC9277C209E5324BE03D07A527F2B6EFE45E2F2528695BA35E03", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711118, "uuid": "6bf729ee-466f-4ffa-a7d4-2f2b1d886cea", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711118, "uuid": "d54e98ec-1868-4e8f-9bed-dc5be71b1918", "value": "24576:Q9sfjhZff6UMkrXJjgfa7gw1yj30ivvE/4+m:Q9sDff3mRwkjki3E/49", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711118, "uuid": "2eddf59d-2c36-40f4-a214-37e9a2fff999", "value": 1251712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711118, "uuid": "1baf1654-3392-4837-9926-dfbc27321799", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711118, "uuid": "56538e9e-5300-4018-8276-7c25dcea8471", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c3be2dd2-92f4-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701729044, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729044, "uuid": "d29bd5d1-ccaf-4050-954c-7e01204ee624", "comment": "Malware payload", "value": "ea3a7609e12fe069ec2968793646876e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729044, "uuid": "8e527b4e-a23f-4bfb-9788-ab3d220bc4aa", "comment": "Malware payload", "value": "a6c2b68b46b6b478ae984fd861f1681688a64c2f1f3227256e6fd436be1569e0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729044, "uuid": "4e01a8a7-f08b-4251-9852-061040950cb8", "comment": "Malware payload", "value": "c727b1456e2c715cc80b992fe6c32ac70afc3402", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729044, "uuid": "272fafef-8898-40aa-ac6f-69c41fe48ad9", "comment": "Malware payload", "value": "cb28ca4a5e672ef00d849282422597186dc452fbf263339e62a28c2cd60a8b6885d1e799ba751dbc44d00e09d75ec1ba", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729044, "uuid": "b7dfe9e6-92e5-47d7-aa26-02156f423f10", "value": "T10BD36E3E35B16807F6ED0A34F4F8FA1642003123BDE65CCE2D14AA2CC7739A7769A654", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729044, "uuid": "70c8def6-66b8-4653-80bc-8bc80ca2bbeb", "value": "bb9dc484d891a7cf70c5c51b76b5d7db", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729044, "uuid": "f5c642ee-a980-4010-adc5-25f038e9f814", "value": "3072:RrKiddDSt4dtH1G2hfdE8pT+d6s377PhrU:BKiddDIK7GiOLdV7jhrU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701729044, "uuid": "e72ec90b-689c-4d79-b75d-aa7bb14cbb3b", "value": 140288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701729044, "uuid": "7ace3a99-1068-4809-baf8-daacee580cd2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729044, "uuid": "aa8675dd-b596-42f2-b5a9-656802aa02d2", "value": "SecuriteInfo.com.Trojan.RunPowerShellNET.8.14140.19596", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9281d0f6-92df-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701719942, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719942, "uuid": "2c576fd9-7fef-4e42-a0fb-6954045eac9e", "comment": "Malware payload", "value": "4405d31362f77bfa6f1e504794e89aa4", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719942, "uuid": "66df36d8-52c4-4ef4-9689-744746d5b1c1", "comment": "Malware payload", "value": "a712ab11770438a16744525b104afc4fcdbbb488610a7c7e60c7a9367622e213", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719942, "uuid": "544da2d2-e609-4035-ab3e-51208abcb23e", "comment": "Malware payload", "value": "a3f934fdad15daaeca0640e5b9f534c5e0374120", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719942, "uuid": "08b472d8-daed-488e-9303-15ea68f8ec53", "comment": "Malware payload", "value": "74ccbb26f5fe5f1b4282545b1de214f83943ec5feb486b6029aa48b6a374ce0c6c9340d7047a23d6e427babc64e169a7", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719942, "uuid": "172a7a79-7d3b-4eb6-90f4-417f031fa28a", "value": "T13176011AB71EFC47E263DA3263728D4B772F89F51250E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719942, "uuid": "a8e0c8a1-da16-4e97-9b01-24179ac7c008", "value": "196608:SrzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLF1F3nswU/Q6FKNcnFPC:ow0pdMGbwBAej2H7nswxgF6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701719942, "uuid": "99b5ff8a-e4b8-49f1-95b9-f043a7575c0b", "value": 7327462, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701719942, "uuid": "732d3d89-2d91-4cee-a27f-4a1760c63e0e", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719942, "uuid": "85c0dd6c-8e5e-4bb0-b91d-68b189fcb0d8", "value": "poppy 18+ Live Video Chat rebuild.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "719696c8-9247-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701654604, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701654604, "uuid": "ba34c57f-06e4-41db-8fd6-3e57fc192445", "comment": "Malware payload (Mirai)", "value": "500ae26b38d5ebccc4bb6c0cc725a76e", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701654604, "uuid": "33c7c8bc-dd25-4a44-b7bc-cb5714865757", "comment": "Malware payload (Mirai)", "value": "a72ff45b5d33ae5cf878a0ee3e5a88c8780ced70c63307f4f4d3be968adaa3b3", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701654604, "uuid": "0fcb8ba5-abb4-490f-a459-d87c5a6338f8", "comment": "Malware payload (Mirai)", "value": "4ef3fc0c70a326050de4be838768e4210c7cf961", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701654604, "uuid": "644d71a0-f943-4e77-8854-c58eb833b675", "comment": "Malware payload (Mirai)", "value": "c9f333103a6c5bd59a692ce62c15e24be1f36bf6a91ed36f9823c5c3e17c2c58a327e8c8a71d6358f998e14f467283a9", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701654604, "uuid": "e87339ba-329b-4e90-a65e-03032185f8e2", "value": "T16E433AC4D643DCF6EC050A7516B6E7B29B76E13A1029EE83D799DD36A842F02B50738C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701654604, "uuid": "9b379197-04b2-4209-acf5-8700f27510d9", "value": "1536:jP7k+ohhUcrcFn9udFiu4Zp8fvgR5PMVJVme0v8BqQO1QRr:jPgNhhUcrcpaFl4Zp8fNVJV1q8In", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701654604, "uuid": "6aa7458a-c236-4eb1-b7d2-a063b4e6eb44", "value": 57988, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701654604, "uuid": "50a33d04-894a-4f43-9224-ddf3b05b64ef", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701654604, "uuid": "dbae0833-b892-4aab-981b-3c2b26c73547", "value": "jklx86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0319244-927e-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701678438, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701678438, "uuid": "d48b2f2d-aa81-4e92-8b53-1e09b30871d6", "comment": "Malware payload", "value": "a2e90bf23372a0b307b1e3b1e02cc139", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701678438, "uuid": "c95e7512-d894-4f06-b6fc-b34de97fa8f3", "comment": "Malware payload", "value": "a736afcbd4243e2490580156ab8aa929a29dbdb12271b4cf1b4f9638f02adfc6", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701678438, "uuid": "b06b3e17-55d8-4479-98f8-7e5bda7a32b8", "comment": "Malware payload", "value": "45f41b616b2404d1f81388c3fe70cb08dab185c4", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701678438, "uuid": "3b9f8efb-7908-4fde-a580-c8aedce9bc8c", "comment": "Malware payload", "value": "2ab1dea8b5e9b6fe0122f03c25db7d22cfefdfbd3dd6dd9a482f450f684bdfefc47a813493f8b956d811cc93cdd22879", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701678438, "uuid": "4fb3e95f-d771-40a7-bdef-db40bfebd40f", "value": "T119561238AB55E98CDA08D67BA256B0E4BD84C437110EBF63DE4AEC502F6D9E37905170", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701678438, "uuid": "80db2491-9217-4a99-9934-4681394f85a4", "value": "1536:v2sOO7gMJkxtg/2dnjCV1aZ3uqS6TL6cWT8g0TNoVrNKRvTT0yDDrHXIfpZPSt8U:dvfJkxtc2dC1ahnSxKlwwXItSt8UWZx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701678438, "uuid": "3cef90c8-cf2d-4198-8c0a-497927901d43", "value": 6217056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701678438, "uuid": "659eb745-ba32-4ddf-9691-41207210fed1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701678438, "uuid": "2a63768d-6956-4b1f-9eee-b8a7deb99c1a", "value": "SecuriteInfo.com.Linux.Packed.1241.15878.32466", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a09eaebe-92c4-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701708370, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708370, "uuid": "e2c1521c-eae5-4889-8797-9378ec867aef", "comment": "Malware payload (AgentTesla)", "value": "364ae23aab13687dc1301dd81a8cb340", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708370, "uuid": "abd38903-06f7-494b-801c-c306bb53ce36", "comment": "Malware payload (AgentTesla)", "value": "a7e60f65edbfcc63e2581cf2983a2be6c4781956f95e0163e4fde80d27c6e208", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708370, "uuid": "286cd6b9-e151-497e-8376-93797c4f3295", "comment": "Malware payload (AgentTesla)", "value": "1008687b5fe1a46ca6fdf99ccf98d7d51bd965a7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708370, "uuid": "4e6e5fa8-3498-4219-aaf1-6bea30157c99", "comment": "Malware payload (AgentTesla)", "value": "470dcd45ad3439b51c95a09aedae0014cdeef5cb600803e8d1c407a886a3f8400451b24244bdc9e087bc38491387a578", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708370, "uuid": "8b2d728a-8879-4d9e-aaf4-9a5f852c343d", "value": "T18AD423DE24EA2092FB86395D80D455E97FFA571882CE43B244E6C21D58C3B7D4B6E3D0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708370, "uuid": "b23f5fb5-b791-4d72-9b6a-472e3b10613d", "value": "12288:wsRn+q2f6MnSUfMFohKEnW/Ac9/IprJUwL52Td9nygNIMVmDuB/gjw6Oput/Ys:/R+jf665MF5qW4ySr2ingNxVmrwpputH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701708370, "uuid": "0b9dcf30-56c3-4160-ac23-e059f262f2eb", "value": 656853, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701708370, "uuid": "dd2b2935-ac18-407d-bcff-a6036dbf7cb2", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708370, "uuid": "18c1a1db-0186-4c14-a3c5-141b124d681a", "value": "Factura_64553903892.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6329f100-9256-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701661022, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661022, "uuid": "fd6bd6e1-0573-4956-8c0f-91ff1734abca", "comment": "Malware payload", "value": "076197212aad1ab15fc3733699451b24", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661022, "uuid": "dfc767b8-1c74-49f2-962b-d7f980478c63", "comment": "Malware payload", "value": "a89a33df5843696aeff56fd38d4e7227af599a85bb61b5c4cd7a80b9943d35f1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661022, "uuid": "38e6cc64-4001-4381-9fb0-4a2be54f12b7", "comment": "Malware payload", "value": "5d2bd359d68cf4c823b35255c7e672dd6133ac9b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661022, "uuid": "f6a59aaa-cb1f-4b31-924d-f769d219a989", "comment": "Malware payload", "value": "f7f906abf1d30fffaca5a733de900722e722bba88ba60027f649c8e14c970a37ae7a0f52493845f147a12ef63c8f4afe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701661022, "uuid": "bce5ad12-fe0c-446f-b607-ce755afda989", "value": "T10282C933E2A9C4BDC02BC2B8BB6348A1B4F87D601A71A47E43D315663F2DDB55BB4181", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701661022, "uuid": "50c5e3c6-fb1c-4f73-8a84-a25e1a0cfe35", "value": "384:5+l/c3Gf/u/a25UNceuvRCo+A/4R6PfVVCEyMCrxGT+g/vhSVJ:gaGHu/aKUAvRCXA/e6PfVVCJrxg/+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701661022, "uuid": "7f92c23d-568e-460f-affe-be655f049029", "value": 18512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701661022, "uuid": "0094b7ab-5137-43f3-aef7-6a51a2cffd3a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701661022, "uuid": "0260d080-738f-43fa-906f-38a29b231d07", "value": "SecuriteInfo.com.not-a-virus.RemoteAdmin.Win32.NetCat.bnr.7298.27367", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84a222fb-92aa-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701697156, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697156, "uuid": "2acb3fe8-7f3a-4bb9-bf2f-8c64076a7671", "comment": "Malware payload", "value": "fd13dcb5dc1b5271862ffe54f69536c7", "object_relation": "md5", "Tag": [ { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697156, "uuid": "41ecdf9f-1973-4225-b3ed-953aebc55bcd", "comment": "Malware payload", "value": "a8c2edcdfb0eb21f02951920e0ab7310192dfe14cc9f50c1597811d8cf6dbeeb", "object_relation": "sha256", "Tag": [ { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697156, "uuid": "2884c461-f6c6-4e99-ba50-c3d7a97e390d", "comment": "Malware payload", "value": "dd5e0c3303e27e46b191f0fc6e7b4677027ed447", "object_relation": "sha1", "Tag": [ { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697156, "uuid": "e5a7cc0c-57ce-49bd-9c11-41dad922063e", "comment": "Malware payload", "value": "de7548d76cdfb05d8f05556b6eb8742976d45cb2cccf3c81036c8950f25038e7dd5dfb14ef4132ec3e66d90133f8a614", "object_relation": "sha3-384", "Tag": [ { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697156, "uuid": "769e01f6-efe5-450e-84c1-2c490c145187", "value": "T1A531C7380137993D6CE988070954D3E24D8A9BCE21550EDF9E2A207C194FF04BB3948B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697156, "uuid": "fdc4102e-5ca9-4321-a19c-d32bd3d56c56", "value": "48:ZSL5+pmW9i+wrmSG+dUjjsrfW5KNZWDdUhnY4/+oU+w:ZSLHWcJysaKydX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701697156, "uuid": "e3222947-efc3-4655-bd5b-f407c6c4c06f", "value": 1753, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701697156, "uuid": "a79d9b94-8f9a-4c64-8117-3b33460e0498", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697156, "uuid": "547ce3b1-5762-4817-bf4b-019c611d1e2a", "value": "nDHL_Express_Bi.Z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b11c4095-92c5-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Smoke Loader)", "timestamp": 1701708827, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708827, "uuid": "14c57139-a5cc-471e-bffe-6009b593c4de", "comment": "Malware payload (Smoke Loader)", "value": "2d4c86c0c394987f36479bef0511a6c0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708827, "uuid": "085838c2-e464-4091-b2f4-3e8f18edbfd5", "comment": "Malware payload (Smoke Loader)", "value": "a95546e092f2acb686e0fc8856f161458497a4af4e45323647ee971f883c840c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708827, "uuid": "b11927eb-d7a5-4804-b7f1-a613f7fc1558", "comment": "Malware payload (Smoke Loader)", "value": "a9ac59a6f42abd0e3ffb0a2136b909975488f82a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708827, "uuid": "0699f122-af8f-467a-9006-c6b4a6f83672", "comment": "Malware payload (Smoke Loader)", "value": "361ebcf9e2538932e0d2e8cfdc5a1efc4247cb70f1eaa735f8110a2f731129b10fac8284a14445d1dd8bd85393807f2f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708827, "uuid": "27f3f526-0e1d-4589-9414-fa0c2c15d488", "value": "T19E54185382E07D41EA224B729E2FC6FC761EF6418E2D7B7A2118AE1F14B1173D663721", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708827, "uuid": "9bbd3804-52db-4d6f-b1ba-2c571f3a1d4b", "value": "c6c03f7dc47fd4d28111d0d85135fe38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708827, "uuid": "68e427f8-1bf0-42d1-8f58-140b549a72fe", "value": "3072:ybYZLX9WiSr3WJbSm2UCZJGD4l+GkysHBGbho6ryeWPP9D5Yv/sVZkTkr:yD7Yp2rfCyshuovrP9Gv/qiT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701708827, "uuid": "b944c75d-ef78-4cd3-94ee-a8e7b75aaaf5", "value": 298496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701708827, "uuid": "22d68b67-a0ad-4aaf-aea4-d6cd39b68feb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708827, "uuid": "575470cc-49ea-4ce3-8ea1-f5b00771c237", "value": "2d4c86c0c394987f36479bef0511a6c0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e37c3e1-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701680878, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680878, "uuid": "3092f131-10a9-4dbc-8d39-1eb9b0526e4b", "comment": "Malware payload (Formbook)", "value": "723c53e333a5718f2d30982d7599d1d5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680878, "uuid": "2ebcbf2e-d2fe-4e7b-8912-e69c23a61248", "comment": "Malware payload (Formbook)", "value": "aa6cd6162fb3dcd29b8b8d404c59e5cc6ea032f967af8aeb155e556ab872fc1e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680878, "uuid": "8ffe9813-11a6-4bbf-bec0-e68100bc945a", "comment": "Malware payload (Formbook)", "value": "742ff4aca7334e2b2ba7a9fe2ead19e0a1a000ed", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680878, "uuid": "34a16248-d03a-4605-b829-6f53ddc3ed29", "comment": "Malware payload (Formbook)", "value": "0c6ec5acba9edac94ddc1f0af9d0d022599cd46ff94cf03c3ba6e05b78b9fbca2f32f56267cc768ba835977ef43a4632", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680878, "uuid": "f9f68146-46f4-4862-a167-c19cb4323370", "value": "T1A7D4237AB2D59A62F73F87FF76C9C490D37AE5032230D62E680291C607A5F0D6681B47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680878, "uuid": "d6979fcd-76ab-4ccb-a008-a308ac0b3e0e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680878, "uuid": "4b66eeaf-9365-4a17-927b-56f869a3082a", "value": "12288:Z45+po25hAMD6e6lXBwsroaalCNO/AftdDbVglOR6lh+evDal:k+pJH90QsraCNOGSOAlhbvDa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680878, "uuid": "c915324b-f2a6-4c96-8b22-05e75687090d", "value": 650752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680878, "uuid": "81857fee-a11c-45c0-9a68-f7846fee0e24", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680878, "uuid": "081ec613-7ba1-4ce6-bd6e-dff696568a48", "value": "CtTZm1DHG4A9nbE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bbc4bbd4-92e6-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Arechclient2)", "timestamp": 1701723018, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723018, "uuid": "cb9d148f-a30d-41ff-aec9-10631d4669b2", "comment": "Malware payload (Arechclient2)", "value": "55e3fdc70f16b913d41205c7ae294518", "object_relation": "md5", "Tag": [ { "name": "Arechclient2", "colour": "#FEBA91", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723018, "uuid": "08f8eef6-ae24-4203-a4c4-f2cc5f6e399a", "comment": "Malware payload (Arechclient2)", "value": "ab03728734cce8444be6ece06a9f93f503149cde8bc577040784774ee36893bc", "object_relation": "sha256", "Tag": [ { "name": "Arechclient2", "colour": "#FEBA91", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723018, "uuid": "8edfc582-e3dc-43c2-acd4-725068f4f406", "comment": "Malware payload (Arechclient2)", "value": "bea6f2f98b2fe402474ae61803b3f78ddd62d43a", "object_relation": "sha1", "Tag": [ { "name": "Arechclient2", "colour": "#FEBA91", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723018, "uuid": "9c7222d6-3d17-4553-ad48-1a0848de7de7", "comment": "Malware payload (Arechclient2)", "value": "96f6a05766271dc58b82a2bc3ecd803b56a841bdb3486f051c73637530894982398587a56db40d11e0c64019804edded", "object_relation": "sha3-384", "Tag": [ { "name": "Arechclient2", "colour": "#FEBA91", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723018, "uuid": "53e6a149-e216-4948-9152-9736f4cd4c12", "value": "T1EB55CFECD98A5950C50D8CBDAD4218C73E215F0CBF2298E64E76662E163F25CC147EBB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723018, "uuid": "d0b50416-2241-4708-8d6f-1c18315cc9f2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723018, "uuid": "d7619dff-e015-46b7-b0dc-08a82543c66a", "value": "24576:f/ctogY4T25Jeah0UrY0iEhUK2toU1w4Sfp2OIyiWGHoaBIRmfirj:7nFUKzU1w4Sx2EBGHowIRm0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701723018, "uuid": "4716f3f2-62fa-421d-bed2-938572afbaf1", "value": 1360384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701723018, "uuid": "24c4cf66-31ab-423a-a3e1-168a10a051cd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723018, "uuid": "6fed874b-62f2-4dee-bd2b-926b2d85cd52", "value": "AB03728734CCE8444BE6ECE06A9F93F503149CDE8BC57.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b1a0d11b-92de-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701719565, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719565, "uuid": "2e09af0f-3359-4e1b-85b7-a9e0b051aed7", "comment": "Malware payload", "value": "58d28558b5e2ffbb0238ed852b0fccf4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719565, "uuid": "216eb85c-c408-4960-a9da-33cfd57ed764", "comment": "Malware payload", "value": "ab636afce7424bcbdc93485835088b2594011df6a55346cde38fb6d3423eb820", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719565, "uuid": "8beef3e7-a177-4781-88b0-78429032e2c1", "comment": "Malware payload", "value": "88ce8d1c7a152d5b1095d0ace8815c597111454e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719565, "uuid": "bbfbf5d2-c5dd-4491-be08-ad98584ee625", "comment": "Malware payload", "value": "9fca1dcc0da3d42b9bc01ded9d07b0b0fe4d742a232f105e12ea363add52c24bad6cae2c6288e7de195081d37cef7bd6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719565, "uuid": "607b1d57-3707-4d06-b7a9-2f94841695a4", "value": "T1E2A6331479BDC137ECE161704BA8AB390C6EB4290B314FD7A3A89DFE19691D13B31366", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719565, "uuid": "8dfbe8b6-6913-4ec7-bb37-bae360940403", "value": "0542d0089ad33ee09d1fa893d5c462ce", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719565, "uuid": "c0cb0ab9-fbe6-49f4-aa0d-0d015aa2f5eb", "value": "196608:or04S46+BHT0Bwl7GGlCfYB+w+Ug1LzKlH8lHwqa:JjMTywlCGUYB+w+z6lua", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701719565, "uuid": "614d902f-0bf8-4773-a526-9648cb98ff08", "value": 10201752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701719565, "uuid": "79e2f6c9-6318-421d-8349-ee442a2274dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719565, "uuid": "55ca4e22-4312-494f-8a45-afef664bfa5b", "value": "58d28558b5e2ffbb0238ed852b0fccf4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17e9729f-9277-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701675069, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701675069, "uuid": "244df1f7-f420-4acc-ac43-0e9bbd6c7131", "comment": "Malware payload", "value": "5199a19cedf0462ba5cd649b80bf1e4a", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701675069, "uuid": "dd07aa83-21b9-4f74-a411-46ffa27ab04f", "comment": "Malware payload", "value": "ac3afbbf31cc7b44a4af290fb232f8b7a1aafc744bbd2e14dfbc8d167f594683", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701675069, "uuid": "820e8579-eb24-4f62-8cab-4a0ab4b8caa0", "comment": "Malware payload", "value": "18417490d3bd93a8f5384a3804f29a9ea9599a3f", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701675069, "uuid": "f7648d23-bb96-4932-904a-a1aeb712c404", "comment": "Malware payload", "value": "d5667a66f013c9f8bd723d9d5b02e87ba695d73973ba27acb08fc934aa89c1a198f3cfb9c5796665e3872271cb55c518", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701675069, "uuid": "4738e004-809c-4c7a-92e7-29cf96af106d", "value": "T15D56334AA75089B0E11DCFF16925A19168F2BC6A56C8F57BA711F87E2E74E064232C3C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701675069, "uuid": "f28e0479-61c4-4570-8274-17a735522f9b", "value": "24576:772vh3wT1O6QBt6qWAixZ2enwbCPOIuBB3W6xKNmzgZMMK2bi:/2vqFQfGAixZ2e1PbuBDUNPMnd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701675069, "uuid": "cc2886ad-f697-483e-a914-6ca7c75d65aa", "value": 6217056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701675069, "uuid": "e1e2caa6-0dc5-4298-abce-071b3460ceb2", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701675069, "uuid": "de86862f-f0c5-4b1a-a7bd-b77daf916252", "value": "SecuriteInfo.com.Linux.Packed.1241.6641.20743", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4488219f-9252-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RiseProStealer)", "timestamp": 1701659252, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701659252, "uuid": "eb78e3e6-cc6b-47b8-8432-2528c96553b2", "comment": "Malware payload (RiseProStealer)", "value": "57e5b53bbca8250099a6e4f56d9f3f13", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701659252, "uuid": "2bd1706e-164e-4fb5-b925-d584af43aa68", "comment": "Malware payload (RiseProStealer)", "value": "ac516372cd0ab0acf9cf40d0f42d2a72cec89ba39e2d1ef6ed37e7f798a3f7d0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701659252, "uuid": "e6a35d66-7593-4a4e-a0c4-01941fffc264", "comment": "Malware payload (RiseProStealer)", "value": "f82f5c0883aea734589621b304545f9f8d91af6d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701659252, "uuid": "6a820585-482a-4fa6-8b88-11c16cd55e42", "comment": "Malware payload (RiseProStealer)", "value": "e1678f640af4f36a297d43a41864d0054601021a8b73e575347fd393572b723d89fe9c606be8481fe17f1d8c2a6c5f6a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701659252, "uuid": "f7ea3ab9-a1c2-4945-a385-3d4cd3a67fd1", "value": "T1DB658C31FA08D4B6D09210B0916D6A7B91587A322BAF4CD7F3C05E6E41B52D2F235F6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701659252, "uuid": "33f8830d-cf04-45d1-b689-507fa6d269b0", "value": "078471ac5a76189ffe465abe0c89c6b7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701659252, "uuid": "31f9ffa4-4d37-4bef-b0e4-c0c5124e0e36", "value": "24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WBI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701659252, "uuid": "08b5d9aa-3508-4eb5-88b5-b6320b7b3344", "value": 1540038, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701659252, "uuid": "9b04a398-3b4e-41c7-b9a3-b2f25c8c1cd1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701659252, "uuid": "587b7a18-aeeb-4994-b0a2-7fb42282ea80", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c9e18db9-92f1-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701727766, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701727766, "uuid": "c6a3105f-4d27-40e2-9825-488b218567f2", "comment": "Malware payload", "value": "2bd0361c2f7112a91e512ad743dd0221", "object_relation": "md5", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701727766, "uuid": "3fad6fd5-09d3-4385-9228-031c21d4d2a5", "comment": "Malware payload", "value": "ad461e18ffc9c41133a0a24a119a72dacdcca46b5d4948959be0ad1a27e62ac1", "object_relation": "sha256", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701727766, "uuid": "ed57025f-d687-4206-8577-5210fc00c7c8", "comment": "Malware payload", "value": "9e6725dd489b4ac0c6e7b2d9e54c94e236f63b5d", "object_relation": "sha1", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701727766, "uuid": "8594bfad-ef22-4633-b64f-e483c1c661e1", "comment": "Malware payload", "value": "a618af6bb51a43df0042c0519d685b011c58a68be848a92a6d43f1bcc2789d51a993acca8d45ffdf97676a61d5422f46", "object_relation": "sha3-384", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701727766, "uuid": "6be2eb20-34b9-4668-b75e-cbf3858a7b48", "value": "T11EE1AF20E4B7AC9AFA030D611B3E6F58560AF416CADC496107BDD2224630DEEE7C4876", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701727766, "uuid": "da8330d5-2765-4acf-b346-4d662a8ec920", "value": "192:a7JLmmd37qJ2AhpMJO7QgmvNdGOv+hxTSfO0OeT:a7JLft02Ah7UgmGOvuRAO0OeT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701727766, "uuid": "26791466-fa04-45aa-b235-3f87a32a9f16", "value": 7126, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701727766, "uuid": "3695a387-8f7b-48e7-8278-5c642659825b", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701727766, "uuid": "34e120be-3563-4376-a326-f953e49d829c", "value": "infected_NKI.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "042aecf9-9242-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1701652273, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701652273, "uuid": "622f04a6-82b8-40f7-952c-002825433c59", "comment": "Malware payload (RaccoonStealer)", "value": "2fe5b54253ada505c9b5c255c2c951e0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701652273, "uuid": "a5e87487-1e7f-4d8a-a804-f296413b832d", "comment": "Malware payload (RaccoonStealer)", "value": "ad901092cbfd7145f8066f1f89c73db3c8d9c3fc9cfffea1d550daf43dc4978f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701652273, "uuid": "8d7499db-e5f1-453b-91fc-eb27fe001e4a", "comment": "Malware payload (RaccoonStealer)", "value": "d493db59b6ec1686c603c30b42436474de8529bf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701652273, "uuid": "d6e8a6dd-540b-4e3f-a101-1ac2661a85d0", "comment": "Malware payload (RaccoonStealer)", "value": "b8f2fa03b637c5d07a7dcb90bd4438c25e0037298f1f8174f4d99d89f54306f869970f604b28b450e9b21597f2ef18ec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701652273, "uuid": "23548f13-a890-4617-847d-b1580ef9adf7", "value": "T19C563373631721C1C8DC88338F23FD9072F6B26D8F819DBD58A6ACC66AD25E5D612943", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701652273, "uuid": "9c3b2ea6-4654-4eca-b978-d4d626560c1b", "value": "4badf5cc096c479bb9d07f7fe1f1b22c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701652273, "uuid": "722118f2-b6e4-4d36-b39b-f84977aa7f9a", "value": "196608:C2gpwjlq+kONFI57jtjhholOiFOVw9ESkU:2wjQ+k7hYOi0wSSv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701652273, "uuid": "cb33b46e-457a-42c4-899b-c8f598f1f94c", "value": 6466560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701652273, "uuid": "9a8a575c-dabd-46fa-b240-6b5088137eec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701652273, "uuid": "22d0d54c-f21f-403c-af4e-e59846d45666", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "721b3d1e-9276-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Adware.Neoreklami)", "timestamp": 1701674791, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674791, "uuid": "f14054c2-7f25-4e12-a531-028e4a24768b", "comment": "Malware payload (Adware.Neoreklami)", "value": "b5791d08cb6126eb11b2589be01ca084", "object_relation": "md5", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674791, "uuid": "36810b54-41b4-4d3c-a7b6-428feb06464d", "comment": "Malware payload (Adware.Neoreklami)", "value": "addc88c9e1b2bcd7208022f9165553fc647a45e52a7bd4fa93bd87e18d53a46a", "object_relation": "sha256", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674791, "uuid": "20826fd7-9947-4d94-aa8e-3731c3453137", "comment": "Malware payload (Adware.Neoreklami)", "value": "a1704188b5161c8b410693cc05742cb6e5972fdf", "object_relation": "sha1", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674791, "uuid": "9e381015-c4bb-42b8-a0a6-abb02023d307", "comment": "Malware payload (Adware.Neoreklami)", "value": "792dbbdd63f145fffd8367fbac1d4023932c647359e03378e325860acfca27506f062749995c1b496ad27053b9a50c70", "object_relation": "sha3-384", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674791, "uuid": "33769522-fbbd-4440-9eae-73e120a27423", "value": "T1D076336076E4D4B6FBAA06F0DB83079628F0ED158932DCA723EF0A9D1EB5CB54035719", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674791, "uuid": "077d095b-86e6-4d6f-9415-569081c4ebcf", "value": "3786a4cf8bfee8b4821db03449141df4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674791, "uuid": "a72bce20-164a-45a0-8d9d-aec72bb8d22b", "value": "196608:91ONxr0RSZyXSniDMx0npZbRZkOlyJhI2mpATFEOeVQjVS1b:3OLhgXSi1pZbRZeZiATdjVI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701674791, "uuid": "92233559-c56b-4870-bcea-e140e5233962", "value": 7546015, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701674791, "uuid": "7ed01550-5e29-435c-8387-3d08d4cd4b67", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674791, "uuid": "5c5b7d2c-dbed-48e5-a124-dc6697aa6de3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2738f8b9-92d6-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RedLineStealer)", "timestamp": 1701715897, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701715897, "uuid": "29d2f93b-47c2-41c5-b562-65f423968eee", "comment": "Malware payload (RedLineStealer)", "value": "0128fc5257f65aad835260acf8ce0301", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701715897, "uuid": "ef0b4dfc-1239-4744-9a17-3f51c01e2888", "comment": "Malware payload (RedLineStealer)", "value": "ae686f55ab125bdb9989ddec44478c68c481f1a3982b858862db9dfa79643ef2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701715897, "uuid": "8fc801f9-1cde-452a-9531-1d2f8cfece9d", "comment": "Malware payload (RedLineStealer)", "value": "48916f5f505991d510c4934aac30af6c78a757c3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701715897, "uuid": "9f59e75a-24bc-4fa1-9c81-3dc11aa76665", "comment": "Malware payload (RedLineStealer)", "value": "d8abb9378cddf64b6570853bbddf3c190f09789804efb141b8d0b30a3e74d2c2a362784f735eed274dec2c141eead0ee", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701715897, "uuid": "1e6e609d-4058-482e-91ac-eaf9a36dedfc", "value": "T12E641864FDE0DB58EA85A4FC2C1CF76C043AB3D68AF014AF430A956859C4D52CA2DDF5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701715897, "uuid": "35c96eca-09f8-4d47-b3c9-ec989be6940a", "value": "1ee05438782cb7040e10c1d388320229", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701715897, "uuid": "bb00175b-2186-4e78-babf-754cdc506d48", "value": "6144:OJRvl36AXRiPFm0SdkwUdkpqP9OpciebSkb4cKd0b/e:OJOwRyFm0BwaRP9Opciy4cD/e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701715897, "uuid": "7854368e-9475-4fef-b494-f3d8352635b0", "value": 324896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701715897, "uuid": "d0b9e8a5-8914-45ba-ad81-76cd48a921a9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701715897, "uuid": "480fc553-e820-4424-910c-30c88b90031a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba61ae7d-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RemcosRAT)", "timestamp": 1701680925, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680925, "uuid": "ab5562fe-6fb1-4e2d-9d60-9cb1386e39f1", "comment": "Malware payload (RemcosRAT)", "value": "04e37e5168ba4fef043cc74ea316debb", "object_relation": "md5", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680925, "uuid": "858c3fb0-7733-481b-a779-469e19b328a5", "comment": "Malware payload (RemcosRAT)", "value": "afc2ab9021c431902f09097daa864c5eb82cfd193e72a388d89f3444c377c2f0", "object_relation": "sha256", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680925, "uuid": "d378a7bc-c417-4a19-9d64-5ff674c15213", "comment": "Malware payload (RemcosRAT)", "value": "aaa8e33c08ca5f12520fed81e4a3f934422a8d36", "object_relation": "sha1", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680925, "uuid": "f9145f95-4c37-409f-a6b7-e1198399a60e", "comment": "Malware payload (RemcosRAT)", "value": "ab8c07f03690e422424aa3af8496208d7431ffd81acfeeeacb2532fdfa44f493c66582aa1a6cc468cf5e33317c3a410c", "object_relation": "sha3-384", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680925, "uuid": "61d0fb05-b029-42bc-97ff-b8462a8504cb", "value": "T159841205F922C72BCC539034C887B1CEC769EC996F45578F31C9739F863A2E2514BAA9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680925, "uuid": "9fd11a07-938d-4043-bd18-bcd33a841143", "value": "6144:Sn1m9kdbFyeStrP+9LFRLLckUXDjKp2xzThKQYlAw0wmFkbfGoly3Xyq3:SOeJyeSt+LFRSDjKCQJhmCbfGk2Xn3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680925, "uuid": "4a633492-8e02-4163-9c9a-f47173fa662a", "value": 400896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680925, "uuid": "4d2ace86-883e-44df-92af-434687878758", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680925, "uuid": "a37e862a-b01b-4e8b-8c1e-d56a892de461", "value": "PO 4600001231.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f7e24c41-92ca-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701711093, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711093, "uuid": "99a05fd8-17fe-453f-b772-f0aa5faf1b77", "comment": "Malware payload (SMSAGENT)", "value": "3337f8bf7fb87526673b3b0e4f19a14c", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711093, "uuid": "ff7f90a5-64ed-401f-9c80-9faab35b604a", "comment": "Malware payload (SMSAGENT)", "value": "b16e6505eaf7f73498f61bc8eae9a6c76e5d03cd28542aaf0f4e54b167777ca7", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711093, "uuid": "ec5c91c9-baaf-454d-948f-afe1d61a6b61", "comment": "Malware payload (SMSAGENT)", "value": "032d8d258eea99529711a29706b3bb4795cfec97", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711093, "uuid": "76c95267-7d8a-4de8-964f-1da0adbabd03", "comment": "Malware payload (SMSAGENT)", "value": "56e497e84cb82cb0c340edc338efa8b5428924f8f185df11c622ec4269bf449815d895ce2da921a338fe6ca2fe3beb94", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711093, "uuid": "63e2ac1f-a73c-4ab6-9af2-b7419a6c7e73", "value": "T163179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711093, "uuid": "5a45f571-cdd7-4b49-bb49-c2938aa2156e", "value": "49152:VuuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvY:/v+49UBEIIddXHNqjeceynMI+lEaAUJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711093, "uuid": "2185d0a7-9953-4ac2-8364-ea73bd0e38a0", "value": 18573515, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711093, "uuid": "735108ee-6542-4242-bab5-fa5fbb66763a", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711093, "uuid": "0df84bf6-dbb0-497b-b8ae-b06b9756d5b7", "value": "\u0418\u043d\u0442\u0438\u043c\u043e\u0447\u043a\u0438.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de7837b2-92ff-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RedLineStealer)", "timestamp": 1701733814, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701733814, "uuid": "3a8066eb-d1aa-4bfc-87ac-42275934f9ca", "comment": "Malware payload (RedLineStealer)", "value": "2f23c78f34867bf7412a88e14c93982a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701733814, "uuid": "e105a22c-8581-425d-9f48-45a5377d62ae", "comment": "Malware payload (RedLineStealer)", "value": "b1bb3ceaada5d327e792e08ebf4b09f96573b3d320d5f9dda3050ea3e2f23cc2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701733814, "uuid": "919b6f79-aeca-4065-b737-02d345f5b0c7", "comment": "Malware payload (RedLineStealer)", "value": "ce3bee5ed05e5d7e7fad0b4e1e060f7dd33dd9f1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701733814, "uuid": "12abb33f-adc9-4c5f-97ad-b047d7e5573c", "comment": "Malware payload (RedLineStealer)", "value": "44b316c8dc250d24cd37b25dda4995509c1be58bab2543872fb3a73737c835ad9857a73ab6a36638e617647a413c4466", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701733814, "uuid": "2630d0ab-76eb-4c07-9a6d-854cb76e1b92", "value": "T18D34AE289CC594C4E44A9AF6BF90DAC377B6BF316243000C1D5DA2194B277B6ABEF4D4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701733814, "uuid": "fdb45d7c-a9ea-446d-a4a9-2fd9191a9a47", "value": "dd57e6241193db02ac9b4aeea2df893d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701733814, "uuid": "f31f9ade-8162-4fcf-a2b3-27ab4a4fb16c", "value": "6144:3DMPhKHrqe6kAh3mhlCKAMKmTPxEFCYv9gaLoXhldtpFK1:zMZUrqxMRPSCYv9gaLoxl5FK1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701733814, "uuid": "3c356f72-b7fd-4f10-bb65-1d5e83d53ea2", "value": 241880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701733814, "uuid": "2fe7be29-6aeb-465e-a2ef-39e986602e32", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701733814, "uuid": "644acfa2-4f21-4463-b9ff-4c00c5845476", "value": "2f23c78f34867bf7412a88e14c93982a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6775f70-9295-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RiseProStealer)", "timestamp": 1701688300, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688300, "uuid": "6bd40506-0fbb-4472-9dc8-20bb1a54e612", "comment": "Malware payload (RiseProStealer)", "value": "2ddcc114d4c7f87484f185cdf236ec29", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688300, "uuid": "baeb8f5c-10f8-4cd2-bce4-ef9519178c6c", "comment": "Malware payload (RiseProStealer)", "value": "b1ffccbc4c87c2210706d27b29a87dec1defd32f035ed69624ff6cafd9132595", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688300, "uuid": "b8878c96-9c19-48bf-b77d-614c25be916e", "comment": "Malware payload (RiseProStealer)", "value": "765a5614c8abc0a6c58db5b3fa0ca6066ddc8011", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688300, "uuid": "0b10e828-b11b-4517-89f4-806788a99896", "comment": "Malware payload (RiseProStealer)", "value": "e2b37d47c7e6f633da76b600ebf6c4f18ae87f8ba4336311cddac85af76150a66eea2e08721d676be436ff4db1aeb5ed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688300, "uuid": "38e12eeb-b3e6-45bb-a735-5915b996db2a", "value": "T1DB658C31FA08D4B6D09210B0916D6A7B91587A322BAF4CD7F3C05E6E41B52D2F235F6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688300, "uuid": "8b747711-9294-445c-b6e2-91f551767ecd", "value": "078471ac5a76189ffe465abe0c89c6b7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688300, "uuid": "4ce7e139-21da-4dd0-bfa9-6965c5fd9a8d", "value": "24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WBI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701688300, "uuid": "7cb4a904-4b67-4295-beda-a468cd31c7b9", "value": 1540110, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701688300, "uuid": "44924740-a603-437a-9b97-8df9cf9a3460", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688300, "uuid": "9fa27a82-04e1-4a64-9da9-68259a2ba1f4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "020e614b-92f4-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Arechclient2)", "timestamp": 1701728719, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701728719, "uuid": "39258474-4386-4622-9360-886d9fd77ccf", "comment": "Malware payload (Arechclient2)", "value": "021cced0e33ec3e85b200362c8b2e976", "object_relation": "md5", "Tag": [ { "name": "Arechclient2", "colour": "#FEBA91", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701728719, "uuid": "9e8c49c4-2de1-4c30-9c61-bec5ac32fe46", "comment": "Malware payload (Arechclient2)", "value": "b21828c19379e88e9ab5b8710bc4a7278cdb7671c28e06e3e0badd94c4b724b8", "object_relation": "sha256", "Tag": [ { "name": "Arechclient2", "colour": "#FEBA91", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701728719, "uuid": "27583e6e-c530-4c1c-8961-f5cb8987f7b9", "comment": "Malware payload (Arechclient2)", "value": "a9e8c59b6acee2e09f590664e3c2ee5163cf8460", "object_relation": "sha1", "Tag": [ { "name": "Arechclient2", "colour": "#FEBA91", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701728719, "uuid": "2df2c01c-64b0-418f-9f56-6eb2f9e9ffe5", "comment": "Malware payload (Arechclient2)", "value": "471cda9d3270934aad66b5f387a06f547a67dbc64fd5fd5820abc5f5f09d15923d3d35775f6cc27c8493d57b2fbea06d", "object_relation": "sha3-384", "Tag": [ { "name": "Arechclient2", "colour": "#FEBA91", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701728719, "uuid": "26bd670a-a556-478c-b451-c127da5684c3", "value": "T1581502063BD16873EBC849FF583759A501A94F16FE7D161B61048242A373FA864AB8F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701728719, "uuid": "b01ec475-1b8e-46cd-b1fe-339a51037475", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701728719, "uuid": "f4f4a200-e92a-4341-b15d-8ee659696b23", "value": "24576:oUVt+l9IAXBbuBv2SMUDlkSOvf57vs2HW:HVUluMB38457vl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701728719, "uuid": "dbb508ef-7fda-4193-8877-83f1b990b5eb", "value": 914944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701728719, "uuid": "53351113-1303-401c-a5eb-30c0c91360b2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701728719, "uuid": "b1c8aa99-f912-463f-b0c9-35f4e46f1481", "value": "021cced0e33ec3e85b200362c8b2e976.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f49ebbf3-92ae-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701699062, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699062, "uuid": "e52ff670-831f-4de8-8c62-ddf7c202c4d6", "comment": "Malware payload (AgentTesla)", "value": "e017a9394fedd56c4a42d2dfe2b4d869", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699062, "uuid": "7c3b4a5f-f20c-4086-9f97-3d869f425fba", "comment": "Malware payload (AgentTesla)", "value": "b27a2ffd8bfdfccbcc957473ac4492c13769913e2892bc41543e5b6bdf3aa2b8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699062, "uuid": "d1973fa1-1ada-4477-92b8-813fe3e0dda4", "comment": "Malware payload (AgentTesla)", "value": "d05616bdaebb99b9666dd4748cb6ec65222db151", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699062, "uuid": "a493dc10-b4e9-4302-af1f-40130a0ad2d9", "comment": "Malware payload (AgentTesla)", "value": "22f41f3337e55b1143b607e03a57edd8dbb94233d29b14ce1c09bb244ead11f7629c65c878b7df5c368630668650dce2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699062, "uuid": "3b407ed5-80ba-49be-95b2-368fcffc494a", "value": "T13F43875F5EB4028500FB1E5EB6C80895F4964853CB7D9C7838B8791A2D34F843D7AEAB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699062, "uuid": "3eb23d9a-7543-4e00-8650-154d467d78da", "value": "1536:9+8+aDJAkChjJsCujxLeiO927WSidDyE1Uituy4tfC95fSx1JFr5rshhf/nKI2Zq:I8+aDJAkChVsCujxLeT9eWSidDyE1UiN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701699062, "uuid": "a145a39a-e0b5-4e94-8fca-eeb309437b48", "value": 56906, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701699062, "uuid": "0ee0d6d7-d6f6-4fd1-b632-aac53b4514fb", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699062, "uuid": "056b6546-1a29-4a16-9e5b-a16b85461637", "value": "INVOICE PDF.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98a370ea-92e0-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701720382, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720382, "uuid": "c6ab0123-6cc9-4b24-b9f0-4800d5e21efe", "comment": "Malware payload", "value": "0deac49b052ab99d5d046a385439198d", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720382, "uuid": "b19000bb-974c-456b-ad2b-08f8225265ba", "comment": "Malware payload", "value": "b35caf6d0694b55ba3161a2193363ac2bd4c4c971051e42c7d53e5c1233c1471", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720382, "uuid": "1f177e52-f034-40d3-a17d-196d367bebe6", "comment": "Malware payload", "value": "bd3f8974f72019735cdcfd6eced51dd949720832", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720382, "uuid": "56e6282c-ee5e-4ab7-8c4f-5f227f15ba2e", "comment": "Malware payload", "value": "df69f777ceeb651bcfcef08ef6e020d0ff2eab6455405be640fdf3b23ef3572d216b652f08c47b0409677d937ce4ec73", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720382, "uuid": "64dbe788-95c4-4679-b9e6-09f1dd7b8b60", "value": "T14676011AB71EFC0BE263DA3263728D4B772F85F51251E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720382, "uuid": "f661b529-b5ce-4e55-a07b-8729baf3ff99", "value": "196608:trzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLr1F3nswU/Q6FKNcnFb:5w0pdMGbwBAej2R7nswxgFb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701720382, "uuid": "1b5e1b44-82e0-42c5-b421-d63033cbaccc", "value": 7345424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701720382, "uuid": "df237edc-317b-41e3-b709-d9f895e793ae", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720382, "uuid": "53d90e81-8a44-413c-b20b-3ec4add97c75", "value": "\u0418\u0433\u0440\u0430 \u0432 \u0434\u0443\u0440\u0430\u043a\u0430.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3bcbb264-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698322, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698322, "uuid": "ea7ecdb9-2356-42a6-b1f0-46e1e78cdf3d", "comment": "Malware payload (SMSAGENT)", "value": "314203df77d282ab5288f54029e77f31", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698322, "uuid": "07448e07-253f-4af1-b03c-bfe0f1017848", "comment": "Malware payload (SMSAGENT)", "value": "b4086dced1ab7646ba16bc714420868b9f74bf7e2b3635148c81007e737f90ca", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698322, "uuid": "7c6853b1-b2dc-4b5f-bc99-a6ba1ed54834", "comment": "Malware payload (SMSAGENT)", "value": "b2b96aa53570b9254b5923dbf9f4b2289f140097", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698322, "uuid": "c7694bd7-88d7-45d4-bd41-a36d6dd86ff8", "comment": "Malware payload (SMSAGENT)", "value": "37decea2dfd5391755947b5ccce8fcba27da7199ac0f2e1db3d909d94cc7e0fcf25fed3c3e5f367b53f23484c9710df1", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698322, "uuid": "a3becb6e-0733-4a1b-b23e-85e712ea73bc", "value": "T171660178731CF40BE073DE312371414F75E185E51A72E312AB07B8586DABD84A9EEE1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698322, "uuid": "89cabfd9-efe8-4d96-8037-9d0c98bf58b1", "value": "196608:4yoEI25FawilQcbk2fwDBCSAZ9J9DCJY0:4ZG50qIkjpAZ9PDI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698322, "uuid": "c38c2ef9-8e00-42b7-87d7-20c9fb2ca4ef", "value": 6699958, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698322, "uuid": "c05dfbe4-b3f4-49db-a250-a133bfa2a744", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698322, "uuid": "712c569d-2959-49bf-a6c1-2d719ab94641", "value": "LookMessage.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35d3d7d0-9258-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701661805, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661805, "uuid": "37a53f15-4ee5-4564-90c4-77011bdfce74", "comment": "Malware payload (Mirai)", "value": "24e64b07c0b031175b2f2c4dc7f09772", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661805, "uuid": "f93e8c97-60c8-4762-82d0-3f535ec68465", "comment": "Malware payload (Mirai)", "value": "b435bb566b77602bf3576f15a92740a370f5ed150d52ed92fc2036932dbef79c", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661805, "uuid": "139b09a7-8260-4814-99be-ce8d458d65ee", "comment": "Malware payload (Mirai)", "value": "f42db6e538b8b2fb9da830d59fe052ca7542ff2a", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661805, "uuid": "a262f8d7-f843-4205-80ec-7733ade793ca", "comment": "Malware payload (Mirai)", "value": "3a1e53a8f4907b18e3ccd5d3d8e47c3a42b268d56b43903db57ee8f2ad412ac2f9bd742bcfc92e37bace47843afe65f9", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701661805, "uuid": "f2819e07-cfed-4deb-bd77-dcbeaf7efcec", "value": "T103433A85FD815A13C6D015B6FB2E438D372B13A8D2EA73039926AF2137CB9270E77651", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701661805, "uuid": "e8a94ae9-99cd-440a-80fc-30568f3611e9", "value": "768:kvNxT3OHkVwftjYpvZzcSMEPcnCD6ueAzbUiucnM9BqQmFhxZRBVumovXHI:6NZOHPflYluhS68z/i9Ev1ZbNovXH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701661805, "uuid": "dcc1ea18-9a2d-405d-acfd-6ad56b15eceb", "value": 58108, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701661805, "uuid": "3861ddf4-88f5-47d0-b549-3137037077bb", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701661805, "uuid": "827e06a1-8343-40ec-a6f8-2000f0519295", "value": "telarm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3b966da-92aa-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701697235, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697235, "uuid": "34c2926d-cacf-400e-ad27-7fd16dc83441", "comment": "Malware payload (Formbook)", "value": "4119b551eb2ced660f01c5ce1643311c", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697235, "uuid": "04f35a90-562d-4670-8291-0260dc8dd305", "comment": "Malware payload (Formbook)", "value": "b472e0868ad8c08854f2272abd8d06fbfe068dd61803d6e3ea1866a46c14fe27", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697235, "uuid": "c9c3373b-d82b-443f-b60b-80f7e821266e", "comment": "Malware payload (Formbook)", "value": "c765aec651543cb420b5d8cc17085c29ef53227a", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697235, "uuid": "899510b0-c2bb-43fa-85aa-33fb77a4dce6", "comment": "Malware payload (Formbook)", "value": "e9f1baf1a1f89b41ac5f2e6838ea24acbe18e55ae81e896e0b00b5fd6207566264fe323d837aced658e910aba8539bb7", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697235, "uuid": "105b6d11-e668-4eac-a623-faf2bd60db23", "value": "T11345239163A88B6AE27507F51EE4A90A07719A0154E8E61E7CFD50CE6770BB2C77330B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697235, "uuid": "32279a2e-e8b6-424e-8b8e-074591e226cc", "value": "12288:o2iNtIpl1OdUsf8a4qF7yxdCvpk8ipZhGOQJTtpxRFpf0yTn:o1pOsEa4qpMdwk8hJ5+y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701697235, "uuid": "68a84660-ea64-4b01-a343-097f8e1da103", "value": 1245184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701697235, "uuid": "f9a678d7-fa22-4497-8238-e32534e444da", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697235, "uuid": "a143c185-fc8a-437c-b0fd-d5b27fa6166c", "value": "n3306-2260775 - DEC REQ.ISO", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee10c85a-9253-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RiseProStealer)", "timestamp": 1701659966, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701659966, "uuid": "cee8dbb6-4bbc-49a0-955c-c2b62a972bdb", "comment": "Malware payload (RiseProStealer)", "value": "a3bff7712fc17bdf4d93480e972c0f02", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701659966, "uuid": "aa36d55a-b7ad-45e3-909a-274def68321d", "comment": "Malware payload (RiseProStealer)", "value": "b56d75d1eb9430844f16e85a8a09d4d691fb8774f80f684d232747cf850c01bc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701659966, "uuid": "1b3ea97a-abb8-4fd3-9f62-d79e7a1a763a", "comment": "Malware payload (RiseProStealer)", "value": "d22241129ac09f89742ced9b34767a0c11593403", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701659966, "uuid": "b60668ae-7619-43ec-b071-ccb5d67e2b60", "comment": "Malware payload (RiseProStealer)", "value": "4352dfd114e634d41937d3b99ebac1c17b571088a2e6ca7970ea66b00ff84238218c2a569a0857140f7d6fb660aebfde", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701659966, "uuid": "b6c71bd6-9778-402e-9bf5-af3127ba09ed", "value": "T143658C31FA08D4B6D09210B0916D6A7B91587A322BAF4CD7F3C05E6E41B52D2F235F6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701659966, "uuid": "3991b972-9800-4a22-887a-bedc612da873", "value": "078471ac5a76189ffe465abe0c89c6b7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701659966, "uuid": "5a15cb11-04a6-4e5e-acce-faf7c154006e", "value": "24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WBI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701659966, "uuid": "441cb4a8-dcfe-4eb3-89c8-e039bdfd4a33", "value": 1540039, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701659966, "uuid": "a69f8f24-38dc-437d-9250-4f2223c473eb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701659966, "uuid": "e3d96b7f-b762-4478-84c4-6793c8d19434", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d53ef7a6-9286-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701681829, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681829, "uuid": "b01702b5-f64a-4265-8f30-d60fe3cf9d6d", "comment": "Malware payload", "value": "93770fbe0f765e017d4d09627973daba", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681829, "uuid": "d1188037-49ff-4027-8ce2-ad0ddc94c8e9", "comment": "Malware payload", "value": "b65a984b88a898a9f74847bbc0e491c530b116c668fe0b8c817326b369da4488", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681829, "uuid": "9b8ca339-dca9-4c09-867c-51b85dc78165", "comment": "Malware payload", "value": "700fb84c63f0a6c7a454617c00d4d9a01fa247bb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681829, "uuid": "ce2b24c6-d7f7-484c-a523-39eb69057300", "comment": "Malware payload", "value": "e209cf1fe1e1c956d6367d707ecc5a6b9acea172ac0b1a81ae72929eb4a3b50d9bd79ae8251171088e673de37f7c74a2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681829, "uuid": "78e4915a-bdc0-4127-9dfa-36ccbf2fc01b", "value": "T15F9394439A48561DC9AEAA366CD276C106218DF1E286E3C75CD8F22C1BB67D71C52EC3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681829, "uuid": "4347543b-b794-4630-8771-8bd3f0f46dee", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681829, "uuid": "caeeddd2-b620-43f6-afe3-fc65b64740ce", "value": "1536:aHS4PfQgS7s6dFEvh4hGZUTO7B3MJvba:aZeLFEJ4hGa0tMJvba", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681829, "uuid": "9a3e5563-bc29-4d3c-9bc8-12871afd8954", "value": 93184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681829, "uuid": "5119b43e-b536-4085-837a-b00d0c2f68be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681829, "uuid": "e753d1ce-51fe-4abf-9a97-1293b4f023c5", "value": "COPIA BONIFICO-2314678 del 27112023_pdf .exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38b96ddc-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698317, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698317, "uuid": "f88a3783-e2e7-4b35-aac5-db8a6ea16a83", "comment": "Malware payload (SMSAGENT)", "value": "0255313e8e22e1d46c727274ae3c4ac7", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698317, "uuid": "3cd23fc3-5d48-4290-a9da-b2eec618d383", "comment": "Malware payload (SMSAGENT)", "value": "b69c02020c4e827128f4366c93f3e1f7be6e1e19469942030e0dc4383690dfdb", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698317, "uuid": "259fb121-2cb4-4ecc-bfc5-c4cb61d7efb6", "comment": "Malware payload (SMSAGENT)", "value": "c00845d6fde8582907741efee23048c95f31b528", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698317, "uuid": "6e95c712-af08-4d2e-874e-6919d8da5706", "comment": "Malware payload (SMSAGENT)", "value": "ef053be4db825889511c5b2e53df0924339d2acb353f6cf34a5b1807a1a13d3a80e4a528be1e493e3ca99e9aa7a83fe2", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698317, "uuid": "74c58442-7596-4057-8c2a-84d0549d2d5b", "value": "T1CB66011A775EFC0BE263DA3123724D4B772B85F51360E3126B06B0686FB3D448D6AD1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698317, "uuid": "dd067d11-6a0e-4e51-95f9-c57bd650e771", "value": "196608:6yoEI25FawilQNbk2fwDBEvAZ9J9DCJYB:6ZG50qJkjWAZ9PDl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698317, "uuid": "fde8094a-95be-44b6-bacf-2568faee1cc8", "value": 6695861, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698317, "uuid": "443e3c8a-c3f0-4db4-b1d7-1444ddebcff1", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698317, "uuid": "5c7082da-8c52-4fe1-9843-8cb44b9cc4f6", "value": "GIRO-\u0417\u0432\u043e\u043d\u043e\u043a online.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a7fa2c5-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698347, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698347, "uuid": "d3d7fd25-46e2-4b9b-a9ae-b6311f9acd14", "comment": "Malware payload (SMSAGENT)", "value": "b8e847623ab857f1e50fcee4ccdfdd7f", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698347, "uuid": "0fafe13a-a7d7-4226-931d-0610b243c683", "comment": "Malware payload (SMSAGENT)", "value": "b6ef651b062c36b33f09a30b9ff8d5789b9aefa4a9e23db7529842a47a78359c", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698347, "uuid": "d790c1a6-052e-4af7-8003-a50c1a1dda3e", "comment": "Malware payload (SMSAGENT)", "value": "7b238e61d950b426c3b63e19b1fa76c44d695809", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698347, "uuid": "6a645976-d929-4b56-90b2-971523c19de3", "comment": "Malware payload (SMSAGENT)", "value": "0de2382bbee730e083511745064de0d9563ac64eb1fbfbab51817cb16e5a45a6291c941dc63c941c321364482ab5c6f0", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698347, "uuid": "1bce2e0a-c6d4-449f-899c-92a083eab766", "value": "T129560175731CF40BE073DE316371814F71E085E51A72E312AB07B8585DABDC4AAAEE1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698347, "uuid": "635497d0-5bc5-4621-ba42-7e780f7e64bb", "value": "196608:/FDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYsa:9irUVis8O/0giAZ9PDwa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698347, "uuid": "e1ed87f1-aef5-4509-853c-30649b9f5907", "value": 6380477, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698347, "uuid": "3a0ce609-a5e7-4873-9bb1-f093d4231a6b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698347, "uuid": "810c90d7-c972-4db3-beab-58a1d240e79e", "value": "\u0422\u0435\u0445\u0430\u0441\u0441\u043a\u0438\u0439 \u043f\u043e\u043a\u0435\u0440 & \u0428\u0430\u0445\u043c\u0430\u0442\u044b.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd601064-9295-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701688285, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688285, "uuid": "b1442156-1079-4de1-8801-fe06a6c6b113", "comment": "Malware payload (Mirai)", "value": "cb9982b669c80ec72737cfe97470d0b6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688285, "uuid": "c496f3dd-7698-434c-82c3-927279078016", "comment": "Malware payload (Mirai)", "value": "b6f5d23f8e3813122420a5b5babf646940a8e43d363bfdde51d9c3d3d6a8cf87", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688285, "uuid": "b3c85688-4d08-46db-8d19-b3121074eceb", "comment": "Malware payload (Mirai)", "value": "cc4dc588f566b8105c2603e95bd427260a024ea1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688285, "uuid": "8d8d601f-d186-41a8-be38-470d143b513c", "comment": "Malware payload (Mirai)", "value": "bae4cae69423b9036e7fff0c5d25c71a4eac7941e6974310de9f1c4292e59564d4549048f96673c02cc8b08cb08ee46e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688285, "uuid": "f405f6a2-687f-48fe-b5b2-be0a0c2d1447", "value": "T197D2D198DA66BFE9CA8C547C0AEE02766DC434C37A5C468E572344893B7EA4BFC1D124", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688285, "uuid": "ffadc03d-b304-420e-837b-e6fb3216f80f", "value": "768:11uUtLrVDsAp6tLkFqok//xDMfiJbiWUe:1bDs06t4fYpwqme", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701688285, "uuid": "a87fba29-1c33-48bb-96ac-2f18ad413c70", "value": 30324, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701688285, "uuid": "205de4ac-6ab8-432f-a260-a7584c6009c2", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688285, "uuid": "3d42810c-ae78-47b3-8119-a3726c995bb8", "value": "cb9982b669c80ec72737cfe97470d0b6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a950403f-92db-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701718263, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718263, "uuid": "abd470d8-1211-4316-844f-047dc035ce7e", "comment": "Malware payload", "value": "a02cb4d5739a7c5f2766a18a5a96c83d", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718263, "uuid": "beccde94-dc78-4e43-8809-43c3b49cb215", "comment": "Malware payload", "value": "b707b94f6a77c5adf2de0bcc54e4b3f9798e703ef83f34e2f0d452df8dc9c392", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718263, "uuid": "9076cc3c-54aa-438c-857f-7e468a605be7", "comment": "Malware payload", "value": "dc8b61087b27ee7fe74eb6a71979172d13fb3271", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718263, "uuid": "49c380fd-f01a-48f1-8def-d32928830e36", "comment": "Malware payload", "value": "6a203202c7d748750dd689fd89075404c5ec5ebd4f206bfb96bbee56bef9d9feb7c3650bdb85663b6fee60f57473688f", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718263, "uuid": "2ceda57b-edf6-44a5-8db8-360db98ea84f", "value": "T1BB76011AB71EFC0BE223DA3263728D4B772F85F51251E7116A06B039AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718263, "uuid": "67c02a01-ae1f-4a7b-ace2-ba4154269ea9", "value": "196608:8rzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLP1F3nswU/Q6FKNcnFmC:iw0pdMGbwBAej2V7nswxgFF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701718263, "uuid": "408ff142-d8e3-4ff8-a9c0-122b639c4e5c", "value": 7326691, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701718263, "uuid": "9df3a813-57a1-438a-8c94-a7957d699b0f", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718263, "uuid": "68840967-1990-4d30-b0d1-58bed1982cda", "value": "\u0417\u043d\u0430\u043a\u043e\u043c\u0441\u0442\u0432\u0430 \u0438 \u0412\u0438\u0434\u0435\u043e\u0427\u0430\u0442 18+.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c30d1973-92f4-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701729043, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729043, "uuid": "0fbb5ab8-0c34-4720-a912-bfb2395a5f6c", "comment": "Malware payload", "value": "ad3c650846860d39d43c18f2a395b6f3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729043, "uuid": "bd68e4f0-bb12-449f-8520-d3f2cbc99046", "comment": "Malware payload", "value": "b7ba11cdb0d4d8d3a0de426337382ae46c271117f20ed49e6ed08aabe5c17a63", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729043, "uuid": "db0d1350-fac1-4d1c-8161-84bf3ceec931", "comment": "Malware payload", "value": "92786b5d00ae5e60baf1b6b9d188bd01da7dfa05", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729043, "uuid": "8be235ef-c70f-433a-aee2-16b21e55537b", "comment": "Malware payload", "value": "ce1aab332c13f3cc3f309530c87cb20b411af3e7be5166a8fee72e7682f985ee88f82d5ed63ea5a5058e5a459b637833", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729043, "uuid": "ab002098-58c9-495d-8c97-f21b94c6ca61", "value": "T15A62DA2A39ED502EF1B39FF17EE428DADDAEF6377615945A1081030B8D50E80DE9163E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729043, "uuid": "82525e04-a99e-4487-86c7-9b10d573c5c3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729043, "uuid": "b93ac7f8-cb46-46a1-bf4e-1140af843ae3", "value": "192:Tv8shdY479oEjufcW/6Pkrc2+gTbYtXGMa8hURYVt/QnEtpsQrd8:Tv8shdYq6vT9UUB8hUeV4pQrd8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701729043, "uuid": "7cc2d99d-cb08-449f-9d6d-6478cb422a12", "value": 14848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701729043, "uuid": "237c0266-576d-4931-8bbe-f08a4c74bad9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729043, "uuid": "cafef9e4-9171-45f1-83ef-c50161050766", "value": "SecuriteInfo.com.Trojan.RunPowerShellNET.8.27731.28340", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dc9d1be4-9295-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701688284, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688284, "uuid": "1895ede4-1ecb-4610-8207-0e6a58492bf6", "comment": "Malware payload", "value": "0e17dbec1904b7c10614bfb29ef758fd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688284, "uuid": "7ce3a706-e921-4d16-ae3d-0e70cb716c3c", "comment": "Malware payload", "value": "b9b8e6d43ce8770733b490d6b98c61f84ae5d5d9e170ada6f034128d0ba9085f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688284, "uuid": "1c21b569-ecf9-45a2-875a-959575cef7df", "comment": "Malware payload", "value": "b19765f00d764e9feae654c9223d124b1a874361", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688284, "uuid": "6bb928d4-0526-4e3d-8560-54025ecc5c7e", "comment": "Malware payload", "value": "a5f13fa07ca9339bebc9c2a6a57f661e3ace84cd6855493fd15b93ac6fbd550514ce12cb638d37a870094474db79cdcc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688284, "uuid": "d081fca4-1e52-4283-82d6-bbc38237d9af", "value": "T151B2D0A9F5CFB9A5CD2D6373003A048CAB751E061EBA0FEF18957E9A28381C94C2503D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688284, "uuid": "ae6b5127-b9e1-4475-97f2-45d807144145", "value": "413a406840de138bccb9a1afd8315434", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688284, "uuid": "ce2ae8ca-169f-4c44-9f44-8753aeb07bca", "value": "768:MkU46BWNXm/qDy3EJLvWGNk+pg9RakWFsy+V:HQWN7y3QLPfg9R0F3+V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701688284, "uuid": "ad43cf96-3e85-47c2-b5b8-9d76cc754f0d", "value": 25353, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701688284, "uuid": "5ca7338c-ff63-4375-8efb-d6a8ee2c8160", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688284, "uuid": "9cac26fc-ce63-473f-80f7-ebc58fd32993", "value": "webcam.txt.com", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "962a551e-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RemcosRAT)", "timestamp": 1701680864, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680864, "uuid": "5c198e61-43a8-41aa-91a1-12de24d645cf", "comment": "Malware payload (RemcosRAT)", "value": "d9a8e25c149db0bc13d2b3b31010e950", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680864, "uuid": "c18b397a-f1f0-4162-a16a-1972bc72ed75", "comment": "Malware payload (RemcosRAT)", "value": "bafc5fae0104b9851797f62ad1d638cf18237782147ff341033d6bfc06e0d5ca", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680864, "uuid": "0704e095-9dd8-4490-8704-6153727b97ac", "comment": "Malware payload (RemcosRAT)", "value": "4783b452db1c981f5ce4172dfcf0f58cd7833e2f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680864, "uuid": "10a373c7-5323-4cb9-859b-fb9a64bbeda1", "comment": "Malware payload (RemcosRAT)", "value": "a9db82f4caed00d3feb8fe412e0ee6a5af2298b1deae7804de9d70fce0d2515a823e80ed7c9ead2d4c56c4436d931cad", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680864, "uuid": "e56c2d4f-6dda-481e-a2c2-6b3563e96a87", "value": "T10415234BF6F6A300D8798F7A54F64026ABA8D7413107FB19DC58B2DD6E42F134263267", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680864, "uuid": "28534401-ac8d-4d72-bafb-4862b887ab87", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680864, "uuid": "a38a0162-298a-45a2-8532-90ecb78da86b", "value": "24576:G+pJhETHF3Jq9/V64X4QsKpTb/P3VRvu0SfBVINv:xJaLq9PX436z/rvulQx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680864, "uuid": "75724047-1d55-4959-ba3c-9670e5fc3a16", "value": 901120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680864, "uuid": "518723f1-c292-4795-bcf7-2570f5a3a00f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680864, "uuid": "0bb5506c-81d9-486c-998d-86e42c8e8b27", "value": "d9a8e25c149db0bc13d2b3b31010e950.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19366af9-92c5-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701708572, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708572, "uuid": "23e07b18-0f41-4bcb-83b3-28c65c9bde38", "comment": "Malware payload", "value": "a7400236ffab02ae5af5c9a0f61e7300", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708572, "uuid": "4d55868c-ba42-462c-9dca-051fdcf27fe4", "comment": "Malware payload", "value": "bb3af0c03e6b0833fa268d98e5a8b19e78fb108a830b58b2ade50c57e9fc9bed", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708572, "uuid": "3c103109-c7ba-4b57-962d-e194d3a12450", "comment": "Malware payload", "value": "e3a6e33cb751dd81f4f6a62405df2930e9ede400", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708572, "uuid": "b27246e3-c3fa-41d5-8ffc-dd43130b3ec1", "comment": "Malware payload", "value": "3b2fd4592ad7415fbbdfc03987524084a63c87f13ac030b189ea5f5f39acb304f72547c4ede4cc1f62d4ac076a02b25a", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708572, "uuid": "61bad9f7-2766-4630-bf4e-4a1629c907ad", "value": "T1FCC6237C638873E8C02ACD345533ED4DF3B6560D06E9E9EBB3CE7580AB539219952B48", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708572, "uuid": "3e8d938a-5805-4b53-b6e0-8bda12e095f6", "value": "bd5e4e5f645408e15fe7064ed8f7b46d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708572, "uuid": "460ecbbe-72ca-404e-8de0-d12dc678e6aa", "value": "196608:A5uVpY9sN2r7spYYB4M25DsvfnCcqBxsfQTQLMU+5tkFXfnTXfWhfDMwhT9GN9FB:A5+pY9k2r7smIss3C/ab+5twTPgN69FB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701708572, "uuid": "95eb8a85-00ea-4e8f-9989-541926893b9b", "value": 11974704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701708572, "uuid": "ab21ae83-07a4-448b-9c7a-f38cc224e27c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708572, "uuid": "f92f7d03-6582-4eb6-854e-60a8374dc629", "value": "Search.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6403d86-928c-11ee-b7ea-42010a9c0006", "comment": "Malware payload (DCRat)", "timestamp": 1701684327, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701684327, "uuid": "8f8690fb-11da-48dd-aa7d-36104c38e7b8", "comment": "Malware payload (DCRat)", "value": "a41707a95b9ac765b72037b5de9b3112", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701684327, "uuid": "e6f52f72-24f5-49e5-96d6-b7ab80fef795", "comment": "Malware payload (DCRat)", "value": "bb6dd92c033f4ff84f274b05465973002b52ae934bd36e8e1a7bbb74a2aff858", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701684327, "uuid": "e1dacc0e-3565-4b3d-bfa8-b5adffc4045c", "comment": "Malware payload (DCRat)", "value": "a4faf323884e0688d232d8851a11423998070431", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701684327, "uuid": "d64ea522-393d-4997-a082-630ccb541310", "comment": "Malware payload (DCRat)", "value": "ca8292eb2ba2e28af9bedf50061475f07e536df5749dbc23e0d3eade6a0485fa8810de43238c58bf4edb5d752cfcdcf2", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701684327, "uuid": "24af75b6-e2d5-4a7e-91bf-fd4720db7ab2", "value": "T11F063322B9E181B3D0660EB29B659B24B93CBD101F654FDB7380295DCB325D1E6387F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701684327, "uuid": "439bb877-3af0-411d-8242-68ab1d3bc413", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701684327, "uuid": "df9b61dc-7f94-49e0-bdfd-2e53b70ebfa0", "value": "98304:yrj7TipyEEgL3S4lveafcR62i5Ul3esWG/PYCjBkH5:E+y1g7S4FpkRF3l32GHlkH5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701684327, "uuid": "72a9a865-faf9-4d19-bba0-184f99bbd87f", "value": 3674195, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701684327, "uuid": "d716bfd8-a746-48f5-b180-6c7ba172ebc8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701684327, "uuid": "32cf7f0d-4201-4d87-893e-a2dae6b9e40d", "value": "a41707a95b9ac765b72037b5de9b3112.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d00d66fe-926e-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701671512, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671512, "uuid": "bff132d3-9669-47cb-9a1a-f53eef074144", "comment": "Malware payload (Mirai)", "value": "dc4cc3c18976d6c9023dd923d3704547", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671512, "uuid": "f6c2cb33-3725-468f-8471-7e69a3b70c70", "comment": "Malware payload (Mirai)", "value": "bb98086eed7a52af599bcd66dff142ed9cbfd9644757b3699a2acba4c9282cc9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671512, "uuid": "49a2be55-4987-484b-b80d-70dcbf041789", "comment": "Malware payload (Mirai)", "value": "31c2f7984410cb682a657e768ad98428f306cf5a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671512, "uuid": "20905fce-f1a3-4daa-9ab0-86c59541e0e3", "comment": "Malware payload (Mirai)", "value": "0d6eba33720263197aebe59b76617f12e9211cf4dec968d4b0de0de1b56baae6af3acdddbc9ed86bbb53242e94c5b1ff", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671512, "uuid": "0f154154-d1c0-44b8-b270-87d82fd8b54b", "value": "T1CE533A9AF401CD7DF80BE77B4457090DBA71A3D102831B3B27ABB967BC721A51923E85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671512, "uuid": "cf745891-f00d-49f2-9778-7789864550a6", "value": "1536:8NvDEf7X3jmGopzA0m89ozaaOrULHb3sJr+n5xT:89Ez6jpzA01famUL55xT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701671512, "uuid": "7f488334-d483-4e23-9771-2332be5f9cfc", "value": 65980, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701671512, "uuid": "75d2a934-1855-429e-aeab-109d4f0bd119", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671512, "uuid": "a7dc5b5f-0230-475d-a6de-24c42fdc7704", "value": "dc4cc3c18976d6c9023dd923d3704547", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "578c61c5-92d7-11ee-b7ea-42010a9c0006", "comment": "Malware payload (NanoCore)", "timestamp": 1701716407, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716407, "uuid": "d3ac93f1-3e7e-40d1-9cee-ab9cedc537b1", "comment": "Malware payload (NanoCore)", "value": "2afed36792d08f83bca5877f808612f2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716407, "uuid": "f8fa6598-6d1f-4cc6-bfe9-2191dd3be166", "comment": "Malware payload (NanoCore)", "value": "bbcd72e82d0511c6fda963e60a70d942e39e36e37ac225f75f3f5b9aa96b3e17", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716407, "uuid": "6b8e785f-6206-422b-9379-ae6f885c2f52", "comment": "Malware payload (NanoCore)", "value": "fdc5f037f4d5b27c476f3ecb987810d90c40ff95", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716407, "uuid": "260354e7-8a58-4882-a16d-5be84cb0e857", "comment": "Malware payload (NanoCore)", "value": "efe76fe68951623d62bbebd8623f41d03fb0d2674eec6fa2f9a7fea7ad8e6be8d76fddcc9172c3e823aa37fa628bc669", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716407, "uuid": "8cc1d713-e6c1-4267-b6cf-25382ea04ad2", "value": "T1E6A4F100ED408DA5E07ACC311DB7D6A6AEBE4FC6C12195C173563FC1DAF31A2B52A6E1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716407, "uuid": "434c61e8-748d-4aa5-8488-5f66a86e624c", "value": "b76363e9cb88bf9390860da8e50999d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716407, "uuid": "c7e1a98e-6fc8-452d-98f5-9f9155fab372", "value": "6144:b8LxBnaL3xX0XBxA4a76P34sAkTJDk/+rNx0kFGE/LK3auc17tTcGrAwDVaAX:aaLWXpa7u343IJ4+Zx0Qci1rU8o6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701716407, "uuid": "d11b67ce-bfbf-43d4-9a63-155e3ad9b322", "value": 487912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701716407, "uuid": "0645aa8c-1bde-4c45-8777-e6a61ef9cc56", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716407, "uuid": "60e4526f-4286-4439-9651-7c7673f71da4", "value": "BCBP-FT-TRANSFER-287287912.scr.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c76cc08f-92f4-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701729051, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729051, "uuid": "88e89e1e-e6ba-4708-989f-2a2947906dd2", "comment": "Malware payload", "value": "f3d0da7b713363126db0c00bb062f0eb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729051, "uuid": "cdb23e69-1568-4103-a872-e6c9b4260daf", "comment": "Malware payload", "value": "bcf8388601e298c0a07e08c3c6d081ea0a9b3f1757089c31b6de5f5f28801a72", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729051, "uuid": "f7745935-6826-42ba-b43d-85fbeef38663", "comment": "Malware payload", "value": "bb3bee6914d00ed1fef6c073f84af4be2ede480b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729051, "uuid": "1a81d183-b8c2-43f1-a367-1c74cee09d4a", "comment": "Malware payload", "value": "def415b6f39c8095205673cf3a7f5ad9ddc11cf6bc96f2e690ae02638a2854e5b3e1d82e68cf4e3f338f49b4e138f4fc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729051, "uuid": "6280cf83-8beb-4db0-bc06-dec8051c298f", "value": "T1E14209056BE8C615E6FD0F7878B356100272EA1A5E31EE5A1CDD088FAD733854650BFE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729051, "uuid": "2419433b-f22b-4a89-a8de-cb944b78bb07", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729051, "uuid": "a5ee3ccb-2851-412e-9718-bcced637f216", "value": "384:4RzZRGAX4myG/xSg43XVaWQCaTyi6g8LxFioz48:4t3XImXJR8W6J48", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701729051, "uuid": "90e77be0-16ca-4e2f-8367-f7efbc3b030b", "value": 12800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701729051, "uuid": "8797ed81-ea59-4a24-b6b6-2bb0b1e95185", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729051, "uuid": "fe469e1c-23ef-4be4-91c9-768a2c8a9501", "value": "SecuriteInfo.com.Win32.PoshC2-B.17295.28056", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99a7769d-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Smoke Loader)", "timestamp": 1701682159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682159, "uuid": "0bc58bca-999b-4112-84cc-9fc04a504a5a", "comment": "Malware payload (Smoke Loader)", "value": "7226bff3f8e4affd9a7af9dd5a46d9a6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682159, "uuid": "50d6e55b-3b6a-47a0-b30b-26665409c336", "comment": "Malware payload (Smoke Loader)", "value": "bde18d5d45d018ce500df92e15c82accfa05dffe6864c6bdc0f7e3eb4b1777c9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682159, "uuid": "3746ed92-e24e-4749-bede-d94fe3a08fab", "comment": "Malware payload (Smoke Loader)", "value": "aacf8f26deff62c9bc91e863076af21555d38137", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682159, "uuid": "6048ebf7-c726-4215-a85e-7cc62c9c92f5", "comment": "Malware payload (Smoke Loader)", "value": "7235fcc7ed9bdf755e42434195cff08930644d5e4e64293ea8edf5a26c03d3ae6ef06f60ec1cfbc7608e66abb634b6d0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682159, "uuid": "8312cb25-4e11-4a96-a7cf-be1754b09a4c", "value": "T1EE54190382E17C55E9268B73EE2FC2F8760EF6518E4D3B652918AF5F14B1172D1A3B12", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682159, "uuid": "9e468e7d-f98f-4835-8266-547cda426457", "value": "cc05f69219d47cdf9f9cc87a15cbc402", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682159, "uuid": "52c333eb-1219-4494-b0f7-b1b44e18b9ae", "value": "3072:2oE4odZiapnhqETqGyQj91UDSPeUwcVL705qdtbhemOibTUyGTkH:jg5pn8w/UDSmU7pvdnVOibTUyGT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682159, "uuid": "2121d4bd-bed1-45c1-8edf-4b4c26b69b55", "value": 295424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682159, "uuid": "315f7686-d674-49b9-bc23-5389321b0930", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682159, "uuid": "e7ff0377-b260-4fab-9c11-adc9033deac1", "value": "7226bff3f8e4affd9a7af9dd5a46d9a6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "def77778-92c3-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1701708045, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708045, "uuid": "9b5336de-80d2-41d4-ab7b-93f736b99841", "comment": "Malware payload (SnakeKeylogger)", "value": "411ee6022b7005ae8e76057377a9a183", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708045, "uuid": "c0ac7ec9-4caa-42e8-98ef-8a75c3d4e44b", "comment": "Malware payload (SnakeKeylogger)", "value": "be1c3157dae47377644ac3bc9fcb301be2365769b69a8282ad71181f05eaee4d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708045, "uuid": "043edc57-d4d2-4c74-88b4-878a07116802", "comment": "Malware payload (SnakeKeylogger)", "value": "eda32fd2a813c8539ddaf4f30e99cf215a6f0139", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708045, "uuid": "89d72abf-2833-450f-aed8-4ae9f39ec98f", "comment": "Malware payload (SnakeKeylogger)", "value": "25401705066d4893d48a4f3b527ebbefdb8cdfe8a83b1d2ae49ddbc52155d070b1cb13a75b57f289ab7cdc0a26f35cea", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708045, "uuid": "62596ca5-4737-4c0c-8a66-787ee6063dba", "value": "T1D6F4DF18A2F96F19D47B67F482A4120003B77B96613BE35C6DC9E0D72E71B020E57B6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708045, "uuid": "1eacba24-4bd7-4612-a9df-5e9da5724d40", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708045, "uuid": "1b419a0e-f074-478a-83b0-d9a62b9b7993", "value": "12288:mfYNr4RDzxP45+po2OAaY9sTtKN+bwLfFN2OuNpEbbaUq+Zb:Izk+pJOO9sZo3Pt+WbbNq+t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701708045, "uuid": "b533a57f-6754-44db-b5bf-f2000a9d7e6f", "value": 734208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701708045, "uuid": "93430c62-4321-4319-a343-bd6a9c986c9d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708045, "uuid": "5801922c-6c9d-4273-b7b9-8be0223d2655", "value": "\u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u0430\u043a\u0442.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4cd359cd-92cb-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701711235, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711235, "uuid": "eb66f314-c439-40d6-8eba-1727fbd0e663", "comment": "Malware payload (SMSAGENT)", "value": "a2a9054ca95f1b0d4da4bbb039edcf3a", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711235, "uuid": "7a5d9afa-cf1c-4a70-82b7-23229fcd8663", "comment": "Malware payload (SMSAGENT)", "value": "be2b29d2a1bd6623d1c6cd7c15dac141d22abe2c8ff52ea818b49754e9b4a4f0", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711235, "uuid": "7b8b009d-0996-477f-a2d6-440683df54e6", "comment": "Malware payload (SMSAGENT)", "value": "bd9b6c94947725e97e0abb5b835e0699b4cbd40a", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711235, "uuid": "44d21472-1f98-4df9-9795-c29a08c34508", "comment": "Malware payload (SMSAGENT)", "value": "7d3ac5b86ce3e23a1126a2dd596ee35f0133fe4501b08c70b52e90748c4959815df732e95a35e621de1e0a6a0d6b9f9c", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711235, "uuid": "49cf0a65-5053-4871-9b4a-786e9dbe9b8d", "value": "T111179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711235, "uuid": "379aae00-17f7-41ae-a44a-39bb49d2629e", "value": "49152:HuuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvk:1v+49UBEIIddXHNqjeceGnMI+lEaAw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711235, "uuid": "6abdb6b6-fe20-494f-a2ca-4334798623cf", "value": 18579584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711235, "uuid": "c11c8b57-f3ca-4550-95a2-79ca94835c48", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711235, "uuid": "b8ee5360-d2f9-425e-91af-e4a311104db2", "value": "NetWing.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "46f6dc53-92d4-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701715091, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701715091, "uuid": "64750191-7216-459a-80f7-ba1135bbbda6", "comment": "Malware payload", "value": "c3236b10cf28fe6dc0b7b6e4262b165c", "object_relation": "md5", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "phishing", "colour": "#6D4B87", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701715091, "uuid": "5d144cea-3ea0-4693-b029-10be10790c5d", "comment": "Malware payload", "value": "be6585cb969b8fb001557e5487cf430691595d98b032d71f77c495c4126c7bdf", "object_relation": "sha256", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "phishing", "colour": "#6D4B87", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701715091, "uuid": "56c57c86-cfa4-4c47-831b-a6eba1ff13cd", "comment": "Malware payload", "value": "75e6aa19f5e75df913ea5f72203dac295839ec9d", "object_relation": "sha1", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "phishing", "colour": "#6D4B87", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701715091, "uuid": "109ce6f7-c933-44a3-9ac9-999563fd26a2", "comment": "Malware payload", "value": "604db9cc8c3d89a03336d7cc1d81b15b8dfb2451b96d6c87507faa7c8ab014e73be0402c47c144e467f93632c7a9df14", "object_relation": "sha3-384", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "phishing", "colour": "#6D4B87", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701715091, "uuid": "0aed31fa-98f2-4297-a849-2c01150b69b2", "value": "T161B10DB175CD842996B2819792313EC652EFC93143615A217BF735BFE5C28F01A621AC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701715091, "uuid": "d04402ae-59e7-489b-b475-9e6c091324d0", "value": "96:hMTdXb+xiTb5NLTbpvNsvvR3B5v+mbBcB5KJL6wDHq99q++t6BVARWMDqxitQ29g:iRL+xiBNLxCxXtiB5KJLDHqPqztaVAR8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701715091, "uuid": "de661c1c-ad9d-471f-a51b-943213cebdfa", "value": 5296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701715091, "uuid": "3b246aca-4a09-4e74-aaa4-5cc4cec0c4ec", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701715091, "uuid": "a5cd97cf-2f26-4807-a5f6-d62637c95003", "value": "Electronic Invoice_64549934192-2023_JPG.htm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ebcf5392-927e-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701678431, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701678431, "uuid": "5d89cb3e-8678-4fe9-984e-d4b159f53fb0", "comment": "Malware payload (AgentTesla)", "value": "c0a99a3a4b7fd598b0e187c56b1871f3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701678431, "uuid": "d7fbce43-3cfb-437d-95e0-ea5fab29a7cf", "comment": "Malware payload (AgentTesla)", "value": "beea0fcc9ece913f4a98c351b86a27976d8c0f42f28b6d7baeab79afb7c7fb93", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701678431, "uuid": "86989696-fcf0-4d61-bb90-07070c198b13", "comment": "Malware payload (AgentTesla)", "value": "21f2ebff9fee2e393c75086bc978a9e09bd71623", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701678431, "uuid": "2e0732f9-af42-4a94-864f-8884282d64e8", "comment": "Malware payload (AgentTesla)", "value": "e329053109a7773451d1206739e2cb2af6144f65098c0185459206034f06f6d0a3b8659a72ba9dc68408c7665961a5cd", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701678431, "uuid": "c0be92bc-f037-40b4-a566-55107c4cabd0", "value": "T1A0D4236F75CC4B1EFD36033F55A529C08335A60FA1A6E9492D67928F06E3F680762B43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701678431, "uuid": "0ba55f15-c28a-4310-8769-1e306d3bad6b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701678431, "uuid": "1761fedf-bb79-48fd-90c0-d12ad2ea7a84", "value": "12288:Ae45+po2TEBnz8kbJt7/6gZd2bsBojTwoRxzdMRikDFhMYxVVOD:A9+pJTWzdVt7/6GdcsWjTwUxnwQMVVO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701678431, "uuid": "ee646fd4-3915-406e-b5ed-abe162a44e1c", "value": 648192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701678431, "uuid": "7798e920-5651-4232-aede-ad056336d08e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701678431, "uuid": "b2024099-c1ce-4aec-a4e8-6abf42f5a89c", "value": "SecuriteInfo.com.Win32.PWSX-gen.17001.22502", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6c38bf4c-92c9-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AsyncRAT)", "timestamp": 1701710429, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710429, "uuid": "a6aefb5e-66e8-44b9-9f02-3fe8e96242d1", "comment": "Malware payload (AsyncRAT)", "value": "89136a925d5795b14a1322f5d214b2ef", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710429, "uuid": "e66d8f16-0be6-41f7-8de1-a3b417975496", "comment": "Malware payload (AsyncRAT)", "value": "c04d8b82c7a2e627f57dab1e65dfcce9416850e287dc3a1314935b5c7c490880", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710429, "uuid": "36fc1d90-5fd1-47bf-ad6f-69aae64c3649", "comment": "Malware payload (AsyncRAT)", "value": "7bea678c3957673d93b601d1095b2f940572eef5", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710429, "uuid": "3dbca57c-076d-4528-9770-c3202b731a28", "comment": "Malware payload (AsyncRAT)", "value": "1add2750ffcacb543083d4bb052f58a6e544a94820d1a9c1b890972005ff2a86041a46ca95ba38dc9a4300dc74f6f591", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710429, "uuid": "74cf7f1c-57b0-4bb3-810a-23e0547522df", "value": "T18C535B003798CA65E2ED4AB8BCF2560146B1D5772102DB4E7CC414DBAB9FFC64A136EE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710429, "uuid": "a1b7430b-ac20-4cb5-81e4-ac17e0ad34c4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710429, "uuid": "bd85c1ad-e820-4107-ae27-d72d4df384b9", "value": "1536:XhCJL7RQoWv98v7mrekoNgtnzrfxjbb7wNGpZVclN:XhCJL7RQoWv98v7mrINe5jbb7tzY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701710429, "uuid": "036b12be-8b14-480e-b3ea-311fc97d12fd", "value": 64512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701710429, "uuid": "f8c66b6c-5631-4b2f-8e47-b9a61531ce5a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710429, "uuid": "74277a59-774c-497e-991d-dbbd077b43b8", "value": "ld17s2rgt9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea709aa4-9286-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701681865, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681865, "uuid": "087f4ac3-c73d-43a4-a77b-76e7f3e4e3a8", "comment": "Malware payload (AgentTesla)", "value": "190360fa55b5465d202f8bf894b47428", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681865, "uuid": "ba6587e5-58e5-4e5b-b583-975d5216549d", "comment": "Malware payload (AgentTesla)", "value": "c06234b2b8ed7a17f456a98a51014983c603fa2b6d232c2aae989a9a45fc13bb", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681865, "uuid": "c2929a9f-e288-4e67-b622-579f6745aaf5", "comment": "Malware payload (AgentTesla)", "value": "4c172057745147271a58f4068967c9ed1724c787", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681865, "uuid": "cc4ee045-d589-4717-8f65-588dbc7ab33c", "comment": "Malware payload (AgentTesla)", "value": "fe23ebd7d4f6dc8b3385be6ddf7e3c057caa0a4ea20aff45f73950c6e02f6f8e389e8d2ffab04a9195085c88e57d0670", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681865, "uuid": "920a15b7-8030-47f6-bb67-161f194ee78f", "value": "T160357ED1F190889AEC6B46F1AD3BA53014D3BE9D54A4810C569EBB1B76F3342209FE1F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681865, "uuid": "5c8d5ccb-89e5-413e-8f43-f0886f9ccbf2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681865, "uuid": "223c32f0-4ef4-4cfa-908e-44f4542aa4b5", "value": "24576:DD34/up+pJIFe5qeO6gkS2zX5sOMdxbw:/38PJIY5qb6BX5zM/U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681865, "uuid": "ca98af1f-2a02-4a77-823b-5e1cb935a624", "value": 1129984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681865, "uuid": "f10c1def-2cb2-40c3-ae39-12711ea52e0b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681865, "uuid": "500a63de-1497-4fa3-b30b-950da6d4c06c", "value": "e-dekont.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96136ac9-9282-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Loki)", "timestamp": 1701680005, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680005, "uuid": "709745c3-4fb0-4af2-8e38-e37e747ef028", "comment": "Malware payload (Loki)", "value": "d56d7ec1e5b655426898b2a38e2947f5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680005, "uuid": "f12dcd66-8797-432b-86c5-b578e68a4b47", "comment": "Malware payload (Loki)", "value": "c08e53e8609b839287be32c0f5a60b84f6bf49b92ab4be44ca81f5c5dd836cd8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680005, "uuid": "f0dd18ae-8889-41e4-9000-222693d7b743", "comment": "Malware payload (Loki)", "value": "7592baaff978f2ddf28a17e1869761911539387f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680005, "uuid": "5cf6f60b-74f5-4cb8-813b-bb96d29dd0b4", "comment": "Malware payload (Loki)", "value": "c5f4e3c9d75c8814bd66fd8bb150eb0f5e60108e0ee3f5dcc9191754f076b47723d500641a8296aca4f2021cccd23f2a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680005, "uuid": "4f372d9b-032d-49fe-ac92-d38fa01db021", "value": "T139B42307F3AC8B11E62A97FA59F5268C4378D72D3125F69B1D62D1CB0452BA20FD2393", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680005, "uuid": "8dd71c17-eac1-4d90-9ab7-946e88bbc947", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680005, "uuid": "1ae4dd1d-a805-4e14-b7cd-97aab8f42677", "value": "12288:1+45+po26N9O/U4kRED90ooKBarxKC6YCy3QOHAA54jfGo:1d+pJ6i/U7RtoDatKC6rfl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680005, "uuid": "de338ad9-c91f-4983-bf0c-0d33f5423023", "value": 494592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680005, "uuid": "db5394be-e798-4b2c-9c10-588d805f1a43", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680005, "uuid": "6f9d4f13-df89-4418-8ffb-ce35e1b57227", "value": "PO_CW289170-A & CW201.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4669233a-9246-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701654102, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701654102, "uuid": "942ca1f2-97e5-419f-a103-919189c4eadb", "comment": "Malware payload", "value": "ed7f978805b2465b16555ca3c224ed06", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701654102, "uuid": "a48bc138-e4f5-428c-b88a-52eb0772508c", "comment": "Malware payload", "value": "c0b63d61c278be6a4f144a05960c1a04a9c595f0f0f44b9827b805bf4a85870f", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701654102, "uuid": "4cfad7a4-20a9-4ec0-8506-4b54275820eb", "comment": "Malware payload", "value": "05a7f3231a82e8e7150a5f1f11d977aa8460a36e", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701654102, "uuid": "5f238f8b-f696-40fe-9867-a9a9da1f750a", "comment": "Malware payload", "value": "ed97254791481559291203a46098b4c3f98692c9c0cc8755c1a1262f7055a393a56245c5ada5b72175947b4066568dd4", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701654102, "uuid": "9c1a5cfd-6080-49ac-9bb1-87450383623c", "value": "T12E951812F8D606EBC4BFF1704BA65762BA7174A98331B7D31F904A6A0625FE4AD3D310", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701654102, "uuid": "23f8d2e4-62c8-40fb-ab63-f470ee947351", "value": "24576:rApfoMtXFLQ6DLOTq377J7kzqw2Ev5iWzmViC1dMsggUl6AcFKzg+t:rEfoMtXFLQuWqL7B6RBiy61ggOZc8nt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701654102, "uuid": "aef711b3-e5e3-40d0-8482-f3a373f35d38", "value": 2027200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701654102, "uuid": "83dd1557-62e8-4cac-89cd-583a621c07c5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701654102, "uuid": "a95ddd4c-ea7a-4a90-8472-934fb039c2a7", "value": "SecuriteInfo.com.not-a-virus.HEUR.RiskTool.Linux.Iox.a.23038.4364", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8abef3a6-92df-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701719929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719929, "uuid": "cec0a6c0-4ae1-491d-928b-5408869fb161", "comment": "Malware payload", "value": "87027777bba4fc2b860c952ec9fa09e0", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719929, "uuid": "4738da8c-d0c0-4b48-8bd5-7afff39b8dd2", "comment": "Malware payload", "value": "c0efba49836e95b1eac571d0a86cd9a0731344c158bf7f81cf240dfe3baf783b", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719929, "uuid": "39709b67-46f4-4c90-bc7c-f560c81f7067", "comment": "Malware payload", "value": "a327ec2837eb46550a6f7a09ee8c35db9e502d3a", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719929, "uuid": "b1c60d4d-0adc-4b9b-a91c-1e7cba05a3b6", "comment": "Malware payload", "value": "f75b9701ac41c66f1cf506ce64f8f02fc8edd42bca82c94e63120dd9c7d650151ecd85f31b3d28fdb611feacfb9368b8", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719929, "uuid": "bed41ec1-df14-4234-8ebd-cc4cf2b18ec9", "value": "T15E760116B71EFC4BE223DA3263728D4B772F89F51251E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719929, "uuid": "8d7f85a7-a8be-48ee-b031-e9c0910429c9", "value": "196608:RrzkzfZDmwyU6d1mGbDXSTBYP/uA2javUML31F3nswU/Q6FKNcnFQ:tw0pdMGbwBAej2t7nswxgFQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701719929, "uuid": "e844b7f3-ccfa-40a9-aef8-28e47ad7d7a1", "value": 7338028, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701719929, "uuid": "77babe3f-8d96-461c-8cbe-409cce5b402a", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719929, "uuid": "705fcf68-c575-4ccd-b412-8b37663311e4", "value": "Telegram Mobile.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ce64538-92c4-11ee-b7ea-42010a9c0006", "comment": "Malware payload (GuLoader)", "timestamp": 1701708256, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708256, "uuid": "c3b8ecaa-695f-4616-9865-e3534509ef87", "comment": "Malware payload (GuLoader)", "value": "ff8c44307760d3f89e78a8a95980d6ea", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708256, "uuid": "18787163-ba8f-4871-b6fa-6d8687db4613", "comment": "Malware payload (GuLoader)", "value": "c19611873222bfc236a1eeab96287424c06a987a877c164d21c7354fe72108c3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708256, "uuid": "d2b357ae-b503-4011-82ae-6bb7842b85d2", "comment": "Malware payload (GuLoader)", "value": "dd2421cc6fd60a4caadf8ec88f6635276550543b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708256, "uuid": "edf79a14-739c-44c7-b220-7dea5e34293e", "comment": "Malware payload (GuLoader)", "value": "edcdb1e35ec166cac32cbd32fed6c8964f405036af2f5434a5736f530eccba0f86d26e6c424afef5b631093d30d2693a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708256, "uuid": "ea85d9e5-dc5f-44a7-a2dc-5358dd733ef9", "value": "T12D1512D3F30C84AAD429037158BFC9595336AC69ADA1890F22DD7E2AAFF73435C1741A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708256, "uuid": "7af74847-07bf-40b6-9c44-62c660737219", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708256, "uuid": "4fee9452-3968-4d99-a388-e3e347ae03af", "value": "24576:npp43ue2YKmNBRx6ajNlHgKUKV3hIgnYj:ppNYKWPweNl15CgnA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701708256, "uuid": "6691e812-9652-4cd2-8b8d-09cdb8dde6cf", "value": 950584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701708256, "uuid": "18ad276c-16ba-43a3-8f27-1df1eb1f0d7b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708256, "uuid": "8d0043d1-2503-4004-a6ca-72ed26cbe438", "value": "Ziraat Bankasi Swift Mesaji.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "143c3e0b-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698256, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698256, "uuid": "ff31442e-0a9c-45b0-909c-7857c4a9f744", "comment": "Malware payload (SMSAGENT)", "value": "c3f33ee4ef3f74a2ef506aee19aef9ff", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698256, "uuid": "eed07446-9a51-4d96-935e-988beecaeb71", "comment": "Malware payload (SMSAGENT)", "value": "c1fa33a6cf8eb379a538408f478c377f2bd05949578d4c05b6e115ad8ee35d8e", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698256, "uuid": "cb933e52-8b5d-4e32-8f23-f8218417d9f4", "comment": "Malware payload (SMSAGENT)", "value": "afe0553e7a9a0b765ea5b9158e143b056cdc327c", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698256, "uuid": "ccc31121-df97-4667-9d1c-9532ccb4f062", "comment": "Malware payload (SMSAGENT)", "value": "a5b59e2daef77cdd0d4a24caa88d4055cbfcd8684fb300b4b7b207fc5adb724e239060ef8120f90ffc5215ce9957fbc9", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698256, "uuid": "da6cdb37-eaf5-40eb-bb2e-433350804c74", "value": "T147560175731CF40BE073DE316371814F71E185E51A72E312AB07B8585DABDC4AAAEE0A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698256, "uuid": "5c869d48-d17c-4895-9751-cae2dd993a86", "value": "196608:/vDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYJ:TirUVis8O/0giAZ9PDt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698256, "uuid": "63dad199-af7e-4ec7-8bad-232fac81b163", "value": 6376380, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698256, "uuid": "c960b271-3322-4300-aeea-655cb35243ea", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698256, "uuid": "036295c7-d929-46d9-9715-19b1596168a1", "value": "Playing cards.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c90eee35-92f4-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701729053, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729053, "uuid": "c15ffaa1-dbcb-497b-b68a-ecd78fa59db5", "comment": "Malware payload", "value": "94b560246170d823d6aad92172cdb57a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729053, "uuid": "3a377113-88c3-4c53-bdc0-d036fef3a100", "comment": "Malware payload", "value": "c22d4850c27256e3e4690329d26dd008c87bbead8a8a5220c68ca4b6992b2982", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729053, "uuid": "e937a2d7-080d-45ec-9173-444cce3de366", "comment": "Malware payload", "value": "853d16396bb7bd9dbf6b8b1470504637f3f8504b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729053, "uuid": "b4f37a32-cbc8-4610-9086-4b0a8849d7ce", "comment": "Malware payload", "value": "ef7df410ee65d8437b75d4a6e267c54fb759d729f5bed09851861ef0605a84f93f9988dcafe6f02bf33ce669d788771b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729053, "uuid": "0d5a09ad-a074-4e56-b659-b99a14626dd4", "value": "T18BF3FD2F35706843F9ED0A38B0F5EB5252107123A9E24CCF6D10DA7CC7379A3766AA65", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729053, "uuid": "9678fa7e-fac3-4260-abe4-524c2188b511", "value": "4514c46259fb71fea289f87cc46a4112", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729053, "uuid": "bf33a1e2-e09e-46f7-a1f1-3b867f0f0f3f", "value": "3072:hmZy8imb5n+8EVQthoYecj8EwFrDgxpM9dwQ5T/NaDkI1UI:EE8i58EVQ7oGj8EMWpM9dw2wYI1UI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701729053, "uuid": "47611376-b9a2-428f-9b3c-8c20631a18e1", "value": 163840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701729053, "uuid": "1d4ba347-0256-4d4c-bb16-23f794ba468d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729053, "uuid": "e3de2b28-5684-4bfa-9b33-d275d9f0c1b4", "value": "SecuriteInfo.com.Trojan.RunPowerShellNET.8.7028.30924", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8cf36140-92e0-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701720363, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720363, "uuid": "c5d60448-2729-403b-8d95-69f769e8ce0c", "comment": "Malware payload", "value": "563eb6f02fe7d821d358a08f41c77f6d", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720363, "uuid": "958c9166-1ad8-4289-ab4f-24afd6f737da", "comment": "Malware payload", "value": "c2609dcb9008bc1086c32606b977405282e2ef108365115a3e214d0d6c2276b6", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720363, "uuid": "16d83d5a-ac7c-4125-865c-a2d4540c8527", "comment": "Malware payload", "value": "a1a18d99f088ed51d00e4bd1028b5b7e170a5a28", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720363, "uuid": "e848cd3d-5309-4363-8510-4894a724bc72", "comment": "Malware payload", "value": "e55bdeed9d682227acccb0851fd9b67350c1f8c0f4b83a00f9b90ebc318a4041f0a59aff92b56fba9928a597b441b92c", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720363, "uuid": "f37e3677-9de7-4d04-affd-9abe79464497", "value": "T15D76011AB71EFC0BE263DA3263728D4B772F85F51251E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720363, "uuid": "6de6e8df-9a87-4691-876f-d1ebfefe73e1", "value": "196608:erzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLk1F3nswU/Q6FKNcnFmpV:kw0pdMGbwBAej2i7nswxgFmH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701720363, "uuid": "1b5cf449-ad05-4cf0-abf8-72b8bd72f81f", "value": 7337763, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701720363, "uuid": "5ca98703-9359-4c29-9d29-cf4dbf4599e9", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720363, "uuid": "eb142b41-c0f8-4680-b195-744534eecb9f", "value": "Mango \u0412\u0438\u0434\u0435\u043e\u0447\u0430\u0442 (6).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d6ff6db-9282-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701679910, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679910, "uuid": "5a6c01a6-6ae9-4bcf-9e2b-7d5d28cc1a2c", "comment": "Malware payload (Formbook)", "value": "a421306ee53094dd65279128ea09ab7f", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679910, "uuid": "49c170b4-d5da-4753-b6e3-efbdf9f96190", "comment": "Malware payload (Formbook)", "value": "c3570289ff72fa686d854d8a23cbdf4da464625b0dd5409377d77226827da057", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679910, "uuid": "69444bb7-d383-4595-b415-766c424df8c6", "comment": "Malware payload (Formbook)", "value": "9c11d3fc5b2199a9379680b88f74302de68c868b", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679910, "uuid": "38e93f23-12b5-4183-b9ba-e4583c3fe0a0", "comment": "Malware payload (Formbook)", "value": "4e3c5c0f4779fb72daef8fe6a455e3b31ec0e78900a7f9f3d55caeba5c05c1bcdf32c86648ff2348958fcabe604cb8bb", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679910, "uuid": "8bd51ffe-c2da-444c-96f5-b469ca027be3", "value": "T14B04796DC34B02698F624377AB571E5441BCBA7EF38452B1306C437933EAD39A2252BD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679910, "uuid": "3c632341-d44f-4e1a-a2dd-6cdd758c5464", "value": "768:7wAbZSibMX9gRWjtwAbZSibMX9gRWjik2CWJ6+zVSvBXK/OGzv/XzGShoKkd:7wAlRkwAlRTk2CQ6VAO6/DGShQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701679910, "uuid": "edc4bf1b-3608-4f85-8b92-1dfd8ceb7014", "value": 177145, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701679910, "uuid": "4d556191-c5fc-4309-bd02-8bc10de3f29c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679910, "uuid": "733e610a-7678-44b8-a235-1b42d657060c", "value": "POX798483XIreland.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a0103b87-9276-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701674868, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674868, "uuid": "c47c3dcb-90f0-467a-8bbf-0aebd35f7e4e", "comment": "Malware payload (Mirai)", "value": "f7f92eb5a46e89b8731bc5e43a45e82b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674868, "uuid": "08c620ca-7f42-48e8-b633-2203dfb06f41", "comment": "Malware payload (Mirai)", "value": "c395f366600bbc6624b94f9840c5b78a903d916fcf068648c97b0f48efa23621", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674868, "uuid": "e9774772-6398-4058-8a63-521e92866bef", "comment": "Malware payload (Mirai)", "value": "a9d584d3cc5642fad72e87a8b55eda2b7cab79b5", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674868, "uuid": "899de552-a103-4acb-8926-7a836b2650f6", "comment": "Malware payload (Mirai)", "value": "8114483969473fdf6bcf6d243239b7efbb15e69cfec9ad8bc52eda3722e049f4f8ad12b430ff886ee810de54dff08517", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674868, "uuid": "4db73db2-ef6f-438a-9ce4-d39ef54d6866", "value": "T17073B419BF651FB3DC6BCC3709A91B05288CA54B22F57B367934C428B64B25B19F3C64", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674868, "uuid": "14d8ed56-c522-4232-8811-39157cfbb65c", "value": "1536:fNJ1b43SOxERu22fokcsL2lF5E6KkAZgwJE9Ja10nX:fNJ1c3SOxCu2MoSeAU4QX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701674868, "uuid": "47585377-db18-4c70-8c90-d5a8f61558ff", "value": 77288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701674868, "uuid": "941d06fc-1578-43e7-a701-493965d46d7d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674868, "uuid": "eda13131-02a6-4ac3-ae96-f011244115ec", "value": "f7f92eb5a46e89b8731bc5e43a45e82b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2a41663-92c4-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701708373, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708373, "uuid": "4044e69e-92f1-4081-9f79-434054b6d21b", "comment": "Malware payload (AgentTesla)", "value": "81f1426da2587ebf6642a637a4a51cb6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708373, "uuid": "ae478229-1e62-4f3d-aeac-54f3d6578ba1", "comment": "Malware payload (AgentTesla)", "value": "c3ce166cd66e732dd697e1add532da48629235d1d719e2480a015a13911dbd2e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708373, "uuid": "30392cfa-d7fe-4930-ab77-598de07fed10", "comment": "Malware payload (AgentTesla)", "value": "70f425f868e7f7eebaddcfbba5b6d71dbf9351e3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708373, "uuid": "2955c22f-2ec2-4976-bac1-8a7abdc86b24", "comment": "Malware payload (AgentTesla)", "value": "38174124ad39d94ed03d1a78046e7f6e544bc84dfc00af33615e517248c232eb0347057d53812f4e76265c56691fffd8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708373, "uuid": "bbe5cc3d-d24f-4f39-bd8d-e8c5b4c4ae51", "value": "T1F0D433599C0701C1FF87698892132604036776F6C67ABB05CDE8EDFADB512A27FB052E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708373, "uuid": "4a120a69-8e7b-499b-af53-b0d1963297da", "value": "12288:Xqk/KajUmrsmJvrhgyGVkX4a+T7dpaQ96ahxiil0Fue/08Fc0ZItn5dLkq:XI7mJDmRtfdpaQ91hH0q82Lf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701708373, "uuid": "8a1db5e4-4827-44aa-a40e-59608353272f", "value": 636664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701708373, "uuid": "b8ada883-5711-4ac0-9dbc-1a4df94fadc0", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708373, "uuid": "cd29dba3-ea2e-4730-9a3a-38e05c2e2449", "value": "Novi poredak_HR-WJO-12-04.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c46daf26-92f4-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701729046, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729046, "uuid": "b6f6ad6e-ce13-4907-95c3-1f1ac0b30dde", "comment": "Malware payload", "value": "461bfc767407611cd8d3234a8bfc3537", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729046, "uuid": "18c06c45-357c-4f78-88e8-d24f88b1fd71", "comment": "Malware payload", "value": "c534e7f1847d21ad75de88d4df71be37e8c8d4de381b7fafe0fdd7bb9c103a5d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729046, "uuid": "d42ff127-e577-4153-9ac5-faec96bedd54", "comment": "Malware payload", "value": "e337de79cdb7af1362c753bee6670403be154c78", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729046, "uuid": "841e6111-e3b1-428e-b436-2b6e33c54463", "comment": "Malware payload", "value": "a02af16a3836d4bcd34ad407a428d9ec7b87ca5af68d7b95e292f013b4f32111ad07ca9326674a576c2ff54e2cc841bb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729046, "uuid": "fe458aee-dc17-4f27-8fdb-7e5e76cac56e", "value": "T13CF3DD2E25B06842F5ED0A74B0F5AB1653107123BDE61CCE2D10DA3CC7739E777AAA64", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729046, "uuid": "ae6c64cd-2dec-4137-80bd-78aa22565efa", "value": "4514c46259fb71fea289f87cc46a4112", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729046, "uuid": "fc8b4c42-dd21-4f6f-bd7f-003648b0d951", "value": "1536:7hJ8ZNB0ahCYsuut5bj4tt2AKy+7Kq7hkGXefJ2srsXvNKDqdOpdtKbUi/xOOqh0:7/8ZNuottY7exHr+dAtKbZo967sOT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701729046, "uuid": "782b9c0a-d621-4659-a293-6c0e840fe077", "value": 163328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701729046, "uuid": "967ef7f3-4751-43b3-b464-3b6a5f366f1e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729046, "uuid": "70bc030b-28f2-4dcc-b006-f6de77ed23f5", "value": "SecuriteInfo.com.Trojan.DownLoaderNET.485.1501.30749", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "097f5d24-924f-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701657865, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701657865, "uuid": "7c070ace-c9a6-40ff-824f-56dc0bc20fcf", "comment": "Malware payload", "value": "8a0d2cacd38f80a45fd166afeb47d9d1", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701657865, "uuid": "4cb8a8aa-91f9-402a-9c02-9d403ad9aba3", "comment": "Malware payload", "value": "c733b7f6cf37e1ad437d28ee8344389753242a7cd87a9dfe900a18903a2f35dc", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701657865, "uuid": "f205cee6-3d48-46b0-9b76-c6dc646c1113", "comment": "Malware payload", "value": "1aa757d192bd6667d5b2e7cffcada19fbca5aede", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701657865, "uuid": "5bc0ce13-cd20-4898-a28e-cfe3392f3545", "comment": "Malware payload", "value": "518442ed08ba5b8a00a0339a422c717051087473355ad1d9975f8e21b485a2754614ba5dcc81654ec689146105cc199e", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701657865, "uuid": "f269d960-b0f0-40b7-a18c-b3b870ba8e1c", "value": "T1305633F8573B49BBF1F287BC3516434253D63B75C0CD4222DBADA46B6A3FB6009A111A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701657865, "uuid": "bf142563-f6f8-4f8a-abd8-35ce483665f9", "value": "98304:/2SwmX4Dc0nAPQmJpd+3MmbLmNzlosf+A+KX9KfbFc7pXIIXXRPjwU:/2rmXH0nrmcqNn+A+KXozFc7Dd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701657865, "uuid": "e56384ea-75b9-48bb-b8f7-e55be730fa8f", "value": 6217056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701657865, "uuid": "d87e9216-b4dc-46ed-8574-8bef5e033feb", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701657865, "uuid": "8220b57b-ed46-4589-a301-ae4f645740d8", "value": "SecuriteInfo.com.Linux.Packed.1241.3067.27801", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "88a25f36-926c-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Vidar)", "timestamp": 1701670534, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701670534, "uuid": "ee7c9494-f537-4438-b3ca-72bb13ef5685", "comment": "Malware payload (Vidar)", "value": "63bdc86eb2f6c23164968a5e23f5e5f7", "object_relation": "md5", "Tag": [ { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701670534, "uuid": "36b01576-5e78-4985-b987-7191a183f593", "comment": "Malware payload (Vidar)", "value": "c7bf8bc1006158f659f59eaf37f39e10a437503059bbb310ed03d321134b936e", "object_relation": "sha256", "Tag": [ { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701670534, "uuid": "0798e8c7-26a8-437c-9df6-d7374cacd77b", "comment": "Malware payload (Vidar)", "value": "1b47c56c3981687f55b6062550f0d58a1a5a6b8a", "object_relation": "sha1", "Tag": [ { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701670534, "uuid": "070b16ec-d091-4e05-8673-93e30bc7079c", "comment": "Malware payload (Vidar)", "value": "899837f1bdb269cabb96fe64930d65489360b8ccfeb1d44e79289907c03a5a066dbd90b7e85583fb847b3d0ff50b1ffa", "object_relation": "sha3-384", "Tag": [ { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701670534, "uuid": "b4a0841e-206d-4499-bc50-38e407a0ed34", "value": "T1C9F31337DA6A9E5F262C905857E0AEC9F5A1F1CEF1A2868F693D22C95F48054332D7C0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701670534, "uuid": "b45fc14a-4592-4e81-9067-9d63da0afe46", "value": "3072:mcylQCMTPaqdHXBCqsxdmQzwdPG73WVFmKQsuuuhGP3Vv+jLLq:M65xEmQ8du7GzIsuQVv+nLq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701670534, "uuid": "4ed6cc21-8d16-4eef-bfd6-b4f486404f64", "value": 158731, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701670534, "uuid": "e8298007-be02-47d5-9b9d-1a2a5cd9d945", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701670534, "uuid": "746fd4d3-1cd0-4762-a880-dc56ffb7183e", "value": "vidar_unpacked_0823253d24e0958fa20c6e0c4b6b24028a3743c5c895c577421bdde22c585f9f.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6757196e-92d8-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701716863, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716863, "uuid": "c8df48f3-51c5-4b00-bfd4-c09a2394a164", "comment": "Malware payload (SMSAGENT)", "value": "108ca27288d2aba31ed0bbc264b06868", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716863, "uuid": "4a86e86c-d274-4652-ad0e-638154d89668", "comment": "Malware payload (SMSAGENT)", "value": "c92e9a1ea45db563a41f815847495f154f38051b042057b3b5a03ace79dcc15f", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716863, "uuid": "09212b57-5248-41ca-9b9f-c4bf6e300dd9", "comment": "Malware payload (SMSAGENT)", "value": "6f5c91338e301f9e5b03ee6813ee6427776cd416", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716863, "uuid": "9e5dd45e-4258-4be6-b2f6-bd38b3e508af", "comment": "Malware payload (SMSAGENT)", "value": "9be4c4546224e698dde94d82df9bf6e25815a06b9f42182011f69a2880a63575d873320f4482979bdc31ff6807ff72ed", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716863, "uuid": "79170550-6add-4d6c-9953-261184a3be3a", "value": "T15D76011AB71EFC4BE263DA3263728D4B772F85F51250E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716863, "uuid": "11cce427-78ac-40b8-b44d-880176a222d7", "value": "196608:trzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLw1F3nswU/Q6FKNcnFjr:5w0pdMGbwBAej2q7nswxgFH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701716863, "uuid": "b33616f6-415b-4343-ab97-2f9ff5fc8d21", "value": 7326996, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701716863, "uuid": "42551596-f331-4b3a-a15d-d1eaebedee0c", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716863, "uuid": "94a3026f-d476-46b8-a7cf-eebda66cc6bc", "value": "\u0422\u0415\u041b\u0415\u0413\u0420\u0410\u041c\u041c-\u041c\u041e\u0414 (6).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82304a6b-9267-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701668375, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701668375, "uuid": "c9534143-05e6-4669-8a3a-cda17a4c2030", "comment": "Malware payload (Mirai)", "value": "0820dc18b39eb921241cc024c23ff59e", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701668375, "uuid": "5e51e7b4-0f8d-4bbb-b7ce-3b327772d1b6", "comment": "Malware payload (Mirai)", "value": "c9d78fe9837e1627f45136d9e01ee7dc2672bea2fd0b7eea2e05afd3fed49e99", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701668375, "uuid": "e7c8f71e-882a-4751-b948-3d47be3260ae", "comment": "Malware payload (Mirai)", "value": "15398d2f3d0e8aa3cb82f37706ef67d5372f1600", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701668375, "uuid": "ff8251af-0f1e-4e54-adf1-0b2fd294acd7", "comment": "Malware payload (Mirai)", "value": "559731d0e8c5f2bbf0ddc45609fb35b3408a59f1d399e8e474e70ad12733134cfda36bb5282ff032329ced32383eff11", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701668375, "uuid": "2007e85d-be51-4101-b994-de3305727aaf", "value": "T1EB432B17B582C0FCC49AC1745A5ABA3FAD3271FD0238F2A67BD4EB222D95E261D0DC44", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701668375, "uuid": "7ff11730-c50e-4f9d-9593-58439f3c6fc5", "value": "1536:XmVjgNytlldI8ILRbrBoSd02UgNR9+9BH1fmZ+V09JyD:2NgQHHULRbNoSd02pPeH1f3V09AD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701668375, "uuid": "8589cae8-902b-4713-b255-4e7c592a87ce", "value": 59328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701668375, "uuid": "cffd279b-029d-4551-a26e-09bc61bfa6c5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701668375, "uuid": "01e96608-42f8-45b0-9a7a-a52beecae02a", "value": "0820dc18b39eb921241cc024c23ff59e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7bd00f56-928a-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701683397, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683397, "uuid": "8963f06b-9455-4c7d-bc09-dad2328d45b5", "comment": "Malware payload", "value": "abb62410310d072531dd82993a2f5c01", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683397, "uuid": "c74c3773-6adb-4e82-bc13-a6a393ab3860", "comment": "Malware payload", "value": "c9f89195d0ead99b7864f3374e648a06173ea4c7853e700cec8135750de42976", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683397, "uuid": "9c72d794-210d-43b4-91d7-ba102a200fd8", "comment": "Malware payload", "value": "8d196c714c1a416d541486c905b5c92d4af5d452", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683397, "uuid": "eadc6787-9412-4cd7-820d-e54b0dda0837", "comment": "Malware payload", "value": "2e22b3f8c0573f3a7de87e4d9dca6e9dc36508e78b76ef7bd4719a2536d38dc2802e1a0c7b24049b598278c292b6453f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683397, "uuid": "28792f89-a90d-4be6-aaa9-4996b82dcc8e", "value": "T1A384A492A679240ACFB9683AC3737CFC56334C39A557059056F83A2D4BFB5C27990A0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683397, "uuid": "4861970c-a37d-4959-9de7-ec36fbefb6e5", "value": "6ba8b6c0037670fc1ddac53b088c0908", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683397, "uuid": "89e1ed54-ddb0-4c82-ac62-e0bd4d3cb456", "value": "6144:l1oSPeYpC0VcJZWk3t42aOts1v8scSx0gC7MmmAP0szepeaVfdYEv:foSPeYpC0VcJZWE4MS1v8sPxCAmmO0s4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701683397, "uuid": "0a45e982-1b89-4604-992c-5b3ea61a0132", "value": 388608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701683397, "uuid": "23b308ac-fb8a-4ed6-8e99-fa5935c006a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683397, "uuid": "c8082d9a-9acb-46e0-b986-dda964bb1052", "value": "abb62410310d072531dd82993a2f5c01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cfe85998-92d8-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701717039, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701717039, "uuid": "93e26968-948d-4fbd-a7f2-4fba9acc5093", "comment": "Malware payload", "value": "d9e615a752025d1ff7a72fa8e2e9f1c7", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701717039, "uuid": "0ab2258b-2611-44da-96bf-6c63de258861", "comment": "Malware payload", "value": "ca191b4d9226c6ad998957796ec5c6f67bd6e6265bb10151b851110a33c83c30", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701717039, "uuid": "8deb4a2e-730d-45fc-908c-6a903356809a", "comment": "Malware payload", "value": "7a97d75b5ea27e02699ca4a366bfbc90c1b28654", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701717039, "uuid": "557b4289-3907-4e10-bddd-93117ada15f1", "comment": "Malware payload", "value": "a41ed1dcc447a330e58766981563ff943d88b464d34f4e80b531b1a70a1acdb5fe533f60d199b41250977ff136fbdad6", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701717039, "uuid": "89bb90c4-e75d-429a-833e-087fab65c72d", "value": "T14C76011AB71EFC4BE223DA3263728D4B772F85F51251E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701717039, "uuid": "4a2142cb-04c9-461a-877a-08b829d259f3", "value": "196608:zMrzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLrX1F3nswU/Q6FKNcnF4:zyw0pdMGbwBAej2BX7nswxgF4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701717039, "uuid": "cd08a68f-477a-4c01-bb9b-4b7086106508", "value": 7340429, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701717039, "uuid": "bddbcd68-b8ef-4dbe-b4e2-acbba2c14af3", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701717039, "uuid": "ee0a5217-c8d9-4cad-bc18-0d6c6ce8d092", "value": "\u041c\u043e\u0438 \u0444\u043e\u0442\u043e \u0438 \u0432\u0438\u0434\u0435\u043e (324 \u0432\u0438\u0434\u0435\u043e \u0438 \u0444\u043e\u0442\u043e).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86378e8f-92d8-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701716915, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716915, "uuid": "ec8f58b4-216c-4e52-b6dc-34988fb8f14a", "comment": "Malware payload (SMSAGENT)", "value": "3359ddfc58ad3b2e000ccc717c3e73f9", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716915, "uuid": "4c4132ff-1735-43de-86d6-4a38cd677fb6", "comment": "Malware payload (SMSAGENT)", "value": "ca2797d864e4864bd2e205a530f75a3916701cad25c0d24efb5fb67e0c3aeee6", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716915, "uuid": "ce3c618a-2d57-4e1c-82ea-20b604f050ad", "comment": "Malware payload (SMSAGENT)", "value": "2c10901355bcf0cc79f4dca7e5aa1b7ef26dba07", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716915, "uuid": "43641233-5218-4566-a11f-83814431dc8e", "comment": "Malware payload (SMSAGENT)", "value": "79a98fd7acafa6c2380384a24c1498c0c07bfbbe29740858c4930148a9dbc2c2df87587b9927d85f77e21eb84ef4b098", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716915, "uuid": "e39cb2bf-9203-4147-a5fd-ebe55ae07460", "value": "T1DF76011AB71EFC0BE263DA3263728D4B772F85F51251E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716915, "uuid": "b86310e9-e05b-4bca-9c4f-5efb12bdeeb3", "value": "196608:przkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLi1F3nswU/Q6FKNcnFK:lw0pdMGbwBAej207nswxgFK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701716915, "uuid": "40bea148-c25a-470e-8735-e9b413d8c8f4", "value": 7328484, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701716915, "uuid": "fc7c9b3d-5966-4ad0-b99f-c29c68f2664c", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716915, "uuid": "43e359cf-1d4a-4997-9759-be56b796d001", "value": "Videochat Ru (2).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f4f3298-9275-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701674196, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674196, "uuid": "32f647d1-6131-4523-9061-6ee9237f1a9e", "comment": "Malware payload (Mirai)", "value": "f1795ef2e426e27527921a6c1d236c20", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674196, "uuid": "8bbbdbe0-8b6c-4732-8b57-b37f25930890", "comment": "Malware payload (Mirai)", "value": "cb06d20012c6c03838b01319548d7c206ec906584a4b2e1dae20dabe0c7d55b2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674196, "uuid": "ce07b998-50e4-4213-82bc-da9309073f20", "comment": "Malware payload (Mirai)", "value": "33ff6403ec8f720ebabedce143635f8d7d649e40", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674196, "uuid": "2a248b49-0556-453b-beb4-6041d3490e7b", "comment": "Malware payload (Mirai)", "value": "11d30d75e1a978e102d7975e3c6369a62e7e2dc469bc41b0dbd4a259c8caad48df796f17e84f38a2c9bf34d5dfc7c7b4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674196, "uuid": "239e4df5-bae8-4b07-b799-e1e3a8d061da", "value": "T149332A91FD815A12C6C01177FB1E138D772753B8D2EE7303A926AF20778A96B0D7B641", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674196, "uuid": "9932c778-bec0-454e-a38e-bee7c49a481b", "value": "768:FPo5blXi6yuCb6hkp60+kwroVI+8Ca6OFw4tiuirMtukckpjTsqO1NyyPHI:1o7XlCehkpUkx7I6swbwtjcqTrOasH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701674196, "uuid": "3ad75e67-ef34-4bb2-91b0-78708391e3f6", "value": 54988, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701674196, "uuid": "387da7fc-22dc-4cb0-880d-79e58dccad98", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674196, "uuid": "48e1c57d-86cb-4907-84e5-f8a62a7b904d", "value": "f1795ef2e426e27527921a6c1d236c20", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c61b512d-92f4-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701729048, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729048, "uuid": "15b90e2b-633c-4507-9d64-b062735acc69", "comment": "Malware payload", "value": "1f91c3ab8a9689208e162e81b16881fe", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729048, "uuid": "a1ad2841-3494-48f8-aa76-7963188e8db9", "comment": "Malware payload", "value": "cb56e2cebde2354a6e353ab3f6b29ac45843632b4551f4c30db070379bacb4c8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729048, "uuid": "89a8f440-f9b1-4856-b79d-1148afbd4532", "comment": "Malware payload", "value": "a2e7d9f5c55068f261a658a5ba2da5016cd71bdf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729048, "uuid": "86de653f-f5bf-4157-80da-a2bf8225ed61", "comment": "Malware payload", "value": "fbd2afb7e1a0e10fef69e729237f30c15421f4120a14026d3b2ee15188c9f323ad478dc741a836f886d6e7ebc83dd1d1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729048, "uuid": "7c773a1e-c39b-42a3-a9d4-57f238d58a6b", "value": "T14DF32E2F25B06842F5ED0A38B0F5AB1653107123BDE61CCE2D50DA2CC7739E777AA664", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729048, "uuid": "ada68877-07d5-4190-b49d-b0747dded624", "value": "4514c46259fb71fea289f87cc46a4112", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729048, "uuid": "b3ea1119-a1b1-4bb4-a835-6daedd0b4566", "value": "1536:FhJ8ZNB0ahCYsuut5bj4tt2AKy+7Kq7hkGXefJ2srsXvNKDqdOpdtKbUeNYGf4dN:F/8ZNuottY7exHr+dAtKbJydM5OT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701729048, "uuid": "982a074a-a0f0-4feb-aa67-521480d6acd0", "value": 163328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701729048, "uuid": "298a8c76-6af8-4209-bc4e-533fb00714dd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729048, "uuid": "21d217de-623a-4281-b044-0810edaa632a", "value": "SecuriteInfo.com.Trojan.DownLoaderNET.485.23452.1035", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "201930dc-92cb-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701711160, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711160, "uuid": "4f87cf61-0cad-4135-961f-d109b4e46d35", "comment": "Malware payload (SMSAGENT)", "value": "8dabd30e63b14f2a52c0f8a427bdf17f", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711160, "uuid": "680586dd-9d11-4c46-9ca3-6a374fb6ed17", "comment": "Malware payload (SMSAGENT)", "value": "cb7ce1abececbdade9600cbbac1a43124f9b9c9573d8477cb016f5435d7909a4", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711160, "uuid": "656276b1-1c08-40d5-93f0-e38bca522f87", "comment": "Malware payload (SMSAGENT)", "value": "1c8b67e447c430dda948ba6cfdc6e8e5eb9950c4", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711160, "uuid": "2b496be1-08c1-46d2-8abc-dcfd19237854", "comment": "Malware payload (SMSAGENT)", "value": "f717fd8c0fc7e3b0fa2a33f5b0315cc83ca628154329507ac57efcf52161c28c8052925b9b323ded511b1e04498a32ac", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711160, "uuid": "29f5ca83-3f58-495d-a7c0-82911531f434", "value": "T1D0179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711160, "uuid": "c912d519-1d72-43da-af12-f6e80a36be01", "value": "49152:CuuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvr:6v+49UBEIIddXHNqjece8nMI+lEaA8o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711160, "uuid": "13c1c4c0-4693-4ccc-8386-7c0d1a8ea322", "value": 18563901, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711160, "uuid": "b64c6535-d3fb-4923-95fd-f931816d1c8b", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711160, "uuid": "4523c60b-84d9-4d9e-90ed-da4fdfbc9e62", "value": "GetContactPremium.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42044d71-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698332, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698332, "uuid": "a794d5bc-dc34-48a7-a535-7791c1b74601", "comment": "Malware payload (SMSAGENT)", "value": "e622817119c5a95137232dbb325a27bd", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698332, "uuid": "e08be53c-aa0f-404c-9490-381b0485acf2", "comment": "Malware payload (SMSAGENT)", "value": "ccbd7436d28e234d354a5a7e55931a5c7438750080784de091c958e987270990", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698332, "uuid": "385c029c-adf2-43e3-bc52-b024e3fdfd2d", "comment": "Malware payload (SMSAGENT)", "value": "2723f6f2db828be0dc6eb0f0a720209ae6447d6d", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698332, "uuid": "1575bc23-1e3d-4b83-9468-ee35348708ca", "comment": "Malware payload (SMSAGENT)", "value": "7d7c7357aafeab37454a838895e9f41c7c6c204d3120e3b8dce78790d07764743193442b0b4f09a462799d8bdc22f0a7", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698332, "uuid": "64b6d40d-d883-4ab1-bcc9-c468489f6b1d", "value": "T11B560179731CF40BE073DE316371814F71E085E51A72E312AB07B8585DABDC4AAAEE19", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698332, "uuid": "2349d4db-b0d9-49ef-bd75-e6a952799be9", "value": "196608:/qDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYL:+irUVis8O/0giAZ9PDn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698332, "uuid": "b5976217-f513-4b32-9fb9-ee3d579230a6", "value": 6388672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698332, "uuid": "52511132-c393-43bf-8834-9f2d7febc490", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698332, "uuid": "b7e31250-fcf8-476d-9285-4d846576ccd4", "value": "Video call.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a099dde3-9286-11ee-b7ea-42010a9c0006", "comment": "Malware payload (DBatLoader)", "timestamp": 1701681741, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681741, "uuid": "432602d5-4ff0-44cc-9e20-02f5afebecbe", "comment": "Malware payload (DBatLoader)", "value": "3792577ce38a71b76108056762bbd911", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681741, "uuid": "b2770883-2aa6-42a2-8c28-631c90a19ee2", "comment": "Malware payload (DBatLoader)", "value": "cd0dd222c7ba110e49ecd0aece6fa2915b5a126fed2fcdae12e114106688bee0", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681741, "uuid": "d0234a8f-7190-46b0-b9d7-788854d510a2", "comment": "Malware payload (DBatLoader)", "value": "64b79ede261d1b7c4be29b654d49df1b9ba74b17", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681741, "uuid": "f427b036-352d-4d6d-9e07-90f313680df4", "comment": "Malware payload (DBatLoader)", "value": "5bc41fd8b90d48b59cfa8a08f9074a36b9cb2ab2c48e7a31ce966dfebaae80a45be0751357efe588eed2daf84e3ac189", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681741, "uuid": "e7a2450c-8887-48a3-b489-626fe573a592", "value": "T18A35AEE21ED1D4BDD13E65B9884BD2AC042A3F341E6C064D75F9D9880B3EAD3781F1A6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681741, "uuid": "47d8d97e-f5f6-469d-96a2-17b46c15c97d", "value": "10ea1b1ff7d4c4809d2c0a9a6ae44619", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681741, "uuid": "4e3d430a-2908-495e-889d-c781a946e3d8", "value": "12288:RtVsGMuG7PS2wDtCU6NdObmCORJqKqMQZLGdVNXbUWsK9h9wAPft4:R0hOSNENCJqKOGvdUWVJt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681741, "uuid": "210f213e-77de-40a4-a79f-7094e7cef2d2", "value": 1121280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681741, "uuid": "52c7016e-8949-4a2c-a9f8-e7f1801e4531", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681741, "uuid": "af86c941-73fa-4996-94b6-09eb858e41d0", "value": "PI and payment confirmed pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc0cbd3e-92f4-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701729058, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729058, "uuid": "ae8a9dde-7350-4a1f-8806-ef8218c769b4", "comment": "Malware payload", "value": "19413b155189b0166e8a82331929ceea", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729058, "uuid": "52829d7c-f166-47f1-9cb4-e0ac39ebec38", "comment": "Malware payload", "value": "cd4cbf92ea784cac5f66251c77869dfe19de753107bf4dd49e24c5ef9041f547", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729058, "uuid": "69e1d694-b914-4053-bf5c-db6ca3c43705", "comment": "Malware payload", "value": "e0b414cdb79bcf38374d6c2f192ff309eb5f623b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729058, "uuid": "8ba8b62e-6391-40bf-a922-cf670bec91ca", "comment": "Malware payload", "value": "08181b59aa66dcdb40445b7a10a6a0aca6221e5270a3f0e011383dcca04aabbe859616bdf09c91b1bb03a88e2542f8c4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729058, "uuid": "66ece0d7-b740-460c-93b7-4758edc1adcb", "value": "T14062DA2A39ED502DF1B39FF17EE428DADDAEF2377615945A1081030B8D50E80DE9163E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729058, "uuid": "7e73c3eb-3f87-4354-82fc-e42131ac8aa1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729058, "uuid": "23ef2660-eb11-410a-9fa2-1b85348348d2", "value": "192:TvPshdI479oEjufcW/6Pkrc2+gTbYtXGMa8hURYVt/QnEtpsQrw:TvPshdIq6vT9UUB8hUeV4pQrw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701729058, "uuid": "799ecbf1-9900-466b-ba23-610b228fc5d0", "value": 14848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701729058, "uuid": "de8c426f-fd78-4845-b2e8-a20f934f3c83", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729058, "uuid": "9d11e1a7-cdbd-464a-bb75-76baf2a83711", "value": "SecuriteInfo.com.Trojan.RunPowerShellNET.8.5568.8405", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14751580-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701681935, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681935, "uuid": "a30a49aa-882d-4665-8bca-5bdf4cc2d6c6", "comment": "Malware payload (AgentTesla)", "value": "c9586b5ef698248e11c6fc904ccd1e6d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681935, "uuid": "00958e23-f322-43cf-9d20-fe95b7ccd165", "comment": "Malware payload (AgentTesla)", "value": "cde4e54eecb8d93a3bf01b328a33b998ef032becee8b0e375225cbce85c4a548", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681935, "uuid": "612ebef0-121d-4744-b653-316751e6df56", "comment": "Malware payload (AgentTesla)", "value": "3b2246ad338738d2d1dba1cbc7a751091149d338", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681935, "uuid": "ff85666b-1c04-4704-9e45-cf247541f706", "comment": "Malware payload (AgentTesla)", "value": "4abdc8de275248abb65bcef1f7bca24e3d2f77dd5e67addd6fd1e81f26ae78c7b7844540565ea03ba47b96f9edbcbc17", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681935, "uuid": "6662e8be-8939-4c11-87e4-f2629e1a87b3", "value": "T16705126877AC4F97D13F07F95A90A00993F26D2A2472E34DBDC173DB59B4B900B60A1B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681935, "uuid": "249f7c70-0174-4d7f-aa95-26a69cc35ad4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681935, "uuid": "6d3d8343-3486-4d65-b40c-e07c32a7123d", "value": "24576:3MPBrU7n0K+4iAVilgobPwXGYfpBhtD/:S1Ug54xQlJc2Y3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681935, "uuid": "c975247b-18f0-4305-b378-9d2d4afd7c30", "value": 861696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681935, "uuid": "033cb571-daed-4489-a63c-79ee8fca050e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681935, "uuid": "3a78212b-afbc-4a41-a470-7d17dbc871d0", "value": "YU SV Payment.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28f24e7f-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698290, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698290, "uuid": "be81e884-1018-4cba-ad97-ec0fcac4968f", "comment": "Malware payload (SMSAGENT)", "value": "1c4462b6baf09cde5a16979d9de3ffbb", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698290, "uuid": "08ec3049-31cb-4ba2-8111-28a26d9ad947", "comment": "Malware payload (SMSAGENT)", "value": "cdeb3da03a29a9b7c7e154ba3596c52257c4766dfbeb50732e7dd84e81d217bf", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698290, "uuid": "efa6448e-e6fb-48d6-8a23-bc60987fd14f", "comment": "Malware payload (SMSAGENT)", "value": "23c0392fae135f4e94a2984109ca428ae5429a0e", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698290, "uuid": "0741e9e2-9c5b-4249-99c6-0c98ced21c26", "comment": "Malware payload (SMSAGENT)", "value": "8fdc9744d9dc9d1edf7a0bbcbe8bd983d2359aea89e6bd6caeca0e5b575a827b19ed3c49545bc892514258144c30fadd", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698290, "uuid": "5807b744-ab97-4094-9397-4aa6518f6560", "value": "T1B8560175731CF40BE073DE316371814F71E185E51A72E312AB07B8585DABDC4AAAEE0A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698290, "uuid": "a9191b33-71a4-44d7-b3ad-9cc97cedb24b", "value": "196608:/6DGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYYRs:uirUVis8O/0giAZ9PDH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698290, "uuid": "04304874-fce5-4ff6-9f9a-18c1812d472a", "value": 6359995, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698290, "uuid": "28c28810-84b6-49f6-9d36-59a1a5fea9e2", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698290, "uuid": "15a2ba22-733b-4e71-b64d-c674d35a464e", "value": "Verify App.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b4d3266-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701682161, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682161, "uuid": "97a4bfb0-b75a-4805-8fc7-5395672cb6f4", "comment": "Malware payload", "value": "77c9c8378cb71156fa1dbd5d55ace921", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682161, "uuid": "7af5e0d4-5599-4138-9d5e-0a8cb17df211", "comment": "Malware payload", "value": "cdfd799f58cfb6800884242837a27ec19a25effa8943325512df1c08374580cc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682161, "uuid": "fc19e2bf-3bcd-411a-b2cd-f4c8e96dba59", "comment": "Malware payload", "value": "46e6f83690008e0d144fb4c31ed35a67a1c98edd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682161, "uuid": "a88d8812-ed9e-4422-a777-635b77dae0aa", "comment": "Malware payload", "value": "26b71a8308a727216687ba4fea18a75918241c5e74d7324573d70b3d7882c97923293b5442ee44fadfbcdad08bb02e6d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682161, "uuid": "0ea10206-7d69-4ffa-9282-f7b4cf49f853", "value": "T116C53340FD041ACBCAB217317EBC0646AA727A67099C63FC2E7FD0A42924F8FB755614", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682161, "uuid": "0e3afcb7-020a-4ad0-bfb0-1c458722b8bc", "value": "98531db40515fb8043e9239e78cac583", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682161, "uuid": "7d290b16-4fa2-43d8-ac6c-b05a548d71f3", "value": "24576:+Yvh5sVnb5SapjSYnsHrshJf9H00qTorWW0qJJfPyoZWayIzfXxwkzJCa8h8+WdD:+YJunYefnAreJJ0+rF0qJpyahJevG9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682161, "uuid": "a6b39cea-c3cf-499a-9811-570c6e88c58e", "value": 2626936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682161, "uuid": "aa218042-fdfe-4955-8804-57e89791bf5a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682161, "uuid": "ccb7397f-66db-4e36-a8fe-1de07679e435", "value": "77c9c8378cb71156fa1dbd5d55ace921.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8364202e-928a-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AsyncRAT)", "timestamp": 1701683410, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683410, "uuid": "7654e9bc-31ea-4cf0-8d59-94c69c139d8f", "comment": "Malware payload (AsyncRAT)", "value": "15ecc392067b199d9d6aaef7bbbf7457", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683410, "uuid": "4b9a2bfe-611d-43df-abae-ea3092417e69", "comment": "Malware payload (AsyncRAT)", "value": "ce438c103a40dbd12f48547c2d8604c947232376f87eadd1a2da3b7bfac28d02", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683410, "uuid": "8da3fb9c-5eaf-4d8e-a0ba-3661b9b2c1c2", "comment": "Malware payload (AsyncRAT)", "value": "4397a4f678b69f2f1b3ad0b9de3b35d9fca9c1a5", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701683410, "uuid": "5468d6a9-8c90-4a7c-9665-525eded86d53", "comment": "Malware payload (AsyncRAT)", "value": "e5d7aef1b0955d4054b439f82f16a47619cb522c1681d6ca244ba7285ac07a58302a4731e07802e710f6d35d41b2d1f8", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683410, "uuid": "24bf4638-5565-4064-92fc-91359e2d4243", "value": "T15806F1B97AA1907BC2733574898DA3BAE6BEE5310A35150772D00F3D2B355A25D2C32F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683410, "uuid": "91530010-b115-41ff-a5f7-118a2bae9903", "value": "a1b190903afeca3e59ef25b466a833d6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683410, "uuid": "0e58ba3d-9841-4d35-b61a-8fce5cb8f524", "value": "98304:FN3qDL/rxN886Yw4ZEM1T4RA7pPdXNrrX1PHhyycRd0PbVHYfG0jJPA25v:+3nw+N5ZRrX1PHhNcRd0PbSfGeJ42p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701683410, "uuid": "f55d05a0-1ab8-4551-bf74-eaafd78dac36", "value": 3889664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701683410, "uuid": "89ab9af5-ede1-4216-a705-e4509cd41d55", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701683410, "uuid": "a98e69ab-dc2c-43ab-be87-94b74e87e7d2", "value": "15ecc392067b199d9d6aaef7bbbf7457.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0872147c-924f-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701657863, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701657863, "uuid": "4279fc56-774c-4246-a584-ded7a6a3fb4a", "comment": "Malware payload (Formbook)", "value": "0cffebd57714a2a5832adda3faee6435", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701657863, "uuid": "de8a2c6d-52aa-4362-a0b8-e67dfef5ae9a", "comment": "Malware payload (Formbook)", "value": "cf2b7d462f7f7a8766d829b1a2d618b8b5194455b17a7ac87b2f7d4090142ec5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701657863, "uuid": "5ceff097-aa5b-4494-8287-f450733b429f", "comment": "Malware payload (Formbook)", "value": "3d909da159143b49622af04b781634e2967614a2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701657863, "uuid": "187f2e6b-d190-4593-8e93-ba9b315e9b5f", "comment": "Malware payload (Formbook)", "value": "88b6bf0b41e9a5b6dac9c6d0c77e2ecfed4c25f08f619d2ac8da34b50ac74dd690eb737dde8d55c0fcfd30ad48a3ec57", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701657863, "uuid": "4a4cf2f2-c8cb-4ad9-979c-7a9b05bebb93", "value": "T1F4146B1074D180B1E477033609F8D7216A3EFD724F665ACBBB985A9E0A741C1A739BB3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701657863, "uuid": "8946f7c6-fe3c-49b7-a73a-58e9ed91566a", "value": "8194584b00600c2df9eb6e7b7b17d1e1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701657863, "uuid": "7e53d62f-24b3-4625-b3b0-de966534079f", "value": "1536:Hb238ce2diD7suPZ6b7PMFTeM8g9WRtJ3IiC32v6hGZ04py+wc1TRs8jcdrs+r8t:B3McF/Twb3IWScy+3Tkrj9PoGb03gW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701657863, "uuid": "9c16f426-b816-45e6-afaa-eb27f9a7d4c6", "value": 195584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701657863, "uuid": "89e4e7bf-91be-4983-a51a-ea5d1100bbef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701657863, "uuid": "5c90fb7b-ade9-4651-b21d-7020736ee362", "value": "SecuriteInfo.com.Win32.InjectorX-gen.28183.439", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9e2c84b-9286-11ee-b7ea-42010a9c0006", "comment": "Malware payload (XWorm)", "timestamp": 1701681783, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681783, "uuid": "ed1bc674-1192-4635-9d28-5ef140dc2af5", "comment": "Malware payload (XWorm)", "value": "a0875218b9a2e794c65b9a24666342b2", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681783, "uuid": "77acffdb-dc2f-4f0f-96e5-89f86147d482", "comment": "Malware payload (XWorm)", "value": "cf6803e262a70ac75b085d41b2e50567f1c8dfee0e879c5b1dc450b966709218", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681783, "uuid": "ff4e1c28-46a7-47c3-80ad-104ae67b8c24", "comment": "Malware payload (XWorm)", "value": "f7bf0d3204ce145dc2efbb868cbb594afdbd087c", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681783, "uuid": "72d6b20c-836d-4d62-a4fd-76399388558a", "comment": "Malware payload (XWorm)", "value": "aa6d3f88c573f689d1326ffb9cc0249e0e90977e939673ea26ffb3e3bbf22f9f0fdbb77f11dcfc5d734f7e773673ef09", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681783, "uuid": "373efec9-0310-4de5-9de9-53474f973360", "value": "T1F5F3E6986EFF900CB2F37D215FD6BCDD5A0FF65B6A2BA1896000130A5A53D50CDA2E74", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681783, "uuid": "d96fed5f-283f-498e-97e9-47efc109db6c", "value": "384:7TPGMvhPjJwlkwstN2Zi7mqm/mHmSmSmSmSmSmSmSmSmSmSmSmSmSmSmSmSm9m/I:nG4PjCkhtIpfd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681783, "uuid": "9467f5cd-1f39-4ef5-a19c-e36ce6fed2f7", "value": 162924, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681783, "uuid": "38735254-c950-412b-ba18-8a5a0449e24f", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681783, "uuid": "2be81c80-9e94-432d-a237-2c461763a42e", "value": "Items list.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "066bb142-92a6-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701695226, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701695226, "uuid": "79868fd3-ef55-41a2-990d-f82179cc6d00", "comment": "Malware payload (AgentTesla)", "value": "a8fe4b4f56b169cdfbf7b4a7f0581b4a", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701695226, "uuid": "70cd8d6c-ba16-4a67-8dae-947bae47a63e", "comment": "Malware payload (AgentTesla)", "value": "d05268c586a1f20ae7e1accb8bc5b093fff7f73558b156f2a58e60c8a0530219", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701695226, "uuid": "ffe94e6d-f532-4dd8-bae5-4e56ea7af533", "comment": "Malware payload (AgentTesla)", "value": "47f86e3d595ce10efac62bc7f327525fbb07ef0a", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701695226, "uuid": "607df724-ba96-4c85-a9e9-8537eb67e092", "comment": "Malware payload (AgentTesla)", "value": "83e5f68713b911dea821493c9f13c047f1ecfc50ec54889f35fcf032e4bd3f618a7729e383e78f73b34faca7c9887fe4", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701695226, "uuid": "5850777f-a9b5-46b4-add6-28a524026f16", "value": "T1BC9423185CB668E138A034FF7F08F46BF7B4E6594A200A373939A555E76C902DA3C386", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701695226, "uuid": "a7fabf06-d536-4524-9fa2-75d175442266", "value": "12288:nos8h3oKwZlSQtu2oLHv0XMifM0ewsQ1+TX1f/J:os8h7CTMH8XMiDs4+TFfx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701695226, "uuid": "c3db977e-e2d0-4e2a-80e1-d00d136e91a3", "value": 408549, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701695226, "uuid": "9176d1e2-2905-426b-8dea-039509852657", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701695226, "uuid": "33c34007-a68d-4aab-b602-455aed7c6092", "value": "payment status.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70b7fc78-92ca-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701710866, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710866, "uuid": "7598a67e-6c2f-4fd2-bb66-3069cb65d7a5", "comment": "Malware payload (Formbook)", "value": "9a02c1eb0ae5cf07ecd2ea6447c69333", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710866, "uuid": "2c3e19cd-5e09-47b6-9e0f-46606bbfb270", "comment": "Malware payload (Formbook)", "value": "d0a62cba3fb976c56f6e7fcd028137ff083d840b8bec2a7f57854f8156b48ce4", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710866, "uuid": "65184594-b1d6-4475-b5ff-69b8b03ff824", "comment": "Malware payload (Formbook)", "value": "c8d263e6a297f8ba094a1e87a29e23f6ae976b62", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710866, "uuid": "07245396-4e37-4a65-b63a-cb1243ac2e58", "comment": "Malware payload (Formbook)", "value": "22b8d326140d7e9cd32e994258b4ca3a9d5b7ca87c97f52ff5d22e70e3b91e0b5d54a7e221d6698ad5e2bdfba58a16cd", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710866, "uuid": "20359cb6-cefd-4ac1-8d2f-786a5ebe9425", "value": "T1C8E433C18B3D80938AD68DEDD90CD9B0589B0B3F6BA98BCBE50BC6BD131535219D4D1B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710866, "uuid": "3f6e2bd8-c5bc-479c-b346-e7d88b9d79e3", "value": "12288:5XbXeSfUHN0qr3gFjfNF6gGYNmkJZEQh313+HOcIU3v+e1DHl0VN1V:5XjS0AcNFLXNcIldHoDF0r1V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701710866, "uuid": "b42dfa79-047e-411e-a2af-3e854ba7d561", "value": 671821, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701710866, "uuid": "b47a4c4f-ec4f-4b43-9265-2a20d3dc9c69", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710866, "uuid": "9623a32f-1867-4937-8353-214e33692d11", "value": "\u041a\u041e\u041c\u041c\u0415\u0420\u0427\u0415\u0421\u041a\u0418\u0419 \u0417\u0410\u041a\u0410\u0417.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0368bd2-92bc-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701705013, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701705013, "uuid": "42f47aca-23c8-41c9-9b8d-88a9818c03d8", "comment": "Malware payload", "value": "125828bfe248652603d0e65cf96fe675", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701705013, "uuid": "4cfe6d83-9738-4e39-a79c-2cefb661f3f6", "comment": "Malware payload", "value": "d0cf303ed126e0191615eccf23c1ab4ecf9e8d36a8ee3f46143d208c9a1ba480", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701705013, "uuid": "4290f28b-e2fa-4bce-82e1-1ef64bbb98e0", "comment": "Malware payload", "value": "60939bf41f50c720b1c0db0ddd62c013465f4756", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701705013, "uuid": "fea1ad4a-1d9d-4cc6-9c79-0bc31c2d6013", "comment": "Malware payload", "value": "e20b03e79bbec30b53a16bfbf28d8f85651be9559950397203927f4d7852dacbf4f567cdfbf917102cb23b9a5bc42fca", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701705013, "uuid": "bfb9af76-241f-42cd-97d5-7526b040d8f6", "value": "T1A6958C8AF758592FCC7704324DAA5231265B4DD68E839B837848371C697B6E80F9DBCC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701705013, "uuid": "86f06afb-7dab-49cf-b186-3c1e62ebaf5a", "value": "49152:jpqc+VJ/CzTmHBqTcF6iCK0Vhg1ps7EsrMYkFl7y9:EP3/Csf6204s7EsrMY0k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701705013, "uuid": "f376bc4c-2513-4059-b8ac-a6a7b3b2c2b3", "value": 2033427, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701705013, "uuid": "03a6e36c-d70b-4eb1-ab40-def14d075465", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701705013, "uuid": "1bcbe984-04ae-4996-a324-86f7ce4ff938", "value": "VengerskiyCongress@SettingsFucker.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "020b8291-92ae-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701698655, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698655, "uuid": "57fda596-5991-41a3-a3d0-d23a553c20a5", "comment": "Malware payload (Formbook)", "value": "17c0d3773cb35f45a85fbf2108bce11c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698655, "uuid": "02d64b48-eac2-437b-8cd2-e2a30c60300f", "comment": "Malware payload (Formbook)", "value": "d149fc6adc07ffa848eb414438af0bb68cee6b0f3d7c4fe5dc919e7f5182bd27", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698655, "uuid": "80f1b600-b579-44b3-8c5f-9da20a65860f", "comment": "Malware payload (Formbook)", "value": "ed9d8a06fde364a908298b936d58579e7785c22d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698655, "uuid": "d865735a-4b52-41bb-851f-4088c005a88b", "comment": "Malware payload (Formbook)", "value": "73e03f93d6954999a1a9668e99944473f7e76e0c5895d510ae9d3a9e71b92e8d492f4bd7862e83f7211d9032e5301bdb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698655, "uuid": "a2673478-e4c4-478d-921f-18513109b415", "value": "T1D205226A73B49B2AD86A83F5D83A719843B0FD693531F68E1D8371CF1671B406E01E87", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698655, "uuid": "71697e22-2908-41a0-9000-8f2bcebd3ed0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698655, "uuid": "7abea598-669b-4146-bca9-ff39bdc87589", "value": "12288:SW/WtW8G34/uK45+po2Tf/v4L79wfKy8brSx0IQ79GR+8lDPIynm7e1:N34/up+pJTnv4L79iKTOMgRN9zk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698655, "uuid": "dd8ac644-0438-4fb2-91b3-811f70af05a8", "value": 839680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698655, "uuid": "40ce4fb5-8b3c-4dc7-bcd1-96ceefba0f28", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698655, "uuid": "fb182059-095a-41cb-b6a0-a20799a5a0be", "value": "maxziflowzx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "06e485e7-925f-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1701664733, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701664733, "uuid": "9f9c63bb-b062-4453-8226-79d486926b78", "comment": "Malware payload (SnakeKeylogger)", "value": "66b0530dc094491748a9632d53d51623", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701664733, "uuid": "55513c91-57c2-49ff-b91c-ea9627a28451", "comment": "Malware payload (SnakeKeylogger)", "value": "d181fed18a646621f4f6441afbce6f32afbe5fb13cd3923b9c4d03a485b30eaa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701664733, "uuid": "811ce22e-142d-4102-8f9e-0535eb714d33", "comment": "Malware payload (SnakeKeylogger)", "value": "23686beaefd8470f8d904522778f4c67ba641d09", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701664733, "uuid": "0feb5436-49bd-4334-a356-c19f038f1215", "comment": "Malware payload (SnakeKeylogger)", "value": "f18926082317c20993bf5ed36118cbfb1c7a20548bf1a849f27c5cb1b82ac7d9e6c7134541c9de2e5415923fccac6360", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701664733, "uuid": "0449d08a-70e5-4d95-b17e-c6bbfc4a304b", "value": "T1AFB4232BB38D8322DD3B473B28F9DD9882F6625C6171F5966C8A26CF1013F690B55B43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701664733, "uuid": "5243f1b6-2615-43ee-995c-76155f736cc3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701664733, "uuid": "e4fce384-e9c7-4c1e-9816-e16193899674", "value": "12288:Gv45+po2ZEWI1InUKJjMUiC1zrN92LI2tneyLw24/wcT7ibH/zV+g/U:Gu+pJZbI1MNni+rv+I20yZIDT7QHrIgM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701664733, "uuid": "da57f703-2cef-4fd3-bc89-6041167189d3", "value": 530944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701664733, "uuid": "02d923a6-11d7-42ca-bd47-78ef106e5d51", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701664733, "uuid": "e3966bef-9871-41c2-b99d-35acd38af874", "value": "SecuriteInfo.com.Win32.PWSX-gen.21621.27326", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae5ec361-92c5-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Phonk)", "timestamp": 1701708822, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708822, "uuid": "31abad20-f261-49b4-aec0-d77036be043a", "comment": "Malware payload (Phonk)", "value": "3c4d944d107a5365b0a76ea18ae55504", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708822, "uuid": "2fd4d022-387c-4cdd-b49c-bd0ef0798f48", "comment": "Malware payload (Phonk)", "value": "d24be360ddb8ea8b74ccf513c139dcfa56eda3f156b3c5eafd469876a546d383", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708822, "uuid": "b5594cb4-ce34-4abe-afd3-9492567ee7dd", "comment": "Malware payload (Phonk)", "value": "7c64bf7eed55fb58337f3c2775bd3dae4a49456f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708822, "uuid": "fa0bd63b-1f10-4866-a63c-be3acd9c476a", "comment": "Malware payload (Phonk)", "value": "dc272860e18b1a2fa09ef98a801d4042ad1f4361c474e442427a463dbce6ac56658d1048a705b2c4245e87071cdcd9f6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708822, "uuid": "5b29badb-5321-46e8-9002-3179b030b1f0", "value": "T1F5E5A2057D0D5B6DDD1D10B1AC21380B6AE08ABE3F09998727F17FC9EE6C7A2557E082", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708822, "uuid": "2bbdb180-cf94-42e7-b14b-0cf86d723f05", "value": "24576:MfNBw5mXZjoKSTlH0TLNwdnl8WMHxbXlfuIYPgcoaoGnB8e4dsS:MTM0TCENXlfuIYPeZejS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701708822, "uuid": "3a2bff97-123f-4500-a1ab-4d5cc3c5d4e4", "value": 3022336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701708822, "uuid": "8c05c0d7-c2bd-4d17-9f1b-1ec7d40beed8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708822, "uuid": "a0e745e4-ff1d-4f51-bf67-c45a7d92db1f", "value": "3c4d944d107a5365b0a76ea18ae55504.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7fc6e33a-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Havoc)", "timestamp": 1701682115, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682115, "uuid": "c607cc5d-d6af-4522-b097-9287b795e23c", "comment": "Malware payload (Havoc)", "value": "f89c632c014ae133e895eaca52caecf5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Havoc", "colour": "#BDC7AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682115, "uuid": "3aa957ca-a6c0-4469-9cfa-216ba07e3b5c", "comment": "Malware payload (Havoc)", "value": "d2cc543a0152f5dd1d39071744e8074a5498c1b2ba50fa49f1d04f8a57edeca7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Havoc", "colour": "#BDC7AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682115, "uuid": "06ce6a6c-a64b-4364-bbf2-6059dec73e3e", "comment": "Malware payload (Havoc)", "value": "8f5ba720da2c7381666a9802d9d566cdee65f4fc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Havoc", "colour": "#BDC7AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682115, "uuid": "dbdd9646-9951-4c73-8846-3b5f10e8695c", "comment": "Malware payload (Havoc)", "value": "593956f6ef908852723fcfb382674ce9b29e7c6ce857899446d8d6553dc51280c7d974653ec0e77086b4b68a369f803b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Havoc", "colour": "#BDC7AE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682115, "uuid": "40aa0fdc-482a-4b57-8c46-230f08ae147f", "value": "T1A793A506E26330FAC5BAC27047DFBA32FA76F45C15345F0A5B20C7092F60A71667EA59", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682115, "uuid": "c5f2ea0b-286a-4f41-8f0b-0700fb85b6c5", "value": "1536:FgXyWvmzsmHH8atRSv5AeI+AYbzfBIsxXufuEeNOi92:CXy1pHcaCvCRfshufuEeNOi92", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682115, "uuid": "50774b9e-577e-4520-9392-6c40f452f980", "value": 95744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682115, "uuid": "f6402f33-65e4-44b3-93c5-17ba20622ca5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682115, "uuid": "84f146e1-72b4-4bca-9aad-cddabbc75111", "value": "f89c632c014ae133e895eaca52caecf5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2a8ce1b-92de-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701719540, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719540, "uuid": "45d6a24f-22f9-4b4b-88d0-24e905847507", "comment": "Malware payload", "value": "8d2656106481d523bdc2392cc649586d", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719540, "uuid": "c2acfda2-2b6c-4b73-afea-fe60d3ab383f", "comment": "Malware payload", "value": "d35730879db9621af68fbfea5e921d48e1a3e3400a09a656f2cd2d2d7f16d80a", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719540, "uuid": "d8205879-3273-4498-aa15-9dca102c1bf2", "comment": "Malware payload", "value": "54357d5b2f6735fa9ffe2834ebf815179dc19ec3", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719540, "uuid": "28cdd744-2cf4-4903-a56a-42f5a622b4a2", "comment": "Malware payload", "value": "5b3f444150b07b6743728dcaec21ce09bd6bd7a8e338216103d86f4842e225bba2d58db11f89d7e72ffee7dcc0b69d4d", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719540, "uuid": "7ccc3457-2abe-41a8-96e4-8977e6695df0", "value": "T1DE447CBBA7D55CF7E625023888EB07096F35F5C31B628B1F1A2052361F633D0AE5BA51", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719540, "uuid": "70699b40-ba61-4eb3-890b-76a2274bfde1", "value": "55571ea66164dcba8744331456191cf3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719540, "uuid": "d5bf843d-4311-4dbb-9ee8-a41e73854d2b", "value": "3072:TQriXJRoPFdDKFw/2aX1/EgVMNmPwWUxtwopFD+BwnlXQoNQX:p+FQI2qnKBmoKw9KX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701719540, "uuid": "8eef5a72-0dc7-4264-a1d5-29ce98ecab6d", "value": 271798, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701719540, "uuid": "51a65d68-69d3-41e8-a54b-1431d2a4cbd8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719540, "uuid": "955392de-2806-4524-8090-f51d88e6849c", "value": "8d2656106481d523bdc2392cc649586d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "45825368-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698338, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698338, "uuid": "c873649d-3e3e-4784-8fd3-8824fe350f16", "comment": "Malware payload (SMSAGENT)", "value": "94967feb1601f7dff5e91a8704270290", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698338, "uuid": "44756a79-06b4-4077-ac24-bea540d970b9", "comment": "Malware payload (SMSAGENT)", "value": "d400748ae58dad9d8f1515eeae36f8f9abdc52503db6de613b71ac69f43ef838", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698338, "uuid": "493ae0e8-0e0f-4bcd-8886-f5ae2297d129", "comment": "Malware payload (SMSAGENT)", "value": "4bc73053b2b7b177c69627f8cfeb11fdf3555a53", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698338, "uuid": "b1ad80de-465b-4206-b08f-0eb908146bc3", "comment": "Malware payload (SMSAGENT)", "value": "e3ca720405d38d5f7f9c36d8a24270f83b13e9c880de17e2d4a2f488b285788fff91fadb90fd9ba2fa5a44f4a384a203", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698338, "uuid": "b6816bd4-cf5a-4050-8fc4-52c6b05f1fa5", "value": "T110560179731CF40BE073DE316371814F71E185E51A72E312AB07B8585DABDC0AAAEE19", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698338, "uuid": "96a85d85-51bd-4276-8471-d03b169ca22c", "value": "196608:/1DGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJY5:9irUVis8O/0giAZ9PD1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698338, "uuid": "c7c766ee-402b-457c-aab1-992a916aab57", "value": 6368189, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698338, "uuid": "439eb3e1-f099-4a25-a047-dd0f810237cb", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698338, "uuid": "fec61e20-e092-4a39-af32-78b774d6f37e", "value": "KinoP\u043eisk+.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "00808b2c-92ed-11ee-b7ea-42010a9c0006", "comment": "Malware payload (njrat)", "timestamp": 1701725710, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701725710, "uuid": "4139e297-fab1-47f0-9c3d-148f9af8c2f7", "comment": "Malware payload (njrat)", "value": "27739331c9b2015524924f04c58cbee4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701725710, "uuid": "08dd2097-4363-4542-b919-07dee57acb93", "comment": "Malware payload (njrat)", "value": "d44434a7cab45ea3ae3ecfd6adaa355db9ff41d441f389941ec2ab19bde05001", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701725710, "uuid": "a7e7d0f6-acac-47ac-9af4-55d21e0e73cc", "comment": "Malware payload (njrat)", "value": "04dcba08362a08729603b0fa341656a8bff6a0f0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701725710, "uuid": "7b691582-af52-4bcd-86d4-1b50c67c81ab", "comment": "Malware payload (njrat)", "value": "57d5bade8224a821845ebb388e7f39bcbf515b6a894365efa55e75a293c6bbbaeb836892625b8461d9eb735476e073c6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701725710, "uuid": "0fd4aa97-b14d-4cee-886f-074f8776e349", "value": "T14AB22B4E3FB98856D57C17748AA6965003B091870423EE2FCCC550CBAFB3AD92D4CAF9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701725710, "uuid": "a712f088-2211-447e-9e47-f4060fcb11e9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701725710, "uuid": "25dd80f8-e1ac-47ed-b4fc-b272e36ce67b", "value": "384:7sqCm6yocx/Yp7jemiO0nd08/VQ6bgNQC5h7tmRvR6JZlbw8hqIusZzZMP:gSoQA6mlcrRpcnuV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701725710, "uuid": "93a4cb25-ea40-492f-93bf-cb3332fd76d4", "value": 24064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701725710, "uuid": "b039e2b3-47a0-4891-aea9-08606be57a81", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701725710, "uuid": "f602a43c-8add-43a0-a11b-13d8cd424563", "value": "27739331c9b2015524924f04c58cbee4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af80cab1-9276-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701674894, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674894, "uuid": "ed56e7ee-ecb8-4d3b-9492-4987167f9f1d", "comment": "Malware payload (Mirai)", "value": "a341fdc667d1b4556d3296c57540e4c0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674894, "uuid": "798ee261-910a-4629-b824-958b2b77376a", "comment": "Malware payload (Mirai)", "value": "d45e6483b4ea979550ee50b2ad506452ef12f6e1786c85d77e3bee58cfd321cc", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674894, "uuid": "dad01633-3a65-4663-bb80-d04283ae1225", "comment": "Malware payload (Mirai)", "value": "0e5db55a0d9104d3bb2324b5e060c0d13f2dc841", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674894, "uuid": "ab3f9150-9064-4690-8161-b60915679cb5", "comment": "Malware payload (Mirai)", "value": "c26781b87d5586b9730a030b1179cf4e24f933da65ee4e3a6872cf751dad739fb1ca4cd305875b71bf001a03b23308c4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674894, "uuid": "69c8a009-4306-480c-a185-3f2df9a76ecb", "value": "T165439F7AE41AAD68C0450170B8A8CF750F53F6C483621DFB3AE94671544BE78FA09FE9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674894, "uuid": "6dc3de6f-6753-4560-a594-e67c7862f35d", "value": "768:iz+Lr0SHn3a8Q1qcXLxQy8bHDFSz88fIFD5CfZ5oksQKuC3AwJZY10U5:iAgfHvXx8bHD/FD56skOuC3hJa10E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701674894, "uuid": "143e4aa3-fdf4-427e-8751-aa9261e94a67", "value": 55568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701674894, "uuid": "9fc8ce38-38a6-4560-8236-090c533806ed", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674894, "uuid": "651ae63c-74fe-42cb-9147-7a4a2515e541", "value": "a341fdc667d1b4556d3296c57540e4c0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd9ac300-92ca-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701711103, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711103, "uuid": "2d74e287-7c7c-4977-9ed5-9d1ba24ac5eb", "comment": "Malware payload (SMSAGENT)", "value": "c630ed432064b0930f77a95e9cab38b7", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711103, "uuid": "1b385793-3130-42fb-a19f-fc24977863d4", "comment": "Malware payload (SMSAGENT)", "value": "d4bf90c156851ba8f4ac63b9229fe1ff28bdeb5a0221e9aeaee2989b6fb196c9", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711103, "uuid": "167d6455-daa3-423c-93bd-afb2ff30bf54", "comment": "Malware payload (SMSAGENT)", "value": "7f5962cc98b098cc9c53fa1963d396316ed44c1c", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711103, "uuid": "a198db3e-8a40-4bcf-982b-4f9a9482ed9b", "comment": "Malware payload (SMSAGENT)", "value": "1f011ff441adddf381034dc2a3e948090093e577573701ccd32d1a0d0ee6101cea60a813332d5bf5878325680c36bdc6", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711103, "uuid": "8defc4f5-f260-4b1f-b36a-b3087ba3abe5", "value": "T15C179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711103, "uuid": "7655eb3b-58e1-42e4-be02-f6907e5b504f", "value": "49152:ZuuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvl:zv+49UBEIIddXHNqjeceHnMI+lEaAk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711103, "uuid": "3b9ff9d7-80dc-40e6-a631-8ec3ff8d7331", "value": 18573786, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711103, "uuid": "b377847b-d64a-491f-bbf6-30f199bd29a9", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711103, "uuid": "c8ad9340-6553-443b-b0b8-ae80bd36588f", "value": "KinoPlus Pro (6).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b499988a-92e6-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701723006, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723006, "uuid": "eca09209-98ae-46f7-b334-e469c81a5e68", "comment": "Malware payload (Mirai)", "value": "324ad2a5115985824a896b65184d06b6", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723006, "uuid": "e47e233f-5de4-4cfe-9d01-e3d629051889", "comment": "Malware payload (Mirai)", "value": "d6b4677d0eb4caf450c4165aebc8dbdb10577d731db01d4861e09229b59c0b36", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723006, "uuid": "0699a41a-062a-4ff6-aa20-907e171bc162", "comment": "Malware payload (Mirai)", "value": "d5b44c2fcf6ca76729b6f48ec520daaac8fd4da9", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701723006, "uuid": "02462ee9-36c2-4a72-97d6-24ab0933a1d5", "comment": "Malware payload (Mirai)", "value": "ac98ab6000699ab0b372283fa7491b5ed23c91c76dc5b41e4ef20a0cfd150c3e13b6fa57b727965d77cde64d41698802", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723006, "uuid": "ae03ee54-7c65-4241-9cb9-10562520e617", "value": "T1E0330272676E29E251709777FC33BC1AA7DC16F85877309A2CF06919B7C58024EF1682", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723006, "uuid": "8228ee4e-0dc1-418d-a6ec-a2626c7ab6ea", "value": "1536:99O/ZMAXIxNUk0HjLcPqF1aBexo4opKZbL:99O/ZNKy7jLGqFUFC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701723006, "uuid": "e954f35a-caac-43a0-923e-6bc0ee9b0e63", "value": 52520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701723006, "uuid": "05d471dd-eedd-4d26-987d-cc7289143ed1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701723006, "uuid": "5e0d829f-3fdc-45e9-afa0-6dd4230dc9d2", "value": "sora.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef4cc983-926e-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701671565, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671565, "uuid": "ccea0952-9103-4a2a-8331-e543d0bdc209", "comment": "Malware payload", "value": "b39ac776cb742832899c2dfd0bacc5cc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671565, "uuid": "eb4ae7df-2348-4491-8a96-66bbc089d433", "comment": "Malware payload", "value": "d75ab1cbe4ed82dd0fb7bfac6b450f8c7868830d85c8b5068a405cabfc77e2aa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671565, "uuid": "a09cb7c6-b089-4bbe-8157-6f433e24a971", "comment": "Malware payload", "value": "eef1010bc03237d3a65951c30c87b51e3454d045", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671565, "uuid": "5491077d-d34b-4d91-bc25-bd78be903014", "comment": "Malware payload", "value": "2815f2fdfaf41a8fc5d47cba0e07820a8890d3dd54be0ed7994cb0fda78eec53151fc3772b65255b002828390c0d3b5b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671565, "uuid": "a643205f-00b1-4810-bed4-1d2c3678b235", "value": "T19A523C1773950DFEE128C231C973A61BD4B5B17807618BAF07A44A2D1FBA280BE3DB45", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671565, "uuid": "8b99ec41-e770-43a8-b611-e938718f3b16", "value": "05d502c640f9aad4ae2284c7263eb3e9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671565, "uuid": "637cdf61-f05a-417b-9766-52c319174942", "value": "192:y5DXpQ0vlrHVr2s+kzcCDmfLW4qxCbIWe3Q5tfWAD:iDXpQOtHVrJcCKyXxcIB3r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701671565, "uuid": "1a8bcf75-e91d-4392-945a-3b5018ae3b9b", "value": 14480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701671565, "uuid": "af6b9d54-c02b-4235-9df2-85aa0415fa88", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671565, "uuid": "24aeb62d-f96b-4445-9850-5474ef4ac42d", "value": "SecuriteInfo.com.Trojan.MDMP.28525.31045", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97c591ec-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701682155, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682155, "uuid": "88af7b69-426b-4085-9c73-cf596fb67141", "comment": "Malware payload (Formbook)", "value": "9d19543f310dd4dce5dc99e4cd5e2a21", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682155, "uuid": "57051318-d8fd-44e1-9f48-402cf17e9954", "comment": "Malware payload (Formbook)", "value": "d76f0bd5be27187672f2b89be93eba20033cadb397398143bfe6f81d8ef4d9dd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682155, "uuid": "492a6758-d0c9-47a7-97d7-68ed41d143e5", "comment": "Malware payload (Formbook)", "value": "33c0536bc6cc277eef934471917fb5c6bf9071c0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682155, "uuid": "def37109-6227-402d-8e2d-8006a01de087", "comment": "Malware payload (Formbook)", "value": "d09d54c3376812db61f11958bf216bfd3cafa5740856eb54bce8cdcf30d5d82b6571e3b1c3c053a28b15ed0692aa99a8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682155, "uuid": "1152c340-30d4-425e-8242-c3e41ba1dce3", "value": "T1ED05221671A9CB1BC87E93F5D435960063B1BE3A3161F74E6CC732DE0A327819A90E93", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682155, "uuid": "a4715989-38c5-48ec-bc35-e4e48eca4414", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682155, "uuid": "3d4d9aa6-8f0a-4bb9-b288-2af670b0dc2a", "value": "24576:H34/up+pJxpncnrnRdQS3kXiQIPicquOLxFOjYZLjFN:H38PJxpcrUSUXi7DqHOjsLjF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682155, "uuid": "7ad8836f-8f56-47d7-9860-4f18e20d29a8", "value": 839168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682155, "uuid": "1451518b-a699-4abd-a5cb-2fa0bf392667", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682155, "uuid": "f075570b-f705-4cab-a036-a90f6974b806", "value": "9d19543f310dd4dce5dc99e4cd5e2a21.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6178e127-9289-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Smoke Loader)", "timestamp": 1701682923, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682923, "uuid": "1915b660-edf7-45bd-98ff-5b9aaec5a420", "comment": "Malware payload (Smoke Loader)", "value": "a3120202605b132dbb855fa72cbea3bf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682923, "uuid": "ca2812ea-6090-45bd-a168-78247c7d3e5b", "comment": "Malware payload (Smoke Loader)", "value": "d7a281841aaec8f4f7bd954586d70dd071089cd433907cf1fe636f642a946684", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682923, "uuid": "0994cf60-4b9b-448d-98bb-339726d35d9c", "comment": "Malware payload (Smoke Loader)", "value": "a6e3728565ef6b96f84ad172f77c5f43efa18cb6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682923, "uuid": "eb3962cf-57ab-4dda-98e0-477e159f8e7d", "comment": "Malware payload (Smoke Loader)", "value": "b958834113d18d183bf9ca90fa6a8715c6ec02fd3b2b0fd42645cfea06a2e0b6ce5cef7a4f88f994687e6efdec12a4d7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682923, "uuid": "5db426ae-9cb0-4e8d-bc86-d5a7582ed5ad", "value": "T125257DE138C08572DDE320B746EDFA26426DD0B0C72546CF16F85AEEEB606C17B36592", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682923, "uuid": "a3e1d479-fd33-41eb-9073-5b49b5c209d2", "value": "9ee1669563594b7c955925e47aab0ef0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682923, "uuid": "63caa91c-0be1-4c07-a7f2-b5eed5abe39c", "value": "12288:8QhUd3oCbhEJpIUnRNIL0in7DQaINBJo7XdAxIsuJkVPnZWXjPCeJ9:cd3xbhEJKUnRNIncpDJo5A+okB9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682923, "uuid": "81aba430-2cd6-43ae-8761-5f9d7ed3b686", "value": 966656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682923, "uuid": "2281a946-29c5-485e-a2b1-d7259018c505", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682923, "uuid": "7c01165e-b88a-4ef2-99e3-ea06bd2eea14", "value": "a3120202605b132dbb855fa72cbea3bf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90b3192e-92e0-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701720369, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720369, "uuid": "975ced32-e70c-4633-9847-f977148c0c0a", "comment": "Malware payload", "value": "d90ecf8f269c6fab7962525f0b36a2c9", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720369, "uuid": "0c1b5f8d-84c6-4565-a599-6c6356e2b090", "comment": "Malware payload", "value": "d83491c3265659a184cced746129af02706fb63fb9828e38f45ae6095989d699", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720369, "uuid": "2357c404-c4ea-4ba8-ba20-8902e174dba4", "comment": "Malware payload", "value": "a12171952b2d9ff2edc3e6f4989574f697f06503", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720369, "uuid": "7e5d6d06-ea60-4c82-b784-0bd926c85f1c", "comment": "Malware payload", "value": "7133ab08219acbad79122c15effd16a5aed65f40d504e7b59565adbd46c4c1811ffb5d267001c108f8dfb4b2b370ede3", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720369, "uuid": "c1128760-ac69-4e36-b889-7be56c873e85", "value": "T1E576011AB71EFC0BE263DA3263728D4B772F85F51251E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720369, "uuid": "6aaf464e-751e-4c12-8d51-f073f7178f4c", "value": "196608:6rzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLH1F3nswU/Q6FKNcnF4:ww0pdMGbwBAej2l7nswxgF4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701720369, "uuid": "2d50c585-19e5-4db7-a29a-eb841a89eec8", "value": 7329150, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701720369, "uuid": "e9a9e700-b8fe-41d4-82ec-1ead8fe34c67", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720369, "uuid": "65689f7f-caf9-47ef-8d6e-afdf796faaf1", "value": "\u041a\u0438\u043d\u043e\u041f\u043e\u0438\u0441\u043a+.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8fcf391a-92a1-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AsyncRAT)", "timestamp": 1701693309, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693309, "uuid": "36f8d851-cf80-447c-9a89-abbe7b07f0ee", "comment": "Malware payload (AsyncRAT)", "value": "a8ab69d81fc07c019a2b5cae60bdc61c", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693309, "uuid": "30c32acb-4beb-43eb-a155-553834dddd15", "comment": "Malware payload (AsyncRAT)", "value": "da4bf3c37f0d10b87bac8618032142e1cbafe7dc444b038aad94e722084eab7a", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693309, "uuid": "01f1e850-6572-4fec-aa83-3a1aeb43dd3b", "comment": "Malware payload (AsyncRAT)", "value": "a6fe6d254ca266a98cdc7e0071a372d45f9bf9b6", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693309, "uuid": "d8cb7731-9e68-4dfe-81f6-8deb727967c0", "comment": "Malware payload (AsyncRAT)", "value": "3471a6d4915d277f6fb558833302c4c8eed95338e249d618c3050e5acf5a6a71912fbfeb46cf58c3498baea02a39e708", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693309, "uuid": "b7b626dc-1419-45b0-b8d9-9f0f8aa305c6", "value": "T152258DAA0B94C617D94F8BB5FAB1135C67B1E50193CBF78AB44B76B42FC23164E83112", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693309, "uuid": "7079ff4b-0bef-4ffa-997e-5fbaa589e7da", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693309, "uuid": "5202813c-f821-48d3-b0e3-3c9c59e50ba0", "value": "24576:Orh9P/0YFFAnTHSluKiyWyaquCCANkvCdvmJ9WWNuNYLRzk:65luKiyWyaquCCAN/gXgYLm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701693309, "uuid": "6fb5a982-696f-41cc-a743-2dca4c17b0ea", "value": 977920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701693309, "uuid": "577ba9e5-fb8a-4917-b59a-aa808016f0ed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693309, "uuid": "67f9dc5b-3d2f-4dc8-971d-12afcdb74ba5", "value": "a8ab69d81fc07c019a2b5cae60bdc61c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a3a63840-92fe-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RiseProStealer)", "timestamp": 1701733285, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701733285, "uuid": "b0c033e7-d8fd-4217-9442-279a52713696", "comment": "Malware payload (RiseProStealer)", "value": "2c31cb647ada1fb944244a99c28a89ef", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701733285, "uuid": "81976c34-c03a-46ae-8943-d0e277ec34d5", "comment": "Malware payload (RiseProStealer)", "value": "dab99de1743f839c6c5a74bab907d3b1b391bbb6de455f62fd4b7c0e2bde90f0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701733285, "uuid": "31f416cf-ddd6-413c-8db5-729cd868edea", "comment": "Malware payload (RiseProStealer)", "value": "52062eb7ff9c5a18a8bf7190a8ea26d0eda06c57", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701733285, "uuid": "73721c3d-bf3e-4eb1-b35b-a1af51a8c8be", "comment": "Malware payload (RiseProStealer)", "value": "316d322ceed03aab7157de8d08ecea367d006cbe4e4461d4a8001d371275aa5262228f53962983796ec0f2c7de7ec7a3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701733285, "uuid": "91266cf4-4d64-4dd2-9958-44edaa69cfd2", "value": "T1DB658C31FA08D4B6D09210B0916D6A7B91587A322BAF4CD7F3C05E6E41B52D2F235F6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701733285, "uuid": "ee98e002-3c71-49ab-8b7a-dfa8253a13ec", "value": "078471ac5a76189ffe465abe0c89c6b7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701733285, "uuid": "bf7b3d6b-0925-4cd1-adf0-07941bdeda1e", "value": "24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WBI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701733285, "uuid": "304ed016-01f1-490a-a873-7770211cede2", "value": 1540222, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701733285, "uuid": "5ebc84b9-0c9e-4a97-80ef-a227c0f75709", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701733285, "uuid": "822fbfed-4112-4eea-a6c0-1ea09b0fa031", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48f6ceb1-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698344, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698344, "uuid": "44a62bb8-6cd8-4a63-b503-bec95b5ef7b4", "comment": "Malware payload (SMSAGENT)", "value": "a58e54790ca9e9cc591d8e5257e6aab0", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698344, "uuid": "57123787-2333-4d7e-96c1-edbe27fa8203", "comment": "Malware payload (SMSAGENT)", "value": "db697550ea6b98d70a72822baec7151156c1cadd8b5e78693560a6a844e43c0a", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698344, "uuid": "b697fd23-29af-4b81-b8c2-e2891b95290e", "comment": "Malware payload (SMSAGENT)", "value": "a3178c81eb7d710de6414b06c0a7682bb3ace964", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698344, "uuid": "979f82ad-7a24-4d5d-bb97-9c658290a51d", "comment": "Malware payload (SMSAGENT)", "value": "e417b00de4e98e195d20a2ddec2ff1cd6d75dccb5e2e3f87f71b899f28db2fc56c87d8cfc28a3049aae04b1bb0ec3c6a", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698344, "uuid": "769912ad-2dfa-436e-9a2b-1f87dffb7c34", "value": "T19B179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698344, "uuid": "1acb8ff3-97dc-4400-9c8d-6d86e3b6cb4e", "value": "49152:vuuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvZ:9v+49UBEIIddXHNqjece8nMI+lEaADv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698344, "uuid": "a9b7b732-2274-4189-a92a-06b14c213f74", "value": 18579238, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698344, "uuid": "4e5f0eab-9d51-401e-8fdc-c210a3b5c2f9", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698344, "uuid": "9e8914d8-b4be-410e-ab63-2704a8704538", "value": "\u041f\u0430\u043a \u0444\u043e\u0442\u043e\u043a 16-18+.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff76636c-92d2-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701714542, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701714542, "uuid": "932582c0-fad2-433e-af94-8d9a86ccff84", "comment": "Malware payload (Formbook)", "value": "98a206acb47fad3beeb5f0b3d5dfe309", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701714542, "uuid": "d93d3716-9e86-4f67-ba10-dabaa38148e5", "comment": "Malware payload (Formbook)", "value": "dc7e71bcaab267806ba177fe20ca6362dddd73b424c956c3fd13fd36a201f449", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701714542, "uuid": "f8357904-3abb-4edf-9eb5-e75d7a8e306a", "comment": "Malware payload (Formbook)", "value": "fe9e1ab227d04d4405f73146f56bd6d64477b0d5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701714542, "uuid": "ac77db83-0f80-434f-b96f-6c965e9a37e6", "comment": "Malware payload (Formbook)", "value": "627731945e118319a84ad692d4a6b89c0a908e9c29775dc500cc15d241d4e7611fff1a859e305ced92b9dd09bd380459", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701714542, "uuid": "085a1d3b-ea7e-48cb-8950-241d3f6091b7", "value": "T14505EF1572F55F19D47B6BF482A4120003B77A99613BE34C6EC9E0D72E76B020E1BB6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701714542, "uuid": "b99ae1fd-8a8d-4974-bbaa-f1f1125fc36d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701714542, "uuid": "844fd314-2fdc-4e4e-808f-fca660ecd2d6", "value": "12288:7fYNr4RWyzxP45+po2xl89e+KwXAMCMfHDu1qwHGf3h6gu/5QAoHlmi0vSw8Ozdr:6yzk+pJr89IsKQVvhaGAol4vSkj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701714542, "uuid": "468c6436-412f-4360-a070-ec8bf3caf68b", "value": 859648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701714542, "uuid": "99e78d90-e0a1-4509-b75c-bd3f56196e34", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701714542, "uuid": "34dcd833-9ccc-4173-b3bf-3a0a54885a4b", "value": "SecuriteInfo.com.MSIL.Kryptik.HDZY.tr.10642.4593", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a488d6e9-9282-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Loki)", "timestamp": 1701680029, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680029, "uuid": "ede3851e-22e1-4e13-863a-95ff7ba0165c", "comment": "Malware payload (Loki)", "value": "f2bd04d12130d4c089573bfbc97f46e5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680029, "uuid": "94ff7d0b-0b71-4e7c-ab7b-7f9ad7598543", "comment": "Malware payload (Loki)", "value": "dcdf1ba64a3d7c942149f3925c10dbabe7f9b82a97fe9ac207b8d9a0b1723222", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680029, "uuid": "c3d1dcdf-30f8-43e5-abfe-b209e65dc0dd", "comment": "Malware payload (Loki)", "value": "57dc9f394d49f707fb7ffbe3ec1e63645e253486", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680029, "uuid": "d4dcd5c5-1b40-4b41-ac52-63f9b65480fc", "comment": "Malware payload (Loki)", "value": "40c4c9cce4ea16dd3c78c521dc65782079924991dfda0c1a0c5af486189c8e2289ec0d4f3454a2105e27be9112463c6e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680029, "uuid": "7157cac8-3fa7-408e-80d5-77e9d608a58c", "value": "T1A0A4239975CFC714D82856BCAAE4A6988337AD55F219FE4F6CC061CB5A91F182FC0B03", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680029, "uuid": "61d44dec-0b5f-482a-ad3d-6d4a23a8c68d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680029, "uuid": "312476fd-0dca-4a47-ba44-aea36d22992a", "value": "12288:X45+po2B83lPss5WMG2Uv0HlCHEyN5S0XSu:2+pJaRWMIv0cEyXHXS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680029, "uuid": "71ec9470-9e2a-4e0c-b696-5f1013542484", "value": 493056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680029, "uuid": "85648504-5486-447d-8e66-fde6c0e8d0c2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680029, "uuid": "1a21130f-4a76-4d56-9920-0a62c92bed81", "value": "DHL Receipt_AWB811071718477.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9bc59cf3-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1701680874, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680874, "uuid": "464057e3-3d3d-4e1c-aa71-8e0adbc246d6", "comment": "Malware payload (SnakeKeylogger)", "value": "fa7c160068137a6169be8bcaa00e408c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680874, "uuid": "d6818db0-a856-4ca0-95d6-c630a7081335", "comment": "Malware payload (SnakeKeylogger)", "value": "dd85a193900788d9b13eabcaa02085cdf8a72cb5d3d4e3444ec1bd741c6721f2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680874, "uuid": "cda8c8a7-9442-4852-ad20-8dadbea70a01", "comment": "Malware payload (SnakeKeylogger)", "value": "8028763154b40c81ae85eb6dbf1dcc7d834b96d3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680874, "uuid": "db62f64c-ac20-465c-98a7-dc0c884f3298", "comment": "Malware payload (SnakeKeylogger)", "value": "00aae108b82e925b05a69c02faf9cd531583f9ec095c3e719052bc90095b00425d6dc63d1fb138477883cb78fe8965ed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680874, "uuid": "8e5755b7-5906-4423-861a-62a7134b213e", "value": "T120B4234537DEA721CD7287BC6584BB90436A9E53A274F7B61D6120CB3893F6E0B60783", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680874, "uuid": "48b98f05-6173-4e6a-ad50-fa1eeb724e7a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680874, "uuid": "a4b94e5d-e9fe-43bd-9967-f4bc70c92a2c", "value": "12288:Y45+po2MokrGa1hhBJx6/X3lmz3rIcjM6/oJXG:b+pJ+Ka/hBj6/HQJj9/O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680874, "uuid": "75479090-0fa2-4a29-8ba6-9da8fa6abb6a", "value": 529920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680874, "uuid": "d4cbfdfd-4577-4dff-b72f-ec3044afda02", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680874, "uuid": "ab3823cd-f131-4ea6-949e-47e217b1154e", "value": "AWB 5331810761.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac18b733-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload (LummaStealer)", "timestamp": 1701682190, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682190, "uuid": "6bc6922d-c7b4-40f5-9284-ec14413568b4", "comment": "Malware payload (LummaStealer)", "value": "8a022af4158a7fe94e0d9d2112503ea5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682190, "uuid": "42d1b2b0-e5ae-4eb3-8dc2-a78579349c2a", "comment": "Malware payload (LummaStealer)", "value": "ddd42b42624bb68256fcbc0234cb59a88a42c8ac52cd402fb1e805d30843a81f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682190, "uuid": "895778b5-b49d-4899-b1fa-a6c66d525b3f", "comment": "Malware payload (LummaStealer)", "value": "b1d070fa9ed4d87a57cb4c1c316862dee78e23d0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682190, "uuid": "bd7ff5aa-0f82-464d-92f4-3620a09a242e", "comment": "Malware payload (LummaStealer)", "value": "ef137799f6ae1adbb37952007e6d68eb83fe441d618c8ca9fcdc9dd40bfd114f9809c58b3ec28ff50654502b48856573", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682190, "uuid": "df8b0b04-c274-43e2-a837-c1b09afc4977", "value": "T155540A0382E17C55E9264B73EE2FC2F8760DF6518F493B6A2918AF1F14B1172D1A3B16", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682190, "uuid": "dc42ccfe-4236-4a0e-9590-94fefac32f2b", "value": "cc05f69219d47cdf9f9cc87a15cbc402", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682190, "uuid": "482d52b8-310b-477f-8a25-1eb2989e4d19", "value": "3072:ldYwW0dZ8IlKlb0v+5N3fNn2iBz95xwOrj5gf5qFQbhemOibTUyGTkH:8e4yKldNU6zOOrj5RF6VOibTUyGT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682190, "uuid": "e2a1651d-bc72-4cdd-967c-fab010388b6e", "value": 294400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682190, "uuid": "1a4a21a3-13d6-441f-b7b3-5d0dc074a56f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682190, "uuid": "a6237394-0762-4aab-86f2-c2be17220049", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31d39464-92a2-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701693581, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693581, "uuid": "93972887-370a-4b25-8c0e-da8122e63445", "comment": "Malware payload (AgentTesla)", "value": "fc7810418b63da164f2bb37b85cfa503", "object_relation": "md5", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693581, "uuid": "0a811f01-2275-4db1-a34f-de458099c41f", "comment": "Malware payload (AgentTesla)", "value": "de4ec65cc7e5d06cfee3474f621fa9c876882d1f1912a9e0e566c13088c782a4", "object_relation": "sha256", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693581, "uuid": "2feb2874-1811-4da2-886f-5793320b3652", "comment": "Malware payload (AgentTesla)", "value": "e241da1452fb535614bb93c2ee15ee3d1f3eb1f0", "object_relation": "sha1", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693581, "uuid": "8745ae93-ca60-47f2-99bf-d64efdb49f63", "comment": "Malware payload (AgentTesla)", "value": "054c6cb95031b5df084133dfa0da00544648eefd9454a6a72a363fca7adfb412511cb0efc0c733b68c6fbeda3226f9f4", "object_relation": "sha3-384", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693581, "uuid": "f9b103da-2165-46db-8b99-ffeeeede36ce", "value": "T19515AD84E5A95B51DDB9A7B05536C93007733CADA878E22C1CCD7CE73BBBB824412A13", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693581, "uuid": "884da057-f622-41b9-982d-0eef2e3f658b", "value": "12288:R7lxIyzucL5ZRNmiVs2ON3vd12RaRm+n4j4C41eElP7r9r/+pppppppppppppppX:R7lNlx/V0hd12R44g1e81q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701693581, "uuid": "67f248f0-8bff-4d9e-af07-27fc19c7bb18", "value": 952320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701693581, "uuid": "d27e5119-94b2-46ad-b1fd-c710f2440694", "value": "application/x-tar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693581, "uuid": "33364f55-dad5-46d0-84df-123dff2fef40", "value": "Swift Copy for US$ 17073.36.tar.001", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "870fa1fd-92cb-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701711333, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711333, "uuid": "eb69536a-82ce-42c5-b016-f8953ecad5c3", "comment": "Malware payload (SMSAGENT)", "value": "d9c5102e52af56992128560482d0fc2d", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711333, "uuid": "9a46b17e-de86-4ceb-bec5-ec624791e386", "comment": "Malware payload (SMSAGENT)", "value": "de68f5922baf023d465e8edbdb1c6b8223c36c7188851bc0a13a0d96510a1889", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711333, "uuid": "654f4533-6b91-44ff-909b-1bff00c31db0", "comment": "Malware payload (SMSAGENT)", "value": "ad86411bcab9965eceb9be42e41a48d57a5bb9df", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711333, "uuid": "5dc73da3-13f0-43fe-92cc-4e21d8982441", "comment": "Malware payload (SMSAGENT)", "value": "aa20eea45a2d94ed2d8a08a7647cc47e7238e0a3343906e13946593fc7a6e71b886679dc7b282b4db690cdebbe437c79", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711333, "uuid": "9f83265b-b2f3-4c8e-b3d5-f19d424705b4", "value": "T11066011AB71FFC07E063DA3163728F4B772A85F512D0E7116A16B0686EB3D448A3ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711333, "uuid": "16bedd2f-a96e-423f-931f-eccf6c283563", "value": "196608:oywTQA7c+3mAMaUmZk0/kAYylzVNmL7L/:oywTQA7c+3AGbkAYgzVN47", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711333, "uuid": "62abf1be-b19a-490a-b73b-44963510a8c1", "value": 6682054, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711333, "uuid": "4feb830d-fecd-41a2-85e7-54fd5f57117e", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711333, "uuid": "f17904ca-459b-4b0e-96cd-36cdb3415324", "value": "\u0422\u0435\u0441\u0442 \u043d\u0430 \u0421\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0441\u0442\u044c .apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f3e3ad1-9289-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701682946, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682946, "uuid": "f8eb2640-3a46-46e3-8dc4-8fa114b019be", "comment": "Malware payload", "value": "a3188d4c345b04f78fc5a600e1028a40", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682946, "uuid": "f82c25d0-db17-4afb-9247-f8722107d745", "comment": "Malware payload", "value": "dec7df00d50b204720115c97019af9ff05b53b99003e87f343dafd73f83b4803", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682946, "uuid": "a071f618-fa9f-46e4-b033-b7e7dd42ccdc", "comment": "Malware payload", "value": "d871c2b8fe28cbf61b623763170069158625cd7d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682946, "uuid": "757dce63-e599-49b7-8e74-1614f9a67bfa", "comment": "Malware payload", "value": "a3675186ad3d820668f58d13c24cac4b5602f2ab62086a62bad6432cd864205bc5d10cedae42a3b154795c54297f7e20", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682946, "uuid": "0ae8032e-4b46-4062-92bf-93ff8f71b5c7", "value": "T199B7339121DD12FCC1D35F0512CB864FA29CF2A6C1AA9B5F3FC1AC035E52F5A9C4A279", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682946, "uuid": "27355bdd-982f-41a7-809b-62176554ace4", "value": "773ae68991bda81c61c595b3256c2796", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682946, "uuid": "431fabd2-63df-4398-b1c6-2ed7e9a51acd", "value": "786432:JPZ9+8M2ULZ+ZPsqCH4K4dYPgoV+nQ8ZRB195I9S/9ln2SyEciaX+:JZukpKdV+d195gSf29piaX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682946, "uuid": "98fbf9a6-4535-4a5c-86ce-240ed2f15d7a", "value": 49024000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682946, "uuid": "893a2032-d068-4d09-9594-54bc5dd18359", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682946, "uuid": "5d9d541b-772d-49c1-bc40-8545efbe002a", "value": "a3188d4c345b04f78fc5a600e1028a40.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "053a4c97-9266-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701667736, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701667736, "uuid": "9195376e-5261-46a6-a45e-05b4544947af", "comment": "Malware payload", "value": "573383362eb25276cdbe2b0f59197ce4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701667736, "uuid": "dd37501f-3475-4932-b867-2e25129f7dc8", "comment": "Malware payload", "value": "deecaf3866612a5a6fb51c47fb1abba1c6d3b1c57a798a03183942267fd5a3c3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701667736, "uuid": "6f5cac62-4959-4e7e-b48a-076862cf1836", "comment": "Malware payload", "value": "b9a6f16d927c6a95ab514fa96ffb40c5ac1477f9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701667736, "uuid": "75eacf11-7141-4164-b41c-bcde3e6f819e", "comment": "Malware payload", "value": "c9e0a6b44c4094bd2c7acc24137759b47f591c8b167c738c8b46bd1e986abaac6ea1d4eed08221121f937447fb9d1903", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701667736, "uuid": "abb5de23-fb61-444f-be6f-8565991ae8d0", "value": "T18A66BF5533601CF8E576423ACC42C525E6717C260364C69F03F89EA7BF276A2AD3EB61", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701667736, "uuid": "59c523e6-5d2c-405b-a17c-b45d5f7ff888", "value": "a62ff465f3ead2e578f02d3a2d749b7b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701667736, "uuid": "c8227afa-85bd-4f07-a09e-784aa8c121be", "value": "12288:cKfBIrS7ZAm/VT9TnDd6S7MQoNkujl3aEJy:c48S7ZAm/PTz7MkwxaEJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701667736, "uuid": "0f57a1de-dbfc-47ed-8553-96c53badfdcf", "value": 6635326, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701667736, "uuid": "5eb72545-f52a-468c-9b16-89a98947941e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701667736, "uuid": "73fb2a17-79d0-4f29-97b4-7814fbd981e5", "value": "SecuriteInfo.com.PUA.Tool.Pwdump.360.7989.30540", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d727e7f2-9286-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701681832, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681832, "uuid": "cc8854e3-a1c4-42ad-b0ba-cb092dce5e90", "comment": "Malware payload (AgentTesla)", "value": "4d0ebc34ea0cb64d9bba7ec0af2951a4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681832, "uuid": "c5109d77-1652-4ee1-a760-bb87677b7c08", "comment": "Malware payload (AgentTesla)", "value": "e08872d907e4d85eb08e12941a9d2784455b7998055aac1866d79a6028647078", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681832, "uuid": "c5c98a33-5cd4-4b39-9f6d-1218cc1f2d88", "comment": "Malware payload (AgentTesla)", "value": "c315635a143e7d524b7dfae4239d219303af3b43", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681832, "uuid": "5c2b8f53-730e-4027-b1b6-dd9bd06c28b0", "comment": "Malware payload (AgentTesla)", "value": "f0738a2775fbb3114ae74db830e794307ed0c66fe956cd87601a980b85bf4267873574793249c264fc4c4ff435d07559", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681832, "uuid": "dec2b9f3-a413-46b0-9cf2-0e8e9c6641ff", "value": "T1F5256B5663C1191BE0DFDA3388E07B558B77E8E0A75AD38C144276ED0E227634E81BDB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681832, "uuid": "f3b0d547-67d7-4b33-b3ec-7b869a75ac59", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681832, "uuid": "4abd5a23-4cd5-40ce-bdda-2c6077a87542", "value": "24576:BRXxtO5drZN8jo7OKvw4lU+TTjh5IYT4dXFSndFLecp86tdYuO1QRkZzv:Bm3znIQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681832, "uuid": "31cef595-3b2a-43d8-a4b2-3541cd796f80", "value": 1043456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681832, "uuid": "ba04e603-1af8-4412-b9a8-2efaedac041d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681832, "uuid": "7fcc88ad-12a5-4c86-a8fd-9811c07fad87", "value": "RFQ2207004---140HQ-----_pdf .exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35b0e33e-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698312, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698312, "uuid": "f7163dfe-b502-4a12-b857-65975874a142", "comment": "Malware payload (SMSAGENT)", "value": "9b9b4f0ccaf26d91c2f4e968065e13c2", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698312, "uuid": "f3dee998-0653-438c-b961-904bf7b0b204", "comment": "Malware payload (SMSAGENT)", "value": "e1ef13600398d77349fb512a636ea47c95aa441739a987498a1ec85f90a06a3a", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698312, "uuid": "61ca8910-44a4-4175-a231-528324f3dcea", "comment": "Malware payload (SMSAGENT)", "value": "0d95937484085dfeda406cd58ec3f919742caddd", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698312, "uuid": "f0ae1b01-4820-4455-85d2-d6b8a107a266", "comment": "Malware payload (SMSAGENT)", "value": "fde90058a30a8a14dc74fdb7c507e64c6b7dab8431201150342fb8d2767049b40f7aca36cf7c3f8119247d6028690725", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698312, "uuid": "ca953afe-e804-49a9-95af-927fa18e1ce5", "value": "T156660178771CF40BE073DE312371414F75E185E50A72E312AB07B8586EBBD84A5AEE1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698312, "uuid": "a0a422e3-dcab-45d7-8d0f-0ab56c55e068", "value": "196608:qyoEI25FawilQcbk2fwDBCpAZ9J9DCJYTd:qZG50qIkjmAZ9PDl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698312, "uuid": "cd094edd-dd28-4d9c-b7f0-a27dba06f982", "value": 6699956, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698312, "uuid": "cad88aa6-6c84-4955-99a8-86c214308407", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698312, "uuid": "bcc9a156-0bb5-433d-9983-1b98fe14fa6e", "value": "Firefox_Video_Chat_&_Text_\u2014_\u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u044b\u0435_\u0432\u0438\u0434\u0435\u043e\u0437\u0432\u043e\u043d\u043a\u0438_\u0438_\u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f (2).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18da699e-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698263, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698263, "uuid": "df5835ec-76ae-4e0e-823a-340d3b64be47", "comment": "Malware payload (SMSAGENT)", "value": "08f49922160ad35dce9572c88d98d355", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698263, "uuid": "aa22ad44-4cbc-4609-9b3a-95943ec7ee3b", "comment": "Malware payload (SMSAGENT)", "value": "e2684aa1064e714428744e3dc8b23980ffd586f96e5f1143ce2aa945377632cc", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698263, "uuid": "04278a78-0d9f-40b0-b9a0-8ae7097a3372", "comment": "Malware payload (SMSAGENT)", "value": "62a32f0c2680dddf312c4a467718aa30af547777", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698263, "uuid": "9ecbd1d8-a9b2-475b-ae41-11293ab29c39", "comment": "Malware payload (SMSAGENT)", "value": "f1822ce0ee55e99928c3c74a3b58448a168e7a82f32c92770854780ce5898710fe33d7628f8cb3b1582562182350c7fc", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698263, "uuid": "5cff6a02-29aa-43c3-9aa1-5aede616f137", "value": "T1BC560179731CF40BE073DE316371814F71E185E51A72E312AB07B8585DABDC4AAAEE09", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698263, "uuid": "1720030b-7010-44b4-894d-717c3194dca0", "value": "196608:/aDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYYR:OirUVis8O/0giAZ9PDI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698263, "uuid": "130545db-b06e-43de-97e4-36de0a4fc964", "value": 6376380, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698263, "uuid": "d599fc3b-4c34-46dc-8be3-5375c751843c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698263, "uuid": "5addbb93-9ddd-4cfa-92b0-73744e1336e9", "value": "\u0412\u0438\u0434\u0435\u043e\u0447a\u0442 RU.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9561787a-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701680863, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680863, "uuid": "4597ef4b-3bd5-4167-be26-b6defe3de715", "comment": "Malware payload (Formbook)", "value": "a0fa1a17f8e96b4ac3d9e75e0a406622", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680863, "uuid": "32ec10df-8cce-465b-9f2d-c5425afd85d7", "comment": "Malware payload (Formbook)", "value": "e269937583767980d580b0b8b2a95a9b241759e4836acb41618c8bd4c10ffcfa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680863, "uuid": "294f3a14-3135-4d43-9c11-14cbf01e2de9", "comment": "Malware payload (Formbook)", "value": "e3b5e3c3fa199682fbf682b67489b027ecea295f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680863, "uuid": "df01432d-50c9-497a-bf85-67e2e2e2d83c", "comment": "Malware payload (Formbook)", "value": "f1f63dbd31c98aea1cac62736b39a046baed2c72dc888905b2ccf648e5ae1728d9f1e775ca7f37f52ba95c070c875870", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680863, "uuid": "b79c9983-8753-4f06-bdd9-e6c254c7294f", "value": "T188C42347358F4775C03A57B5A6FD8AAF533321296421EB3D2CA2609D2683F111FA1BB3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680863, "uuid": "d1eda08c-978d-4f45-bd19-f427eb1897fa", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680863, "uuid": "8cfd2cb9-6216-491c-8704-b3809e3258ef", "value": "12288:6x45+po27954ccDMHuj+8AJ2S1xk0155chSSQOYW+tU:6c+pJhvz85AJZo0156SSQ/i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680863, "uuid": "0eadef90-81f4-45a7-be8a-0974252c12aa", "value": 586240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680863, "uuid": "f0724a16-3bf1-43ca-b49e-cbb765bd7b76", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680863, "uuid": "1a2e0488-4007-4a6e-af63-760fd95a4137", "value": "\u041a\u041e\u041c\u041c\u0415\u0420\u0427\u0415\u0421\u041a\u0418\u0419 \u0417\u0410\u041a\u0410\u0417.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "63ad0d87-9288-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RiseProStealer)", "timestamp": 1701682498, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682498, "uuid": "51241e07-1450-44fa-b613-df1af51cfa5e", "comment": "Malware payload (RiseProStealer)", "value": "262aa9ef75a245bd64fc7eb86b46be98", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682498, "uuid": "dbb3aedc-5ee3-4783-82a6-fb4a0dff135f", "comment": "Malware payload (RiseProStealer)", "value": "e37b7dc912bc27b64bc875c4a95a97eb03e7fcdc1a20b116618aa11e8ebb47f4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682498, "uuid": "24b23acf-26c7-4b42-8814-51526d1434e4", "comment": "Malware payload (RiseProStealer)", "value": "7e010d9484b1d7a08ae958d6c283f2d271326288", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682498, "uuid": "be79636c-062d-457b-8acd-8fac7d917866", "comment": "Malware payload (RiseProStealer)", "value": "589aeb741b7e64c968f49c15d66a1900a858552c2c074fb3d8d48c3bd0a9abae21a1ee927461c059bd8f8e1f98e2d50b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682498, "uuid": "d1a8a8b5-c513-4fa7-ba56-dcbfc646548a", "value": "T143658C31FA08D4B6D09210B0916D6A7B91587A322BAF4CD7F3C05E6E41B52D2F235F6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682498, "uuid": "af886d51-f479-4261-bf8d-b8fe6466da6a", "value": "078471ac5a76189ffe465abe0c89c6b7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682498, "uuid": "c9831f05-9270-4161-90eb-8e43abdb3e07", "value": "24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WBI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682498, "uuid": "e3219b62-e404-4552-8377-64859f390d25", "value": 1540095, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682498, "uuid": "5dcd5d93-133e-4b1d-9e00-79f8d13ac1ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682498, "uuid": "e2c37dcb-4993-46e8-85ff-c6d5d74f41b9", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "310f1d74-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698304, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698304, "uuid": "42d5a7d4-0b15-4608-8cfd-c0f581194f93", "comment": "Malware payload (SMSAGENT)", "value": "d47257cd09856e3d30b9fd14e42b9c5d", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698304, "uuid": "68e63c52-29ca-4f00-8b78-8dbeeca369c5", "comment": "Malware payload (SMSAGENT)", "value": "e3b5d0fe4d0008d1af0afcc1c6df64c84cf7d30529fe55200d39de879037e427", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698304, "uuid": "3f173e1d-dbd2-486b-a3de-9fdee155f67e", "comment": "Malware payload (SMSAGENT)", "value": "8af6cb2889791cc110c536dbe67724469efa5066", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698304, "uuid": "ca753961-59d1-467d-93b8-63f6a006a6f8", "comment": "Malware payload (SMSAGENT)", "value": "a1b1fd8db08582919d5fc86407710ddb50fe2a0c1461e4f1f80881bdad11b9d0055f57d0fd5ed279cf7cbae198135768", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698304, "uuid": "561f1084-005b-49aa-a29d-8cad5979c8cf", "value": "T13B560179731CF40BE073DE316371814F71E085E51A72E312AB07B8585DABDC4AAAEE19", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698304, "uuid": "ee758250-217e-4988-9a5a-a5e8516e3fbf", "value": "196608:/8DGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYV:EirUVis8O/0giAZ9PDJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698304, "uuid": "7d9ff925-dc14-4055-933f-95147b1f849e", "value": 6376381, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698304, "uuid": "0df238c4-0bd1-4755-861b-7d8d8a7e1e2a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698304, "uuid": "2b913cf6-7397-49b0-89bf-19e7585a9020", "value": "\u0417\u043d\u0430\u043a\u043e\u043c\u0441\u0442\u0432\u0430 \u0438 \u0414\u0443\u0440\u0430\u043a \u043e\u043d\u043b\u0430\u0439\u043d (3).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "469d35f0-92d8-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701716809, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716809, "uuid": "d1d2f02d-17a0-4cb5-aae1-288cd8de9b32", "comment": "Malware payload (SMSAGENT)", "value": "610ffe69581cc06c2e466b186a985e78", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716809, "uuid": "8d0c840e-3a0a-40b4-861d-be7640d658f6", "comment": "Malware payload (SMSAGENT)", "value": "e3eec15a9f68b753d5201e9eb30ba9143eaad3c068c6cc7e234ba67d767763b2", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716809, "uuid": "d4fbc022-0dfa-4b36-b589-2b72ab9e2fd2", "comment": "Malware payload (SMSAGENT)", "value": "842b3419cb1180a4f4e6f5a8f857064770576fc7", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716809, "uuid": "7957a59c-6ae9-49da-a364-3b6311959d57", "comment": "Malware payload (SMSAGENT)", "value": "f2f46b98352936eb2d01b5de8050ec0f7ee78b20ccca2d3751487cd9aae56dddc12a81f023e73b70942d05a07bdd917f", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716809, "uuid": "bbd4b5c6-33c3-4e31-bcc3-065189e4277a", "value": "T10E76011AB71EFC4BE223DA3263728D4B772F85F51251E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716809, "uuid": "1f94d249-4d5f-40a0-9733-3add870ec315", "value": "196608:2rzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLI1F3nswU/Q6FKNcnFNV:cw0pdMGbwBAej2G7nswxgFb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701716809, "uuid": "8587ccdf-ffde-4733-946d-3ac97129da2a", "value": 7332628, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701716809, "uuid": "175843c9-0dc1-4b3e-84d5-81c32800eac4", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716809, "uuid": "62f8eb98-90d5-47c8-8767-074b758d7fd3", "value": "Meta - \u0432\u0438\u0434\u0435\u043e \u0447\u0430\u0442 \u0434\u043b\u044f \u0432\u0437\u0440\u043e\u0441\u043b\u044b\u0445.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb21b8da-927e-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701678430, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701678430, "uuid": "800a5ad4-2421-4d2c-b42e-9598be927e50", "comment": "Malware payload (AgentTesla)", "value": "764fdeeae72acc95cf7dd67d18b5dcb1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701678430, "uuid": "998666e1-f027-4cf5-a4fb-ba811c9c650f", "comment": "Malware payload (AgentTesla)", "value": "e412eefdae18fd9cbe6104af6a7fe7a544bb5a91d28c463ff2e4b33fa30c6628", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701678430, "uuid": "28ae2a73-c907-42b3-a3f8-371d861655c9", "comment": "Malware payload (AgentTesla)", "value": "8f743caab484d73cd0b61fe0054dfde201b93cc7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701678430, "uuid": "d1bdfb5f-5654-4ef7-937f-01d3fa62287a", "comment": "Malware payload (AgentTesla)", "value": "28dcdbc761b0b3d7c32e56d3d2f9399f735f23df89ce085623d68f78ae8a8032754aecc9f0e1585b6bdd3795e01749a9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701678430, "uuid": "65c617f0-7507-4e8b-8201-e40f08d81fd9", "value": "T1CD051201B3659B4AD83B43F1D529B94053B0BE3A3821F24EAD9732EF56717416E01F9B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701678430, "uuid": "0482dc32-ded5-47e7-be05-0cc13d29fcf5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701678430, "uuid": "a220b77e-2e7a-498e-8be7-8c5ed56a4390", "value": "24576:U34/up+pJNYrq8AUOumbjekV+q6WfcvAYg:U38PJGaFbjrVj6WEvx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701678430, "uuid": "19462f26-a0ff-44c7-9601-b9613eb97cbc", "value": 830976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701678430, "uuid": "890b978c-ccbc-46b6-9380-b0a22bbd9ab8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701678430, "uuid": "c6abdab2-bba7-46af-a8c5-bee3bae08505", "value": "SecuriteInfo.com.Win32.PWSX-gen.4268.14692", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8fca0e64-92c6-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1701709200, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709200, "uuid": "42cc6f03-45ab-4834-9946-94aa922663f0", "comment": "Malware payload (RaccoonStealer)", "value": "d5fcbe8d9c81813d9f44f9dd5f2fea47", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709200, "uuid": "777462c9-06a9-4733-ae6c-f7bd8436bb35", "comment": "Malware payload (RaccoonStealer)", "value": "e45a2aee80d4d4416c6e95cd5b5bb581c068ae88c53acfd173867dbfce88e6d5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709200, "uuid": "1d40dd35-88b6-4303-b16f-7d677aa01532", "comment": "Malware payload (RaccoonStealer)", "value": "ba6f5b2af9625773de66dd9299fee87a6e2f1ebc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709200, "uuid": "78f0d973-cbde-4268-b947-3013352b4fbc", "comment": "Malware payload (RaccoonStealer)", "value": "e3de95f287c641c7297ddfe01324a24262fa76a7ed924862cedc12b07bdd37bb2f9ec94bea1731ca6f091e3efe52221f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709200, "uuid": "c5e25e30-690a-4075-a0f2-fe79a9aa98b2", "value": "T1C57623939BA5B6C3E9E65C319977FCD031768FD86F826CB4068BBDC311324A8B205563", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709200, "uuid": "1ba41639-e745-40b3-bdd7-deac993282c7", "value": "8a706ae8e2043653b21890181fe695e8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709200, "uuid": "101d020f-2488-4d87-990b-268b58f44268", "value": "98304:zZovgW4jAk1K8b/XXx8ML/PO29zdOWVouQF32GGL9L6a8slr9hk7iFo+3hCZye/:zZDz71BBjLXO2TEt2GGLAa8sJTFo+le/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701709200, "uuid": "6d810278-5141-4740-b26d-5d7a7134ad6a", "value": 7286168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701709200, "uuid": "91dc7cf0-b544-4bea-ac45-db2a55ea1865", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709200, "uuid": "89e01594-907b-40af-ae2b-f3f3c260b9d0", "value": "RemoteLogout.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3c4d065-926e-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701671519, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671519, "uuid": "ab5902af-76c0-4f16-b1ef-088ef9a4c4c4", "comment": "Malware payload (Mirai)", "value": "ca0a30e1efce70e68620c13ac729e132", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671519, "uuid": "d84227fa-76b2-48b5-92e4-bca48d081f36", "comment": "Malware payload (Mirai)", "value": "e4979964fc39e8142ed0f2bc9bb8386080d7e21c15e89240e986fe89fae93524", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671519, "uuid": "aab59779-c141-48e6-b7d4-c6ae62dd98d3", "comment": "Malware payload (Mirai)", "value": "5859f4497545abbf6646aae6481d9c0131d93a81", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671519, "uuid": "cf8ee867-f308-453d-9f10-e8c7f4ca9d8b", "comment": "Malware payload (Mirai)", "value": "601463629b5f95a2c0a02be0580078c984d2a3fba6b7fc5304065eb36d072c5ca068d950395bb03cbdb724d83d7a0032", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671519, "uuid": "3318f0b6-1aa1-4421-b9f6-b485dfb4a6e5", "value": "T161532931BA321E27C4D1647661F74B25B6F147CE26A8C61A3DB10E9EFF61A402543EF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671519, "uuid": "20d7ebb2-f77d-4b57-92c4-291b6dd7c951", "value": "768:Y+o0SmUEcDTqxuoj0Z/J2t6bwKO+75Vy/H8aL5mtuwPIb:Y+FSmvFrj0Zx2tS/75GIt3P8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701671519, "uuid": "173f939a-975c-4763-8ee3-54c08a2508bb", "value": 62248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701671519, "uuid": "38eddac4-4d17-4854-8b66-b6e9b64e5cba", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671519, "uuid": "c35da984-1432-4118-a0f7-86611017ff3d", "value": "ca0a30e1efce70e68620c13ac729e132", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99091841-92a2-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701693754, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693754, "uuid": "28ba9acf-a92c-4785-9c48-3cf12d58461e", "comment": "Malware payload (AgentTesla)", "value": "3d4646206820c5f3188862f88ec3af59", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "com", "colour": "#1D22E5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693754, "uuid": "1d1d9913-a720-4e0f-aa4c-e2a7399533a1", "comment": "Malware payload (AgentTesla)", "value": "e4dcfe552c8f34aa797aebeb9b68988edb50ebf185e67f0b173ef7e8c57685b0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "com", "colour": "#1D22E5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693754, "uuid": "05f5c708-5854-4898-85ce-3c56649a9bd9", "comment": "Malware payload (AgentTesla)", "value": "fecc92d2e0bdfdd5abe90548dd5ea3235bc7daeb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "com", "colour": "#1D22E5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693754, "uuid": "c53ebb77-7f63-41d8-8b96-6636f87d0c5c", "comment": "Malware payload (AgentTesla)", "value": "3e8c3f5a2723b977b19b1e366b3a988e15b944461bce8ed9be967b5e4a0d0b13d5b9eb600804224e9f6b816467442230", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "com", "colour": "#1D22E5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693754, "uuid": "e636d6d2-733a-4101-a695-042b72aae1f6", "value": "T16F059E412294889BE04F05F6D06EC524627CADEE9166F34E3756AB7D1FF3382644A38F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693754, "uuid": "1129a177-eff5-4598-bb76-0a85c1d8fdea", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693754, "uuid": "c5ca7579-7094-4e54-8a8a-bf8eb41c0f6d", "value": "12288:NWodxz5ZBGx3L9PhcXmBTXp/xqnylQ6J7Pl/pEL9X7cMRKs/H7RhS6KeneSiyyjK:nzFGxL9PhcXIqn2xdo54sjR/ned8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701693754, "uuid": "84724808-b703-4ef9-9ab5-dff83fc30cf2", "value": 825392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701693754, "uuid": "66b26896-0423-4965-bfdd-9725128a8633", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693754, "uuid": "8768fb1d-fbc6-4744-8a61-a976a508a612", "value": "Payment Status - NAMI.com", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb5f7e05-9295-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701688309, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688309, "uuid": "57bcdee7-6c80-4311-99d6-4034a5332729", "comment": "Malware payload (Mirai)", "value": "1affd750ea827d1e908b1fe2d378ab07", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688309, "uuid": "8879424f-8a6e-46d6-b2cf-5f09e0141b23", "comment": "Malware payload (Mirai)", "value": "e50e3ebdfab03e71843bff0c3d8809cfd9048f78c845cc1cc53de471549639be", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688309, "uuid": "61a03147-2f79-44e6-a2cd-9aead7306dda", "comment": "Malware payload (Mirai)", "value": "abcc16b45e5adac0352c8cfef549a3f4f745a947", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688309, "uuid": "805c1b30-4e75-414e-bc1b-05b9f46d424f", "comment": "Malware payload (Mirai)", "value": "6a69faf3abb4e2b7da1a79760e9984bfa995b736dffb67f560c480a0a5f0f4ba9d3fd3fc289658134cbb0200f23281c4", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688309, "uuid": "4d758cf7-b77e-4f0e-8e9f-45d0c1f5d3d3", "value": "T1BCD2E15945F7E4F1C8B8E87369B6BAC0FB64A411E3191B6B48CDE5BF5D9B28C0230701", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688309, "uuid": "e506d269-580b-401b-bf18-48b03e10086e", "value": "768:kYSoXdJZUtqz0hVGTa/V7t4zY/R04O/2Sx0sQ:kYJdJZmY03GU504GtQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701688309, "uuid": "8e31fc14-02da-4101-bf0b-665634374b61", "value": 29440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701688309, "uuid": "438316d1-2538-42a6-ae34-7d0b4535e771", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688309, "uuid": "e54705ec-3f29-4802-ad63-75d8ed3de7de", "value": "1affd750ea827d1e908b1fe2d378ab07", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a921a312-92f5-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RedLineStealer)", "timestamp": 1701729429, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729429, "uuid": "979f10fc-73b0-446d-bc53-5a543c10de96", "comment": "Malware payload (RedLineStealer)", "value": "b0381e427930bc3dbddfc2b3acfa5dc6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729429, "uuid": "3e201e98-34c4-42d4-b4de-78b2fc2b0d02", "comment": "Malware payload (RedLineStealer)", "value": "e5525c0cc38c18efafa4e48acd35b106ee0debd8c4ab1f45c6e64866ba8b6dbb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729429, "uuid": "cb42eb7a-d3ed-4c4d-b74d-abd33a9c78af", "comment": "Malware payload (RedLineStealer)", "value": "fbcc79dace49199dac15df42fd1713dbbc1786ba", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729429, "uuid": "45c3b01d-c8b5-4f28-a10f-c9ce25a3ad28", "comment": "Malware payload (RedLineStealer)", "value": "0efe41af195f3d412f10aa20d74fb2ecc913b3e8d84bd891c6ef14f9198a42139262f7a5a0da865793d458a098283660", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729429, "uuid": "a21adca7-f5bf-491b-b60a-77610962b309", "value": "T1DD348CFDE494C128CCB7B43179AAEC62375916AC3178AD2F6BAC204B1DD40F411BA59F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729429, "uuid": "63314f0f-5fa2-4f18-9e4b-c4670a0a0745", "value": "b610b1ff2dfb4b84acc0b3fb1474f9f2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729429, "uuid": "81cf3ffb-2a04-479f-b8a5-41e1fc2685d0", "value": "3072:HIkcMK5NQclmDEKF498hlaurhZnC2EN/T5gVNtoyJjF48gV/:okxK5738h8utZC2EdT5wJh48gN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701729429, "uuid": "0e29580f-b03a-4003-ab3d-5ed6d600b440", "value": 244224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701729429, "uuid": "2f2a331a-0675-41f7-9fd3-2dcebe0c5b21", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729429, "uuid": "a9bfe3c8-e387-4bb0-bff4-b7cbb4ae90c7", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5206874-92bc-11ee-b7ea-42010a9c0006", "comment": "Malware payload (zgRAT)", "timestamp": 1701705049, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701705049, "uuid": "8015edb4-3c91-41f2-a5c6-3dbd41bb8707", "comment": "Malware payload (zgRAT)", "value": "da419a77d4cf91ece32dca8dd1dfd152", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701705049, "uuid": "6135cdda-9bcd-4b39-9b01-8e9bf1812883", "comment": "Malware payload (zgRAT)", "value": "e5b18d53835af3194899ef34effacf1e886854716b78ad0ca948d079d0550f74", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701705049, "uuid": "17d8457d-4cc3-4d2d-a474-f298793d3d65", "comment": "Malware payload (zgRAT)", "value": "4533d3dca99cd546284718c350185bd5404dcc30", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701705049, "uuid": "4aa2400f-548c-4d20-99bd-abb4030a6543", "comment": "Malware payload (zgRAT)", "value": "4138bc96e4bfbc97068c9955c4e203fda8f474276e0da6d77988e2437d83617618614a3c2d4c32a6902a9317acecef47", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701705049, "uuid": "91cfca5e-0b9c-4e90-9897-ad24a7466033", "value": "T1B1D42306EA67FB77D02444F34A3EEF491D30988486478B5F587FA4EA5D1D2B20EF2894", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701705049, "uuid": "01e49445-bc56-4794-aa05-9f5f83949f75", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701705049, "uuid": "b46dae38-62f0-4a95-ae52-0cb33e7c61f8", "value": "12288:ZmBbJ+/O9lnYT2rRQJKTMfb8Y9aqK+TfWjen95tjf++33+J0eibpuYmw7Wy:ZCcYnfrRQAifm+j9fjF33+BYpzf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701705049, "uuid": "dd3f12cb-2be3-419b-a20b-2224e83c8175", "value": 606208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701705049, "uuid": "21da0974-705f-4dfe-90c5-c8017bfe04f6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701705049, "uuid": "7fb44174-455f-4b1c-88e6-406b3618015f", "value": "da419a77d4cf91ece32dca8dd1dfd152", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b79fd784-9286-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701681779, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681779, "uuid": "9bb7cfdc-e4db-4968-8a4f-22009b7d2b49", "comment": "Malware payload (AgentTesla)", "value": "50bc86b4e46d2f856c736413a4e30929", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681779, "uuid": "61901356-6dcb-48a4-bc21-636ad0e21cc4", "comment": "Malware payload (AgentTesla)", "value": "e5ef183563edbbfd4d80f83f9852764d92a0fae2bfbd101ba5043b681db36753", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681779, "uuid": "53be909a-f750-4837-bb3a-84e448f50b3d", "comment": "Malware payload (AgentTesla)", "value": "b187f22dc19fd1a7d24832e9560b9e1f2e2fc78e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681779, "uuid": "cff3f291-10b5-443b-8c40-78cf415ab662", "comment": "Malware payload (AgentTesla)", "value": "7b1781121f283d1016f570201b02b921b48c709df5695d09e4c432a78663240d975f8e8ec50eda28b91cb1e9c4ee0620", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681779, "uuid": "2dcade1e-ecaa-4ba3-9604-3a3d1fa06e91", "value": "T197E423B366C8536EE300FA598CC2E530EA658C16DE15119AE572E36C4B724630ABF5CA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681779, "uuid": "e93242a9-95d8-483c-bb02-c2779616a8d2", "value": "12288:vXglsgYsp3yEI6CF8FXTrIL//Z8pDwSoGJ1dt3SFK9mP7yD/SMWH34qgWEBsJ5wt:vXlgPp3qF8FjK/R8RwSoa1SFDzyWMWoZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681779, "uuid": "4c1169e9-6058-4685-9f7e-fac0c277d5d4", "value": 679541, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681779, "uuid": "4038d64b-1d9f-400e-999e-060a2d149aad", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681779, "uuid": "e10b3d4b-3079-489e-99f2-03146807229f", "value": "NEW ORDER COPY .xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60f997ef-9298-11ee-b7ea-42010a9c0006", "comment": "Malware payload (zgRAT)", "timestamp": 1701689365, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701689365, "uuid": "2dd81fea-fafd-4f59-8855-9133dd829949", "comment": "Malware payload (zgRAT)", "value": "d9680a739cb8acaf7ba24172d7440f2c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701689365, "uuid": "13bc662f-98f0-4f79-8d2f-72c7d0e98daf", "comment": "Malware payload (zgRAT)", "value": "e6438f002d7e462be2961e864590e10d7dac3ffd88c3c88f2993d4affdbe8b01", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701689365, "uuid": "4d953a72-4d14-4637-a1c8-b4e46aee388f", "comment": "Malware payload (zgRAT)", "value": "85a784dd8e459432526c531934ec59aa2af7e2ac", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701689365, "uuid": "f3acdea7-df75-454b-a8a7-e510850c89ad", "comment": "Malware payload (zgRAT)", "value": "3eeb28c7cf36bce2744dfb29d1c50d45a18c3706cef2f2c4eada0a6fadc129f2ba8efa714bb6d270fb95a6703d9569a7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701689365, "uuid": "15c54007-c247-4a6f-829d-ccb7fe4a3777", "value": "T15AB5C52193E84B7ADD770B729DB3A34003B4FB119D37ABAD28C4110B6D663954B62FB1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701689365, "uuid": "172cce71-1f5c-4cce-bf39-d9c95bc0c009", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701689365, "uuid": "397ebde3-cede-4972-a3bd-7c79c3d5721f", "value": "12288:/dB+vIZ/CMsyboZO3UVKzJYLiFEn+BwgxqTMtGvI5f2d8DahQHeW/c96jwB+ntMN:X+va6Mg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701689365, "uuid": "eb71664e-fce2-479e-a91e-65cc59a3272d", "value": 2411018, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701689365, "uuid": "2a388ce3-cf85-4a39-96fc-d6ae2881b996", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701689365, "uuid": "b671f82d-6e50-4d33-9bc8-c0a5f26c5dbd", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01cd2be7-9289-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701682763, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682763, "uuid": "d6ee7004-06fa-456d-8d69-d28c052c35bd", "comment": "Malware payload (AgentTesla)", "value": "73c4d511b769f0869c87b5d4621f2a81", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682763, "uuid": "392caff4-42d7-4c47-857b-cf3e956c7967", "comment": "Malware payload (AgentTesla)", "value": "e71a07f99b82d89d7dcd21041055ec628b6c8855af5f44f954354dee5fa6fb74", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682763, "uuid": "b064686a-d462-4418-86ea-fa9e07341230", "comment": "Malware payload (AgentTesla)", "value": "a8928f94fc09b95a019ca5cc4a7f3c0f89966684", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682763, "uuid": "0a5c5e27-ea46-47c2-9b73-a7248ef21020", "comment": "Malware payload (AgentTesla)", "value": "a1e0f84fc87aba8098e70577d7ec393d1eff7a9d747d26029a55286181d6ac78cf81dff4feaeb367d58950d4c9748d36", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682763, "uuid": "eeb0871d-27c1-49f1-a042-f48b5cc10d13", "value": "T1E40512AA73658B17E8BA53F4E93E290083F27C153535E94CAEC331DE2971B401951BEB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682763, "uuid": "926f847a-b775-4515-8f1d-ca17fdc97d87", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682763, "uuid": "77986d0d-e72f-4dbf-bb2e-4e54c35879f0", "value": "24576:/34/up+pJBv8nNX2ohpy+1AphoGJLYQgll7Bq:/38PJ2NziyAphoGxYZl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682763, "uuid": "f890dfc4-1278-4bd8-9d3f-1f699ad25ffa", "value": 832000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682763, "uuid": "d258ac3c-875b-423a-a693-4ad4adfbc6a5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682763, "uuid": "13371861-7c76-45d1-a508-e02fb46a1352", "value": "SecuriteInfo.com.Win32.PWSX-gen.7861.9254", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eef1cd8c-92ae-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701699052, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699052, "uuid": "cd0f8cc4-b3e6-4502-ae93-bb4fec823b67", "comment": "Malware payload (Formbook)", "value": "934b70128ee9526a227f0e3a4deb7c31", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699052, "uuid": "ffc969d6-c504-4123-9b49-46088cc8aa90", "comment": "Malware payload (Formbook)", "value": "e7aaec4e757952b19a3629e6b25ff54f5b2ecb55e0cd4898f2ba8c66cb859fca", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699052, "uuid": "8122a1d9-ccc4-4b6a-b3ca-2e3c410c6e84", "comment": "Malware payload (Formbook)", "value": "d3d62350c6d5a15b2308f799c1fc29b830e96340", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701699052, "uuid": "256050c4-1877-4ff0-bb29-4a7e9716ade1", "comment": "Malware payload (Formbook)", "value": "45cc5f67b71a8ccc0c0d96ffb64a0d2db743db20790272e6baa67ed82d902c81504c3352cb869877a5ecbe9541d2f2ca", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699052, "uuid": "e204b348-e58b-4f0a-aa56-1e4650c72a1e", "value": "T1E2F41228E6A80B8FED7E57F85D10920587F3BC2E9976D3081D8173DA4A78F505E62E13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699052, "uuid": "a9a36818-b82d-4d95-b8f2-6ed156289f8c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699052, "uuid": "a58d25ce-576b-46a4-bb47-51f8d40c9304", "value": "12288:pvj1E6jD/XA6ouTCZhAbZ8pCVUEC+fyNhcxMFxJRQCdgYOgG0rZkIi3UC3XUjor1:tj1tD/XA6rTCoYZCyNKqFxJ6CyY5TrZ6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701699052, "uuid": "7a56fd98-43ca-40f5-8d08-17def4108bee", "value": 723456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701699052, "uuid": "2b748252-c310-4a44-9e40-db2c7d4c774a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701699052, "uuid": "030039de-e043-4fd8-9f90-f9f39263465f", "value": "PO_08048XT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c9ba06ab-92f4-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701729054, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729054, "uuid": "100ab3be-d73d-4350-b820-9914aff00cff", "comment": "Malware payload", "value": "cead680660dba3fa01febe85a9abda85", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729054, "uuid": "ae080ed8-e648-465f-a717-8c63f3c453f5", "comment": "Malware payload", "value": "e8b07a7a458f7cca07dc1be67497b13a8d70e150b75b145bcd356f9ac2ecfc59", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729054, "uuid": "742c2ac4-f2f6-45f0-b51a-f196e77c5ef6", "comment": "Malware payload", "value": "e7fc81808dc275094234f53d62bfa3f41253cc41", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729054, "uuid": "d93d8b46-6659-4192-b82d-92fda0c5e202", "comment": "Malware payload", "value": "7fa87ab0c0bf2e160dfd2464440288e42e382606314c39a8ced04ef8bd63ba283aed3db92a75e582eaddce9086efda23", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729054, "uuid": "f73be9b6-27c4-471a-9739-af99a084c5d0", "value": "T17EF31E2E21B06802F5FC0678B0F5AB5757147123BDE61CCE2D40DA3CC7629A376AAA64", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729054, "uuid": "3ce26f75-cc24-49f2-80ed-f85433b5faeb", "value": "4514c46259fb71fea289f87cc46a4112", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729054, "uuid": "536f6c3b-01cb-4831-8864-f5707dda199f", "value": "1536:ahJ8ZNB0ahCYsuut5bj4tt2AKy+7Kq7hkGXefJ2srsXvNKDqdOpdtKbUviZTIHkg:a/8ZNuottY7exHr+dAtKbO4vntOT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701729054, "uuid": "39ae753b-a73d-4c1c-916d-a21d4c0932f2", "value": 163328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701729054, "uuid": "f0e1070e-2390-40da-9e62-584c1674860d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729054, "uuid": "74e3c523-3686-461d-9ac3-6a0d9f1de832", "value": "SecuriteInfo.com.Trojan.DownLoaderNET.485.16033.24808", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc12772c-92de-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Smoke Loader)", "timestamp": 1701719690, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719690, "uuid": "fc675cc0-d78d-4a47-820e-b2f7ddaf07b8", "comment": "Malware payload (Smoke Loader)", "value": "f1ba96ff04e1507d5442f0cf8cd75ccb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719690, "uuid": "5264c2b1-59ae-4e20-9cf6-a3173729e314", "comment": "Malware payload (Smoke Loader)", "value": "e92dc67c0a7eb8f59e52f80ca0e85dee9a4468ad0b350b6977022f25f6965838", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719690, "uuid": "7b7df4f9-e58f-439d-8a38-2e6fd8fbb64c", "comment": "Malware payload (Smoke Loader)", "value": "23fe0bbecbe9650114461463f56c440465bf9e46", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719690, "uuid": "f9a9cc78-8773-41a3-b4a0-b0d0e89bfbfb", "comment": "Malware payload (Smoke Loader)", "value": "3a20b539df63a72827fde5ddf9d58a5d732aec9c028207e2efa8396ba88782af84d4dfdd3910e213c1e8701d0dc7e318", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719690, "uuid": "4ad31c7e-49e6-431e-8616-d8c149d32572", "value": "T1A354176382E07D45EA224B329E2FC6FC761EF6518E6C7B6A2118AF1F14B1173D663710", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719690, "uuid": "0f2e6c2b-ff98-41ea-b28d-f1bdb9775a8b", "value": "01f6fc978b1d93c9a83c4aab7e4e75ac", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719690, "uuid": "016dcd5a-b70b-49f8-a58c-0b8bfb32491d", "value": "3072:eTkXOYXd4wXQM6GdmJVGE7ypJ3NfMtMY33m3+cQ5UXmSVZkTkS:6fXkmJcE7y/Nwl33m37XmsiT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701719690, "uuid": "b102a3af-1148-46f7-9101-f915e35f6fd3", "value": 297984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701719690, "uuid": "7c8d7a9e-5822-4fe7-be52-d5daaf913e0b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719690, "uuid": "7b5a8c70-a362-441e-a595-0bbd8eba1f70", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "993da0b2-9286-11ee-b7ea-42010a9c0006", "comment": "Malware payload (DBatLoader)", "timestamp": 1701681728, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681728, "uuid": "b65737f4-d9a6-4667-890d-74fb4879c67c", "comment": "Malware payload (DBatLoader)", "value": "5b377a4350546a601c6081db521e5e68", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681728, "uuid": "37b6540b-aa75-4013-b429-6621dbef2c03", "comment": "Malware payload (DBatLoader)", "value": "e94c8165947e2adda5ffead77a571b43deaa0300f018ea5ba46a7e2567f79e31", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681728, "uuid": "cbc73eef-4b0c-490d-bc27-9029d12b774c", "comment": "Malware payload (DBatLoader)", "value": "2cb6fc67a20989020ef48dcff1bab236c76caf28", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681728, "uuid": "489c257e-96a3-48b4-8f2b-8d28bbaaec2f", "comment": "Malware payload (DBatLoader)", "value": "afa7581a77a66a9b5ab7e364295a977a5fe3b4df79f31898da1fea2e8a245a50d16fae98aa9b71fb4a65ee4a7060313d", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681728, "uuid": "840973a9-bfb6-48ed-af94-bf8619666f9d", "value": "T1A435AED21ED1E07CE03E26BA9847D398042B7F341E6C154E75F5C6885E3AAD3782F1A6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681728, "uuid": "6e20479e-d0b8-4a8f-a259-104fddf41aa6", "value": "10ea1b1ff7d4c4809d2c0a9a6ae44619", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681728, "uuid": "e1562fd5-61ab-45df-95a8-1ba40c4e3512", "value": "12288:RtVsGMuG7PS2wDtCU6NdObmCvRJqKqMQZLGdVNXbUWsK9h9wAPft4:R0hOSNENpJqKOGvdUWVJt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681728, "uuid": "e4bdf793-3886-4d5a-a2d6-5efd6ab02d3e", "value": 1121280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681728, "uuid": "a3236a2f-ca09-4dd2-9d9b-64beaac488a3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681728, "uuid": "22a39f9b-aa7e-4eb2-8f9f-69de02da3e2f", "value": "Yeni siparis, fatura.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "588dc696-9275-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Smoke Loader)", "timestamp": 1701674318, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674318, "uuid": "698e231f-cfab-4c9f-bae2-a601fded29fc", "comment": "Malware payload (Smoke Loader)", "value": "752bb6e39f05c8696589218edb430d3c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674318, "uuid": "7afca94d-3025-4967-ab78-e761a40dc355", "comment": "Malware payload (Smoke Loader)", "value": "e9625894666e2f9b89483d524e37401a2dabffbd5fc10378aa4dbf2f124ecba8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674318, "uuid": "e27cfc40-a186-41a1-b357-eeaa8ad0f08a", "comment": "Malware payload (Smoke Loader)", "value": "5cd442db1d14c95c56db8d0250fb464ee006248c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674318, "uuid": "2940393d-e556-4024-a193-95889ca89ec6", "comment": "Malware payload (Smoke Loader)", "value": "21d4b471219fd8b8b94535007bd7fb604d8a36c232218e3cb46f015006b01e5224dd43b329734d4607072b7511e4fbb0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674318, "uuid": "60e4d9a3-49aa-4e7f-972a-8ecfb375470e", "value": "T12844B44392E17C55EA268B33AE2FC2FC760DF9518E493B652918AF1F10B1173D1A3B16", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674318, "uuid": "dd642aed-3ed6-4ead-8079-2cc26e672552", "value": "4218786bdd48185e04ca1848e08c3d21", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674318, "uuid": "e0be3c29-6ac3-41b9-9676-3baf0e531df3", "value": "3072:uoMFK4fQAAYyHoiix7085mXfHwbhemOibTUyGTxs:bpYwo6faVOibTUyGT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701674318, "uuid": "6cf72eba-f618-4488-854b-c0b375b6ae16", "value": 265728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701674318, "uuid": "24df52d4-e67e-484c-bc93-4ca77c4b9b9a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674318, "uuid": "5485d731-eb14-4216-9595-d633e8b0206c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25d42caf-92cb-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701711170, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711170, "uuid": "fdeda756-4449-453f-8e47-342dce16d85b", "comment": "Malware payload (Formbook)", "value": "afa923c69dd17fee447b8db19e13da66", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711170, "uuid": "9790bfb1-c373-4862-a506-e478d54e4308", "comment": "Malware payload (Formbook)", "value": "e9ba196dd5a0c19f362c7473a93e6af80f443d0da53d87e90c7ae5d4449bce33", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711170, "uuid": "b02e15fa-53fa-4034-bc6e-bec52d981f4a", "comment": "Malware payload (Formbook)", "value": "73234744f2c7061b260e757a3d8a695b767f8efb", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711170, "uuid": "5641d2b9-4a84-4804-812c-b5bfbc147374", "comment": "Malware payload (Formbook)", "value": "933609d846fdd35f566747606f58731f100599fff316554144abcc7519c7d7367038f552568c0b85f9c7f31180dac22e", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711170, "uuid": "c342aeab-3958-4d46-90ba-c200f3a51a7b", "value": "T1AFC423003E777E3B46DE31E4E285A1C7A7BA080396E9634ED7ADC192C7719D4DBE9120", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711170, "uuid": "f14140d3-10a8-410f-901d-d138cce3fbca", "value": "12288:NZjQAk8rAxgOAObK9B/5evbJzGeHt8ilZX0ytqE/lox6zAkEOC0:NZjQV8cg6eLKVt6UkzQCHIC0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711170, "uuid": "0ee0527b-10b3-4cd0-be2d-41d4b2814490", "value": 578159, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711170, "uuid": "5e4f339e-7159-4a3b-8501-17d3292cf071", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711170, "uuid": "d24979fd-620d-418f-b1a2-e4cf685031d6", "value": "Confirm.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a40642bb-92c4-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701708375, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708375, "uuid": "f906c701-9348-4052-94c3-a2c35039b815", "comment": "Malware payload (AgentTesla)", "value": "7ec6dc65c63a44306923b9095fbc8b6b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708375, "uuid": "05efd683-b4ec-422a-b4e3-a3c9382fd22c", "comment": "Malware payload (AgentTesla)", "value": "e9d2652ec839f72193b658679f3d7b63bd8160e9db95f99ae6897c744f2a9cc9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708375, "uuid": "b5f26398-b568-47e0-bf0f-cfa34a417d06", "comment": "Malware payload (AgentTesla)", "value": "4771b5d42c729e989b22c8c2069ffb626029faf3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701708375, "uuid": "574b8fef-49b2-4a4a-a1b7-2854e9dc2d58", "comment": "Malware payload (AgentTesla)", "value": "7692d39b8a4960cd0006788c823d182f3e27bac5985508cb81ba482c43a675ebed576b10a14c93ab456e2b0229ced11b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708375, "uuid": "faa17630-afe7-4da7-b6f0-d4c3241a2301", "value": "T1FCD4236BCE0A696CE0DA1E3F04AC0FC69D3DBE0A6254FD3ED512BB65FF51484221E560", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708375, "uuid": "f3dffe0f-8895-4020-9c53-26583ae64fba", "value": "12288:02DvXoN+e3g2vJhSzcBqiKNcatgeBO1HHFimaoJefzhmbO5ss0fvr7sUpm:0EYN+eP5B6tToHlfa6efEbr9rAUw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701708375, "uuid": "a74d90ec-6409-4633-a147-678443c0b6b2", "value": 650981, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701708375, "uuid": "dea29d96-ce49-4b5e-b488-7c3698d7c30f", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701708375, "uuid": "6274e77e-fcb2-446b-b55a-012e70c32147", "value": "ORDER0412.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "618ed2d5-9256-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701661019, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661019, "uuid": "7e27af61-f455-46e2-9fb0-605931257465", "comment": "Malware payload", "value": "944607a7069c725c796efb94bdbd7ff7", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661019, "uuid": "2e133c5f-b1d6-4355-abc1-b0a6a8db03b2", "comment": "Malware payload", "value": "ea6065367a55f04a70c63923ea9dd8c409d674640ccdc4665c80c50307cf4a34", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661019, "uuid": "89a49e69-c449-4d7f-8479-92898e59ac7b", "comment": "Malware payload", "value": "47850ac9b0adffe337ace3b45e4638a4fe1812da", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661019, "uuid": "d3c6acb3-6b62-4d9c-83e6-fb64bda18bd8", "comment": "Malware payload", "value": "abce829c3787257552038f3da8193b88ffee17447e3d56697d3fdf8b2f271bea81e2d02803ede53552f8268c481383c8", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701661019, "uuid": "e79c108e-2678-4b85-b935-ea61cbc0a211", "value": "T1F7563379AB5166F0E51BCAB20E64921754E6389AD2CCFA164796FCF42FB0F58433213C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701661019, "uuid": "e7b3a8a2-90b4-4f12-95ac-31a7f44f6abc", "value": "98304:/2SwmX4Dc0nAPQmJpd+3MmbLmNzlosf+A+KX9:/2rmXH0nrmcqNn+A+KX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701661019, "uuid": "d51c3618-323c-4a06-aea1-2b52a22c7df8", "value": 6217056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701661019, "uuid": "c9a6b0d5-53b7-49e9-b246-ecd5f192b533", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701661019, "uuid": "e84d09bc-0dfb-4337-b5a9-3a161dc7b348", "value": "SecuriteInfo.com.Linux.Packed.1241.17484.8046", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c490ab5c-92a0-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RiseProStealer)", "timestamp": 1701692968, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701692968, "uuid": "4b21b7a0-4866-4b85-8436-f699188d29b4", "comment": "Malware payload (RiseProStealer)", "value": "ac3fbd31b19755840419b7cd9d6aa001", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701692968, "uuid": "36f6d2b0-33ef-4505-acff-ca1693154294", "comment": "Malware payload (RiseProStealer)", "value": "eb2697299983caf35d74de958c539ca04c0b10833a4b66d395388d6567e4819b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701692968, "uuid": "7458c77a-2b9a-4437-858c-9b313488055a", "comment": "Malware payload (RiseProStealer)", "value": "5fe4002b1efaf2dedd622b155aeb63083fdd1e5e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701692968, "uuid": "48719a4e-7260-4149-a296-f0fac73f27fd", "comment": "Malware payload (RiseProStealer)", "value": "60d34528147aca76e1fb7d481041f127a6621827b9a85d4a5a2c30836a2f4a0cf15180e001531248b4f9179f1881d2de", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701692968, "uuid": "4a63a031-f5bc-43ff-ada8-33b30ce1ffec", "value": "T1DB658C31FA08D4B6D09210B0916D6A7B91587A322BAF4CD7F3C05E6E41B52D2F235F6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701692968, "uuid": "e2fa8470-ec2a-4899-a3b9-9b88902d01b5", "value": "078471ac5a76189ffe465abe0c89c6b7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701692968, "uuid": "abcd1b05-e375-4d96-8ccf-66ca385b1dc9", "value": "24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WBI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701692968, "uuid": "065e2f49-978f-48d8-9aa4-b2df55c2a16f", "value": 1540122, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701692968, "uuid": "41bf1c95-11b6-4737-9262-cff27b6fcf7a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701692968, "uuid": "25a0b248-11f6-4450-a887-9462b4dcbe87", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f308f79a-92c7-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RedLineStealer)", "timestamp": 1701709796, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709796, "uuid": "bee8bf29-3190-4f78-9424-1f6525d9b7c8", "comment": "Malware payload (RedLineStealer)", "value": "d158b8cb70d1e137691ef5d3d073e6b7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709796, "uuid": "ad3b6d97-4092-4924-97b2-2d94555bc81d", "comment": "Malware payload (RedLineStealer)", "value": "ebd12f0c74d4a3ac13e99aab8cbe33362bd4c41974a2c0a9b5bb2fb67563411b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709796, "uuid": "03f4d268-acd2-404f-b89c-0f48335a8467", "comment": "Malware payload (RedLineStealer)", "value": "4550f2479d2cb0aa2c1f05425d4b9e5880caaffd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709796, "uuid": "0d908bc2-d8b2-4ae3-97ab-74602e7daab3", "comment": "Malware payload (RedLineStealer)", "value": "3feac32c3bcb744c5c5942a161fb438a0b8d4271106c000b96cffd0744f505ca4f6d7440cfa1bfa1a574dce65f6c5311", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709796, "uuid": "82910f92-aff2-4152-9225-e52b4b631a59", "value": "T146448F017BD0D121E6271C7F1C58CBE55E66FD2BDA64EDA363C4CA2EE8340D2D47868A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709796, "uuid": "1a47fd17-f668-4323-b78c-fdf18c96eb27", "value": "1ee05438782cb7040e10c1d388320229", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709796, "uuid": "287052c7-1028-4710-aaf1-bc2583e1bb8a", "value": "6144:7JRvl36P1/81yqX6jbpU8xYTc23B7gCexdphUb/e:7JO2XQ+70i/e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701709796, "uuid": "7ef0d8c2-60b4-4bd4-9e9c-e48636da2c0c", "value": 270112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701709796, "uuid": "f4a267c2-7023-4c54-8b90-6d6cc0ead8d4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709796, "uuid": "07edcdd0-0fa9-4ebc-a049-2a228b09c45a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab3ec66f-92de-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701719554, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719554, "uuid": "e156bb6f-abb1-4100-89fe-97ba26801c8a", "comment": "Malware payload", "value": "db6e5b05e872a3799ce1b4ba660a6c9b", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719554, "uuid": "6b2fb4e7-fafe-4e20-9a9c-a5fdbfd492a5", "comment": "Malware payload", "value": "ec23523994a89e44162e5476f923b417b692323438d6247e53020fe4898fd23f", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719554, "uuid": "fc9fbfad-b370-4de5-b32d-76812d6f3558", "comment": "Malware payload", "value": "2b818084211c0274e2ec6bc6dd410b7a1d5cff84", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719554, "uuid": "c1bf62ee-0029-419e-96c4-aecfd9f017c6", "comment": "Malware payload", "value": "fd907687e6d984930df3381bf17b150ba0c8b0231745db0508cd9aa9c40c94fb49094329e6fc3cfa49f1651cab1e1ce5", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719554, "uuid": "b3f8d10b-3729-4c7b-99bb-2d3c557d9a23", "value": "T1D9445CBBD7A19CE7D616223488A70B097F34F58317638B1F4B2056762F233D0AF5AA54", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719554, "uuid": "882b60b2-18c3-4880-8d09-7f6da586940a", "value": "55571ea66164dcba8744331456191cf3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719554, "uuid": "abf99365-d9c4-4a69-b193-015809c156e2", "value": "3072:BQriXJRoPFdDKFw/2aX1/EgVMNTU/tkftwopFD+BwnlXi+UWX:P+FQI2qnKOdoKw97X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701719554, "uuid": "66fae20c-0cd2-4c3c-8543-5f7a241e116c", "value": 271793, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701719554, "uuid": "4695bbec-08cb-4a50-9cc8-0a68e9fe53e8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719554, "uuid": "e1db3d14-0074-4a1f-a576-fdf26cee352e", "value": "db6e5b05e872a3799ce1b4ba660a6c9b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d50de861-92b3-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701701156, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701701156, "uuid": "4fb49849-1ad2-4e09-81de-9921d7970982", "comment": "Malware payload (AgentTesla)", "value": "dbcfa3e5a5034f917af5f73a3478a558", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701701156, "uuid": "ca1a0d97-b8b8-46e6-b6ff-94d8b7c19176", "comment": "Malware payload (AgentTesla)", "value": "ec8b1cce7a848e87a0a99f285f5c457ebd1772cb0cf09e8589d325b77dedcd43", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701701156, "uuid": "cfb829e4-17d0-427e-8292-93c52b340244", "comment": "Malware payload (AgentTesla)", "value": "182f3f8dfc90c79e2e88b88ebffe735f9c408023", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701701156, "uuid": "4e57bddc-082d-4151-9de5-0da6b17d66b9", "comment": "Malware payload (AgentTesla)", "value": "69a72e6b078760bd6c69af35876e598aff50e78415df7ca694810ceaad94a49d99ebd96ee4716a5aae4dbf820429e117", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701701156, "uuid": "3d98eb8e-b3f7-4875-a067-30aed50901b8", "value": "T12305D00561F65F1AD47A67F48294160003F73B99A13BE34C6ECAE0D72E71B020E5BB6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701701156, "uuid": "c1308db5-6316-47ca-82dc-8040c0ffdc4a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701701156, "uuid": "0bee813e-8cf0-41a2-a527-21c27d882738", "value": "24576:gLek+pJQV3VYTkU+8jGuNOMmUFkfI2vz:ACJU8/Gu8wcI2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701701156, "uuid": "37da59a3-a1f4-497a-a644-84f89b7902ae", "value": 852992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701701156, "uuid": "f9140a45-8bfa-4758-b250-a80c6a9f0e2e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701701156, "uuid": "2f78ee56-ded3-4b1b-bab2-fcd5e396ce30", "value": "z16DHLPSZR00000336-EB.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96cd5629-92e0-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701720379, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720379, "uuid": "51ae05df-93f9-4cf1-bf6f-91fe2ea1aea9", "comment": "Malware payload", "value": "77cdabfa91a2510f7a86ccbf7f4f4b2f", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720379, "uuid": "38b452e2-7e17-4bc4-8ca9-f411a20458e3", "comment": "Malware payload", "value": "ec9a6a8ddc474b4bbde421b6086b52d248d403c2b5468563243d0c1ea99feab0", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720379, "uuid": "d406b250-28b6-4a75-b345-dbb779e055d4", "comment": "Malware payload", "value": "d1068b6fb3da355031b5e629bfae3854946aa651", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720379, "uuid": "92eb5502-3297-401e-8347-e4e187241cac", "comment": "Malware payload", "value": "61064db25b523206ce3fb796fcd231848fb445080f07cd0c5ec7d6bd9c689f95717f26cc4c79bab74e49049bdaa60276", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720379, "uuid": "f099a121-bbb5-4453-98dc-62d678de6175", "value": "T15376011AB71EFC0BE263DA3263728D4B772F85F51250E7116A06B039AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720379, "uuid": "8829b639-4d64-41cf-aad6-78cd953177c3", "value": "196608:FrzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLo1F3nswU/Q6FKNcnFbpA:xw0pdMGbwBAej2u7nswxgFbpA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701720379, "uuid": "e2fc739e-7b7b-49af-8dfe-fb4fad2c53c4", "value": 7326616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701720379, "uuid": "53a4ca15-5dbd-45ee-a831-6f0ce3867419", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720379, "uuid": "9129a154-558f-4026-9c18-20faf4e6c6b8", "value": "Omegle-\u0432\u0438\u0434\u0435\u043e \u0447\u0430\u0442.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "53acd064-92d8-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701716830, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716830, "uuid": "f6ebfee6-720a-4235-9b33-d07e0aadc3e8", "comment": "Malware payload (SMSAGENT)", "value": "623919934fdce8e191afe1c76fbb6395", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716830, "uuid": "ac2c00bc-038c-4dbb-a6b2-1ed07a6e0d7c", "comment": "Malware payload (SMSAGENT)", "value": "ec9e4884ff4f847b3503bf6f9d05bf218d98b34d54b4dbf66ac7df643687f0ab", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716830, "uuid": "0e93ea62-ea49-411b-a584-47a6266ee292", "comment": "Malware payload (SMSAGENT)", "value": "1587b30e189a726ca2583ae011d9882ae4d47ac6", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716830, "uuid": "a822c9c5-b10e-4c8c-9fc2-053c7fc09ae3", "comment": "Malware payload (SMSAGENT)", "value": "df80931a8a86205193045a8695f36a3040403b44d6fdb5fe94ef388150f81e477ab202b8536c1189109e7cf03a79619d", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716830, "uuid": "e5e25fc1-2e3e-43c1-bde8-d3f8e273ed51", "value": "T1C876011AB71EFC0BE263DA3263728D4B772F85F51251E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716830, "uuid": "2a266fe8-e92b-4558-a305-d3841251deae", "value": "196608:srzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLt1F3nswU/Q6FKNcnF2T2:Sw0pdMGbwBAej2/7nswxgF42", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701716830, "uuid": "f64f9f0b-9690-4db6-992c-0e20b41d0998", "value": 7330381, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701716830, "uuid": "c2c790d1-d1a6-44fd-9464-e8b4e9b2d37a", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716830, "uuid": "d6c0c7c0-745f-4d29-96d2-8434fa339c9f", "value": "\u0412\u0438\u0434eo \u0447\u0430\u0442.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "423fb6bc-92a2-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701693608, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693608, "uuid": "8ed2a930-4516-45be-805d-401d677d4610", "comment": "Malware payload (AgentTesla)", "value": "b7bf2de1322bb9487c7366106f00c2e5", "object_relation": "md5", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693608, "uuid": "7776d342-c0f1-430f-bcd1-9bf51395d106", "comment": "Malware payload (AgentTesla)", "value": "ecc59482ae956f5f2dee2bd979e5e9b3112bdbc6091134c698b3ce9f6903a687", "object_relation": "sha256", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693608, "uuid": "8739c604-85e5-4dee-9c50-839ae54d4f95", "comment": "Malware payload (AgentTesla)", "value": "673ebd618579ac209656de6c104a07ec97d194f3", "object_relation": "sha1", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701693608, "uuid": "872d3260-30d6-4922-9e92-8cb64a0ede39", "comment": "Malware payload (AgentTesla)", "value": "b29699c475bbf094a5ecf8ebba0ada5225cda695edfe8db24a9ce2fa5af762f7273915a2afd7eb84e4f47a6c70d2be79", "object_relation": "sha3-384", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693608, "uuid": "710d7dab-247d-4060-9daa-df3be5ee78a9", "value": "T1AF15AD84E5A85B51DDB9A7B05536C93007733DADA878E22D1CCD7CE73BBBB824412A13", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693608, "uuid": "ee85c4c5-2080-4ef1-b271-0f48ad6b5cf5", "value": "12288:B7lxIyzucL5ZRNmiVs2ON3vd12RaRm+n4j4C41eElP7r9r/+pppppppppppppppX:B7lNlx/V0hd12R44g1e81q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701693608, "uuid": "6b2e258b-d53e-437c-9e8b-85f96142e1d4", "value": 952320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701693608, "uuid": "23de7a94-8ab2-406e-8971-20779068b4ac", "value": "application/x-tar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701693608, "uuid": "6eaccd46-c623-473f-9566-a4f059197186", "value": "23GEM-50FGAD-011.tar.001", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34eda354-9258-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701661803, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661803, "uuid": "2183b795-d92b-4111-b331-2ed500484b08", "comment": "Malware payload (Mirai)", "value": "b1d8c946f314aa2885f801dc9229054a", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661803, "uuid": "a33284d8-8922-4531-89a8-64d8962f65c7", "comment": "Malware payload (Mirai)", "value": "ecee78cd39a265e225f7cd8aae825685f3858692a624463b88f50afd78c7c404", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661803, "uuid": "294108be-1430-4f82-9a99-c168a49832de", "comment": "Malware payload (Mirai)", "value": "1268542b35914001cb4c2bade17be1f38f93d43f", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661803, "uuid": "1985e09f-3403-40bc-b585-8df4926421b2", "comment": "Malware payload (Mirai)", "value": "1987af6ec976c689427608a499d96a26361d3eb62c31614264e67626557b0b929536196dbf4a503a81abb37483f6070f", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701661803, "uuid": "397f582d-d54f-4fe0-a1b2-96f9b37687fb", "value": "T13E235BC5EA43D1F1FC461579AC3BA3338673E67A403DDA63C3A9DA35AC43501AA2634C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701661803, "uuid": "e7892a7c-4346-4a27-afa8-d16f7a13eabb", "value": "768:0y9uOSRWhZ+9GMAtOecNVnGsVV306TKj6cNFv0rvVu8XcSzDgIU:0AuOSRWhZ+9GMTD9GGIjrLWvV9cSzDg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701661803, "uuid": "907e1dfc-4564-46e3-b973-ccc826d9816a", "value": 48300, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701661803, "uuid": "6d1d52d5-c6d5-4efb-912c-ceab6323c02a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701661803, "uuid": "f0d6e2cf-ac1d-4425-8b6f-6755d3390563", "value": "telx86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f554607b-92aa-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Loki)", "timestamp": 1701697345, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697345, "uuid": "fd75d9d5-3b4d-4e7f-b06b-38582aeed3d3", "comment": "Malware payload (Loki)", "value": "96d3a2f15f13c7478561fe7d34d6fb85", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697345, "uuid": "d070afbc-ebbe-4823-ac7f-3dd209410271", "comment": "Malware payload (Loki)", "value": "ed1c6dc27ff3964450b628cdc8a1f02fcbc61f1b277a2dbe6bf5e97b0a30caa1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697345, "uuid": "f0d82621-d695-4657-84ed-7b735274ab5c", "comment": "Malware payload (Loki)", "value": "5a321eb193a8b51a6e0654757eeeb0ce09848481", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701697345, "uuid": "a6414aca-8e08-4f69-ae47-c2119107b4db", "comment": "Malware payload (Loki)", "value": "f6a9cae9988e71c2ffc39a6a289f8c70603f0f14e2993344de414abc38f5ac7c2fbc140391a4558289e49e64e5796642", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697345, "uuid": "e7f385ca-2305-40f0-b50f-2955db6f9092", "value": "T1CAA4223EF14EC319D8765BFA74E664C583F405163238FA1F28A426DB2156F5A4E40F2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697345, "uuid": "839e8695-5055-44eb-9175-82d4e729d727", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697345, "uuid": "e37001b5-872d-46cd-8fe0-20ad18aad505", "value": "12288:Q45+po2bBPNkUr78z/DIyCjjoJ7isiee+GPSv7XamLowDH:z+pJllNr7GsjUYXKOmRD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701697345, "uuid": "8de386cf-368a-43ad-9427-40b643f45d18", "value": 492544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701697345, "uuid": "5664d78b-6c6b-44bb-88a5-fb7232152077", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701697345, "uuid": "eb7ba690-c26a-4585-bcb4-5c7351377c5f", "value": "rSparePartlists.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "febd52eb-92d2-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701714540, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701714540, "uuid": "cbbd63a2-faad-41d6-ae4f-88a45734fb1d", "comment": "Malware payload (Formbook)", "value": "4cfd99311876fa9a0bada7dba402b039", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701714540, "uuid": "20612b1d-8b8d-4dfb-9631-cf760f3f106f", "comment": "Malware payload (Formbook)", "value": "ed3666dd7717b088c56ed523b0726d73f9b17d2041ce07838c7c8bca29e4e5d3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701714540, "uuid": "2e97b3aa-960e-4d22-9980-859193d04418", "comment": "Malware payload (Formbook)", "value": "336593e49657a9f1891b8d375fbc2df06069b4b7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701714540, "uuid": "56cc764a-3a7b-4814-90f2-d1d47920c2b2", "comment": "Malware payload (Formbook)", "value": "889a8d1a1851ea82c503c4dbafbee54544407d0c6def2a91abb79d99c9ffd244aa2304dce28643c524fa9c10d53e3d7b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701714540, "uuid": "9cdf955f-88d0-446b-8b1f-c3b1e4742259", "value": "T1F5F4DF1862F91F59D47A67F482A4060103F73A9A613BE34D6DC9E0D73E75B020E1BB6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701714540, "uuid": "5c0b88e9-abf2-4c3d-8d7d-fef6bade1df2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701714540, "uuid": "1b8d8a83-a9ad-417b-8576-c50e4f53c9a5", "value": "12288:DfYNr4RLRExP45+po2JphiLCWBmryujMZwvj3KhyaV/u96qCQshkuX+24Pdt:hEk+pJdi2WOyuIZwvOQM9qCQskuO2u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701714540, "uuid": "6c0f1e93-85dc-4d28-b27e-028088a85f47", "value": 794624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701714540, "uuid": "2275f967-795c-4fca-8235-85241adfe687", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701714540, "uuid": "32c9fd37-d829-40fd-984e-0d171e535550", "value": "SecuriteInfo.com.MSIL.Kryptik.HDZY.tr.32348.31473", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab5de935-9245-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Smoke Loader)", "timestamp": 1701653842, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701653842, "uuid": "d63c224e-9a7b-4f6a-a35c-a4347fe45649", "comment": "Malware payload (Smoke Loader)", "value": "9705b269886bfc7a262c12486f5e6802", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701653842, "uuid": "509e1488-e80f-48b0-b25b-32a484f6c8f6", "comment": "Malware payload (Smoke Loader)", "value": "ed51744a40d59eb9079f26bbb57ddc76bf4b9d60ee1d575adf731b2571559ceb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701653842, "uuid": "ebe028bb-ee48-41ff-885e-2a30c4a0a60a", "comment": "Malware payload (Smoke Loader)", "value": "a9cb5931ddcc0cf8e5b886270bffdd14472e5248", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701653842, "uuid": "1cf53af4-150b-4b80-8d68-b7d570a5f60b", "comment": "Malware payload (Smoke Loader)", "value": "f0184c8d33b3efa93e339dc8f2f624e46c95c1967bc86fe6718a76edf632e2704c8e7ba4f96539dce08b15a14fc0dde5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701653842, "uuid": "d03d7435-5443-4e89-932f-97ee2f21f579", "value": "T157044B412398D9F3F1AA0B7500E0BD3D4D6CA9F66FAF8AA7B7C51E5E49289C01134B47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701653842, "uuid": "3f0bd5f5-0854-4a50-bc95-0c3fc11763fe", "value": "492605aa7b8aefac51399cf6619dc6cf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701653842, "uuid": "89cfe8d8-3ec4-4e81-8950-34b7b3377c42", "value": "3072:OBfsGpcW25Gp+VIVnZqJQ1m9yGV0iT1gOcKFxq25KnB+WWxm78w2AAAvSFfG:SsGckEKnZU2GVBgWKB+hgv2A+G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701653842, "uuid": "4c275473-5dd7-4e7f-a66b-5c97a0c5c232", "value": 185344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701653842, "uuid": "8dd585d9-0a09-4c68-894b-3b44ba0e68d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701653842, "uuid": "5eab0c8d-71b5-4a57-b268-ceb8fbada922", "value": "9705b269886bfc7a262c12486f5e6802", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48dffdf2-9294-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701687607, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "8e64de12-5faa-4410-a9f3-d3db36a94f81", "comment": "Malware payload (Gafgyt)", "value": "51e24c4dfca9d81b9bcd7557dd66202a", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "3de1acbe-59a2-416e-a610-3f7d483141ef", "comment": "Malware payload (Gafgyt)", "value": "edf4939e6b0100f77eb2a01cacffd2ebb40f235586b657183ff39c8b5e8e7c39", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "c2c20804-5c2d-469f-9170-8075a92ebe14", "comment": "Malware payload (Gafgyt)", "value": "c23c5752e0b1f79e4565008a124a87ff953acae3", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "8f89f82b-abcf-4beb-9caf-faba17f9c074", "comment": "Malware payload (Gafgyt)", "value": "c1578054a2050b6290b240ac1697c3c11d936fa1cbe3196f6312cce34304446f63ef18603e043e55d08dc45abc6990dd", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "eb1bdd36-2587-460a-80d8-52fc484fc2c9", "value": "T1D40471365A1AD127C496EDF8BFD6BAE38509F1A74E96920373C0244E0EF5D94281FDC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "491f56ee-6a04-4e81-b5d7-996bee6adbce", "value": "3072:FQEWG918tbJHkgkipfEiLRXT7MyXhlkwmLcWd8ALpyA/:VH8tdH3LXTXh3mLcWd8ALpyA/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701687607, "uuid": "58e047e2-83e9-4100-b44c-507ea78b1c65", "value": 176672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701687607, "uuid": "4ae4bc66-7d44-4e46-a846-6866011941f0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "d7026324-5e23-4da8-8a8a-eabdf350f130", "value": "hajime-like", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a0ff5d2-9271-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701672603, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672603, "uuid": "e918e1bd-43f0-4dbc-8818-5dbfa6a7ee8b", "comment": "Malware payload (Mirai)", "value": "4777eef3cbbb4188058382837ee3bcd3", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672603, "uuid": "1dd6f3b1-b6bd-4873-8ddf-7de40d00b1c0", "comment": "Malware payload (Mirai)", "value": "ee2afb0e6e2576d68c755000aec21efbd0530f31b2f111f40fd16c34e99f5037", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672603, "uuid": "9a176b86-73d1-4119-b027-2befad770e1e", "comment": "Malware payload (Mirai)", "value": "99c2d6aaeb8c926699c4784f8cea09a329f112d4", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701672603, "uuid": "17a8b9d5-59e5-4a3f-bbbf-df72363aaaf8", "comment": "Malware payload (Mirai)", "value": "1c07dc6e3ac7711ae75cefd2b4d5fb05a90a37602c44c97ab527f5c6d5ddab00ed4f185871621f9fb579cd66107e5cd8", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672603, "uuid": "d1da0ccf-04d9-4154-a5af-7923eae8e3ab", "value": "T15BB3B34DEA649B29C7E332FFFA5912CE322A0BDCB7EA70119E310B5537C8E565935120", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672603, "uuid": "1d2710e2-a337-46d2-b42c-422b2a2d46ae", "value": "3072:SMlligkUytpkZSrdfECqA+zarfL8f4aDB1u:X/98pc4+zarfLu4c1u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701672603, "uuid": "00e8e7f1-0d3f-4d7c-a9bc-8288ccac416f", "value": 115868, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701672603, "uuid": "9bee16f9-0bd4-48b1-b2b4-7a7e440fcfd3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701672603, "uuid": "bb61032e-5f91-46cd-9044-d0b529dd4e85", "value": "arm7-20231204-0650", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a7337d7-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698293, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698293, "uuid": "69478982-fbfd-41e7-9c58-708860e52c47", "comment": "Malware payload (SMSAGENT)", "value": "77d0d53ec8a1a96389decf6194336eb2", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698293, "uuid": "7a989828-4c13-4eab-9e0e-8bd6fe709931", "comment": "Malware payload (SMSAGENT)", "value": "ee83f3fed146bfb3d7ebda1dc20795db1d482fae0f6522e6777fcedbf720edae", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698293, "uuid": "1f75e6ac-dfda-4866-aacf-5aafcee0bea5", "comment": "Malware payload (SMSAGENT)", "value": "f76a99391333add6ea2f410646d7ffc37ebdbe59", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698293, "uuid": "2ac25244-65c8-454d-9528-c4d6242d27cf", "comment": "Malware payload (SMSAGENT)", "value": "7ce3a839a906fb85444273b668e53dafb0385699f369494da8cfbc102742c3060791ef20f44d030c7bb3547cc19b5d96", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698293, "uuid": "0baef971-aa84-417a-bab1-c0f38f3a1344", "value": "T1E9560175731CF40BE073DE316371814F71E085E51A72E312AB07B8585DABDC4AAAEE1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698293, "uuid": "03012e64-d0fe-4de5-af95-80e84ab3d26f", "value": "196608:/vDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYI4:TirUVis8O/0giAZ9PDM4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698293, "uuid": "e0f511d2-f3ff-4865-92c3-38789b2c8aa2", "value": 6376381, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698293, "uuid": "91b67481-7261-4503-9d9f-7ccdce028d24", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698293, "uuid": "8c350167-a718-4162-adf4-5fbb39aaa8d2", "value": "Mango \u0412\u0438\u0434\u0435\u043e\u0447\u0430\u0442 (4).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38595dc3-92db-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Formbook)", "timestamp": 1701718073, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718073, "uuid": "9ddb1143-a923-4bf6-aa9a-ede1d829176a", "comment": "Malware payload (Formbook)", "value": "0fbb91e3f74248db21952223a4734622", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718073, "uuid": "8bcfddad-2fab-40e0-b974-22301816a714", "comment": "Malware payload (Formbook)", "value": "ee869247ca9d4e73c21db2ae314bf66049b0398deaf00a475a89b08030e69c14", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718073, "uuid": "07a683fe-02ff-4bc3-b7ab-ea025e84e925", "comment": "Malware payload (Formbook)", "value": "77b8ecdb5d3bba59ef78feefd81e296bcd142321", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718073, "uuid": "754ab130-6a53-4987-a141-0fe1d153cd38", "comment": "Malware payload (Formbook)", "value": "06a2c3815353e54fb4aed8ee363ae021857d9cf73109eee9fda4c857c44e68e9ea19139aee0342732ed49ea7a93dedc2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718073, "uuid": "2e358c89-3cbb-4fbb-902b-a5a0f8652cdd", "value": "T16D25F159710C7103EAEC36B8AF61E97443A16CDA6C90E2E67CD53E8B33FD35315412A6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718073, "uuid": "fac175a5-2937-4eb6-93fa-70b3281dd15a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718073, "uuid": "4016f589-626e-44f1-b0c0-27ed59ad4d48", "value": "24576:qgO34/+Z+pJn5moA+ig6DiBydmLOBLF5SB:qgO38fJn5HA+2i8dmaVFa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701718073, "uuid": "6c8c7391-79f8-48ca-a96d-c976f5548a19", "value": 999936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701718073, "uuid": "aa1f4454-ad3f-4ece-a802-efc3e2c76e9e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718073, "uuid": "de44f0a2-523e-493a-bbd0-ec5c5ff45dd0", "value": "SOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f892640-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698301, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698301, "uuid": "e8276d51-52ab-4fdc-84d5-31ca551144ea", "comment": "Malware payload (SMSAGENT)", "value": "fd072cb958e9af62f7a5ab8452388f4d", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698301, "uuid": "3faaee71-2972-46b4-80af-4a8f3f71cb25", "comment": "Malware payload (SMSAGENT)", "value": "f06cc278be7cfed053562a7fbcff2c50a46a7e444a689f1ccbd24d73a50389e5", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698301, "uuid": "05f4b821-946c-4bf4-b39e-ff7d59b95244", "comment": "Malware payload (SMSAGENT)", "value": "1336ecb73a143cbf993a538b4f424553db39dfc1", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698301, "uuid": "31ce292f-94fe-4882-ac03-f8bf457aaeda", "comment": "Malware payload (SMSAGENT)", "value": "06e36a425bd52ba92cfa7e9fd6b5e83d7d903803e08bed112f7e21eb66cf0be5469a4d027fa4ae10357faec3367d1f52", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698301, "uuid": "e708d303-d384-4547-8865-e34795a45eab", "value": "T15366011A775EFC0BE263DA3123728D4B772B85F51360E3116B06B0686FB3D448D6AD1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698301, "uuid": "d4196a83-0727-448d-96bb-36c00830d520", "value": "196608:oyoEI25FawilQNbk2fwDBEsAZ9J9DCJYGv:oZG50qJkjpAZ9PDU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698301, "uuid": "47dcbf11-c259-43b8-b3c8-b135315cb4bc", "value": 6695861, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698301, "uuid": "d4622279-5b47-4b64-a5f7-a05dcc995df6", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698301, "uuid": "0f06780b-8f9d-428a-8b69-79e50552728a", "value": "FLIPPER.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec7c624f-927e-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701678432, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701678432, "uuid": "c7fcf9d2-a201-416a-9581-5267f8ef6bd5", "comment": "Malware payload (AgentTesla)", "value": "9fdc58e77c21bdc493d017806c814791", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701678432, "uuid": "80ff6d63-0d44-4b5a-91f3-d6f4a15de14c", "comment": "Malware payload (AgentTesla)", "value": "f17888c39de05db240eac5f53edc8ad9c1b1512c428dfcce5078bb9636395a8d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701678432, "uuid": "35b2a1d6-c28b-4f66-8235-8c9840427e3b", "comment": "Malware payload (AgentTesla)", "value": "87d45946cb600a4c1bcb30269187124c5fa0e8d1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701678432, "uuid": "547040ec-7699-42f5-b2c1-9b9a03171125", "comment": "Malware payload (AgentTesla)", "value": "c222928a951854efc1d7b9aadd6c0d1bb61d18cdadeb8611074f7380322d3d2603cb659953863d8d69f83b7ed8366a8f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701678432, "uuid": "4e869175-e1dc-45de-87c6-1331cb820930", "value": "T12A05226171A5DB2FC87A87F6D535540003B07A3A743AF28DADDB32EE5631B414E21BA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701678432, "uuid": "0f5ebb9a-61c5-497d-8d06-f4724018b354", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701678432, "uuid": "2525646d-4497-43d2-8f59-3eb240554797", "value": "12288:WWytW8G34/uK45+po2cOe9aPgt4npNKacCeIvzMGD1tkChTlCoXtn70IQIVAxqn:l34/up+pJw6BnpgacCeIlDZTlHdndwx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701678432, "uuid": "71f5738f-107d-4b63-b534-e6f34c38b78e", "value": 832000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701678432, "uuid": "ea5d6e16-d71a-4f8f-823b-dea6530d22fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701678432, "uuid": "54e6705d-6395-41dc-a0ca-3d98869fff42", "value": "SecuriteInfo.com.Win32.PWSX-gen.7378.19578", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6147433a-92dd-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Smoke Loader)", "timestamp": 1701719001, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719001, "uuid": "866cc6c0-441f-4cbf-ac54-de53c80684f9", "comment": "Malware payload (Smoke Loader)", "value": "f7527e23983f39d358260c9a583e9d00", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719001, "uuid": "a84d46de-3dd2-4508-942e-0d5f3a5cc4aa", "comment": "Malware payload (Smoke Loader)", "value": "f181f1f714f074ec2058d5d2d282316834e2150006ad2e27fed1e7ffc47ed753", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719001, "uuid": "e7a35045-9e1e-4343-b348-b8c7ca5369b0", "comment": "Malware payload (Smoke Loader)", "value": "ce724adc4d374a8e8034a1f29c905ced24bed4c8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719001, "uuid": "f694947a-03f4-4cef-9200-f658de2c01bf", "comment": "Malware payload (Smoke Loader)", "value": "3698929c234f81f720663a0b07d6c46b6fbdb5395e42b7a34c413936ed2b277729ca7a73ba3d75262c5ba8d6f4d6872b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719001, "uuid": "b42fc426-e5b9-42fe-bd7b-d453421b1fac", "value": "T1B754076392E07D45EA224B329E2FC6FC731EFA418E597B6A2118BE1F14B1173D663710", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719001, "uuid": "76b176f8-4a2d-467a-bfa2-1a1fa9e5e287", "value": "01f6fc978b1d93c9a83c4aab7e4e75ac", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719001, "uuid": "a422cff8-384e-49c9-b34b-dfad67becec8", "value": "3072:uitx+YXd/VEQQnV7rp78e1alujcEHBpsA+y5Uu5tvVZkTkS:PyLV7r+CalujcKsDLuj9iT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701719001, "uuid": "07a1345a-da7d-4097-8d95-d8af4cd79e08", "value": 297984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701719001, "uuid": "1de56902-68bb-4f7e-99e9-465e4957b5f6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719001, "uuid": "281e9f68-917f-4ad4-88ca-c9e8758bc934", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07f5f27b-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698235, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698235, "uuid": "d500a342-5404-4d96-b96d-f3b64b596669", "comment": "Malware payload (SMSAGENT)", "value": "0ffb8ace809dca6847c4b11214b1c2d8", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698235, "uuid": "46ce735b-2b46-4ab1-8628-4b997f716e66", "comment": "Malware payload (SMSAGENT)", "value": "f1f337506cf34737521efbd69fdeea1540cb971a2ad8783eb2e60717fb904aa0", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698235, "uuid": "77eadf8e-be33-4cfc-b9ec-12c4d65dbfad", "comment": "Malware payload (SMSAGENT)", "value": "058728b5c26b892cea12c7f653fb24c12d38d25f", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698235, "uuid": "65e278b9-4dd9-44af-ae45-04b801b1d407", "comment": "Malware payload (SMSAGENT)", "value": "381e56af40e9e1e2d4b70b711ca429dd56ad2571bcce01d6211cda1b7d6cba39f62445dc8729c70eeb835cc6ea023948", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698235, "uuid": "26996957-9976-4214-acdc-9622677e8b17", "value": "T14E560179731CF40BE073DE316371814F71E185E51A72E312AB07B8185DABDC4AAAEE19", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698235, "uuid": "d3777f25-e913-46a9-b514-b2c465991222", "value": "196608:/wDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJYZb:girUVis8O/0giAZ9PD1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698235, "uuid": "0ba48c75-3e1e-494d-acb2-070f03bce6f8", "value": 6384571, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698235, "uuid": "a7bd6650-37b8-42ca-aee0-af76a51df3f5", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698235, "uuid": "697fb94b-f721-4cbf-ab77-a018e6931614", "value": "\u0413\u043e\u043b\u044b\u0435 \u0444\u043e\u0442\u043e\u0447\u043a\u0438.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca6043b5-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (GuLoader)", "timestamp": 1701680952, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680952, "uuid": "cb84a932-e73d-432a-9f0c-34c4c2b09ef9", "comment": "Malware payload (GuLoader)", "value": "f46ac8b0d1b908425ec26319ace879cd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680952, "uuid": "1df62ffc-f4bd-489b-a003-e6ee4ad1866f", "comment": "Malware payload (GuLoader)", "value": "f1ff69624873e48be474c1666c8e6c2447c4fb0690dc440452eeea806d5b5f34", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680952, "uuid": "7163e0ae-5118-4e0d-baa1-584d48045509", "comment": "Malware payload (GuLoader)", "value": "51bc27c6a8e7766785af57a54e42fc6c14a8bb86", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680952, "uuid": "4bb6c12e-7be6-4d9d-a8bb-0affe7e6bd4e", "comment": "Malware payload (GuLoader)", "value": "497c62e4a7fb9fa555c4483019806536e943ba43b2e7107862e232a98d8a6d14e0b74020b957e171793d9935d1deb3db", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680952, "uuid": "cb658bf3-4dd9-46e6-afda-13d0520f3e62", "value": "T185151293F31C8496D435077218BFCD1A1327AD69AC61861F32C97F2A6FB63439C1B85A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680952, "uuid": "684d9c08-259f-4592-89e5-8bd5f6badd83", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680952, "uuid": "1b34d446-f2b4-4cb0-a1eb-26ff9302843a", "value": "24576:dpp4ca52JTn2ArzxK5x6ajNlHgKUKV3hIgnYP:/pi5cCcNWweNl15CgnE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680952, "uuid": "3c4cdc0d-098f-4103-b39f-35a29866c215", "value": 953640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680952, "uuid": "71816bca-b323-4340-b2b5-6d3e4e369278", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680952, "uuid": "22f62ca6-2d77-49ca-933c-ffba66073635", "value": "Ziraat Bankasi Swift Mesaji.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "016709d0-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698224, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698224, "uuid": "42d4d1b0-fb3c-44fd-83db-7bcd38eb9ddf", "comment": "Malware payload (SMSAGENT)", "value": "4777685dae3c3133a088a349721e8174", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698224, "uuid": "b2a1008e-b52e-4535-aa6b-1f14f4917439", "comment": "Malware payload (SMSAGENT)", "value": "f283351b77b6bf9d09c704f23eb1df6497a49db9ad69abfc0336dac86c9d8ddc", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698224, "uuid": "cfb439b3-56da-4292-81dd-28de7364a2e2", "comment": "Malware payload (SMSAGENT)", "value": "f1ed104ca8771f382da2c1bd265fe37cd0f2d15a", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698224, "uuid": "39267c8f-5fca-41b0-a03d-b75653ba824c", "comment": "Malware payload (SMSAGENT)", "value": "579b0f7d8f575219a9cb1eff115aeccaa8acf6ac69de1fa14ca93033158bbd79ac7616118a34ecd39c3de295f9637383", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698224, "uuid": "13e4698c-1540-4b7a-8f66-092b2d9aac7f", "value": "T1ED179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698224, "uuid": "f65697cd-b1e6-40a1-b91b-a6781f8b08ce", "value": "49152:nuuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvO:Vv+49UBEIIddXHNqjecemnMI+lEaA+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698224, "uuid": "4cd8d076-c021-4627-8e14-9373ca70e3a9", "value": 18580425, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698224, "uuid": "68cacd22-3cce-47d2-a5bd-f5d7e83ddcb9", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698224, "uuid": "e39f4ef1-2ae0-4975-8cc9-dffac0b2fb30", "value": "CinemaPlus (2).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e65f0eb2-92d7-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701716647, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716647, "uuid": "7a663b4b-1a63-47a0-a88c-309f85a79a9a", "comment": "Malware payload (AgentTesla)", "value": "8fd4953eff22c26da17114862ab723f1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716647, "uuid": "5216fa40-aef9-4105-90c5-c868657b3f31", "comment": "Malware payload (AgentTesla)", "value": "f2a8a26c8c1feb87ade473cd0603708b2d33d5543f4d7a5033ced728ce1beed7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716647, "uuid": "538ad6f1-cdec-4e81-8e99-7625283c10fa", "comment": "Malware payload (AgentTesla)", "value": "bfa38050089cbc5f7f9d92fc3a7ce3f4537a92f4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701716647, "uuid": "4aebad98-e88c-41a6-b034-f5aa3b0b4d35", "comment": "Malware payload (AgentTesla)", "value": "e2be2e0fe9f670a585cf913ce4c18ddcc54f321da613d362faf6f1ddb6aae2564f6857f735c453568d1d14d7fb9d5403", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716647, "uuid": "b8ae9660-0938-4f41-94bd-211b76f6b5c0", "value": "T1EFF4BF423285D8DAD4432EF288AFD6602274AD9ED065C60E3747BF2A54E7343395B7CE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716647, "uuid": "b8f3b1f8-2e4f-42d6-8567-525033a912cb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716647, "uuid": "ff7f3a29-2af2-4159-a2a0-f425dbccf872", "value": "12288:kzkob9GWzkjkiU5mwGwbufhhPrSMehih3WaP+0whHSU7ySityjK:2xk7U5LFuJhGlhoWo+7AdH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701716647, "uuid": "9770c553-85de-4474-a9d1-668222aaf3d2", "value": 786992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701716647, "uuid": "953ca68d-5ad3-49f5-839c-03b983713a2f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701716647, "uuid": "d7feedd7-6962-4651-adb8-4306f2c62841", "value": "1250232-00-Customs clearance information SHP2311-A4A1120-440pcs.com", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ed94f29-9285-11ee-b7ea-42010a9c0006", "comment": "Malware payload (GuLoader)", "timestamp": 1701681174, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681174, "uuid": "e8ffe4ee-7254-4f9b-b15c-91cb9448d030", "comment": "Malware payload (GuLoader)", "value": "adb5ba663773cefea80795266f2076d5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681174, "uuid": "dc80ea4c-d0b5-4c80-9c83-f4c487d27196", "comment": "Malware payload (GuLoader)", "value": "f2ad5670f46f3be3f5bd5b6bd9d3122dad6a48664bad0e6f4418396e02ab8c00", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681174, "uuid": "45e733c1-1ce1-4465-a6c4-8ac1ee84c7e4", "comment": "Malware payload (GuLoader)", "value": "bda490a4f2fb1afa38e1fab383717febccd2ac5a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681174, "uuid": "905ebe5e-55b7-4825-97df-98896951a0a6", "comment": "Malware payload (GuLoader)", "value": "e6b62f7510adb103f7bb6218384cfe35f1b3c43f35f862117b4e204b0b372149835056ded39eb88b33f49a89b95e6c32", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681174, "uuid": "afe39ab5-87d9-4317-8401-ebeb964fea94", "value": "T1A3B4BE49E762DCF9FA6A1379257159123F41EC5F6099289C228DFA223C36313509BCFB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681174, "uuid": "3c3a1883-fcea-4c39-8e9c-c1e781f240ed", "value": "66fcdd6338ffed276966867e7cf86116", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681174, "uuid": "9a37f5c3-400a-42f4-bce5-d397ef607aff", "value": "12288:ZaWwYQgC4tRFIBSxQoPWF6XGKmx0dhSxnyOvT:oWDnIBmQfSGKL6xyOr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681174, "uuid": "a3acf63f-e17d-48e3-9fae-2f05f30bba53", "value": 536715, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681174, "uuid": "418e9102-dff8-4502-b6f3-03c890ec2287", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681174, "uuid": "2f43768e-15c8-4872-a115-51dcc1461be4", "value": "T\u00fcrk Havac\u0131l\u0131k ve Uzay Sanayii A\u015e TEKL\u0130F TALEB\u0130_PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22d49247-92ad-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701698280, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698280, "uuid": "c005ab7f-7f15-4576-9134-d216e184b15e", "comment": "Malware payload (SMSAGENT)", "value": "0682fa8fda0d7c78c578ea59dd79280c", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698280, "uuid": "b246441d-b93b-4b59-9397-e0590ce57fad", "comment": "Malware payload (SMSAGENT)", "value": "f2bfaf9fc5c2586923145ccbdb74b73246f056bb38223b98a7ee94596bb5f56c", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698280, "uuid": "34d4ead7-67a8-4c2f-95c5-4028c3a39848", "comment": "Malware payload (SMSAGENT)", "value": "183d185fba3a3346d2651fd8d4ccb6df47c2c269", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701698280, "uuid": "9e60f73f-66a1-4f5e-b300-d4740820a17b", "comment": "Malware payload (SMSAGENT)", "value": "8d96f6ecb721259e2009aa1c2fef17658355fd488333982b00e030f0dc21ca046ab74539fec1c6e8e84f74e07f86db03", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698280, "uuid": "b3e0a0a6-6fc1-4c00-9d73-bccd5aaf7613", "value": "T140560175731CF40BE073DE316371814F71E185E51A72E312AB07B8585DABDC0AAAEE1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698280, "uuid": "a2f0f2cc-51bb-4923-aadf-e66ff15d6224", "value": "196608:/cDGhrUiyicN0foB/SWtwzL3AiAZ9J9DCJY3N:0irUVis8O/0giAZ9PD7N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701698280, "uuid": "f4e99311-5431-496f-9eb1-29345db08df8", "value": 6368190, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701698280, "uuid": "4f106794-0751-48ab-9db5-40bfa0061251", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701698280, "uuid": "431392b7-c791-4e8a-b7bb-c1e6f9401512", "value": "\u0422\u0435\u0441\u0442 \u043d\u0430 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0441\u0442\u044c (5).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2ce27a6-92a9-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701696804, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696804, "uuid": "fb75de42-bf1f-4932-a111-b24718b9ffb3", "comment": "Malware payload (Gafgyt)", "value": "cad355f47daf71faee5a553c8d4a5124", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696804, "uuid": "86fed3c3-9d75-46e3-90f9-e75d8b8b4681", "comment": "Malware payload (Gafgyt)", "value": "f47a362fb3ae69123dc563b235d03e20a95153870d58ef8810e1a1c7642cec6c", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696804, "uuid": "535d47f3-48cd-45ea-9f3d-b8aeb07d9897", "comment": "Malware payload (Gafgyt)", "value": "b5d3a2386230d7f23f726b04561be803e55cbf4b", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701696804, "uuid": "bf9eee53-7025-42b6-9fea-fd883df7b646", "comment": "Malware payload (Gafgyt)", "value": "04265b8c98287081e4ccb238d727ad0ce5e964b8784e7f6b2e82952356b2d36f673574d246a1d24ba5fb5ef152b77cae", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696804, "uuid": "33dcc51e-41d7-43b1-a770-65e3e1d81f39", "value": "T101C3D733F242C6B6C09752B016DAEEB2AC3270FB17A6311B33A46DB42F569D52D19E05", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696804, "uuid": "79e86318-bfbe-456d-932e-a9547467065e", "value": "3072:Nxyk5jAG1UE3a/yTobqEjTaMP6zmXFuPuWwdszE:jjzU4XYTaI6zmXFuPuWwdszE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701696804, "uuid": "bc13a71b-e065-4a39-9b84-2be589334dc6", "value": 129122, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701696804, "uuid": "b3a94324-3183-41ac-a4c3-492ce332251c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701696804, "uuid": "c8699477-0d59-4a5a-882a-83ac73807f97", "value": "cad355f47daf71faee5a553c8d4a5124", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19ff6c8a-9277-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701675072, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701675072, "uuid": "7ee44529-9751-41c9-b170-ed8f994e2bef", "comment": "Malware payload (AgentTesla)", "value": "a98f880aefb9f770cf0f280b6aabfc63", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701675072, "uuid": "a4739072-45c2-4362-9978-dc0a1ff9d0af", "comment": "Malware payload (AgentTesla)", "value": "f4c0c2490f385084d7673926acb7c950c30dfba656a77c85493cfc04889d002a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701675072, "uuid": "03cbc5ab-68a8-48b3-803b-72c892f45d42", "comment": "Malware payload (AgentTesla)", "value": "9aa8fbe199f4f7386e418076438f72a958147f0c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701675072, "uuid": "c6c63faf-0bdd-48ce-a61f-bc17002c802c", "comment": "Malware payload (AgentTesla)", "value": "31f67c1b3355e1b7fbd7fff98fccb2acb6bf28a22f2fcf05a835a242cd4f2ad98b4597e743a7e95eff0d3db098399886", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701675072, "uuid": "1a780207-caec-493e-be66-050d19e27179", "value": "T191D4230BB34CB321E54BD2B7D8A5117AC7B1970BB32AFE1D58A420CC6617B851FD2267", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701675072, "uuid": "c98cb253-9d5f-4adc-8957-fb4223a02e6f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701675072, "uuid": "dbbaee12-649d-4c50-a083-42a90486c69d", "value": "12288:FI45+po2V1kWEOIVim9yY7gRMpMCuaA9NV+wuSyW4hIcKvSwkPAg:FL+pJQnJyY7gepOaA9NV+gyW4hIpKP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701675072, "uuid": "362aa93c-27a4-4866-853e-430e36b79687", "value": 641536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701675072, "uuid": "b6676bc6-23ad-471b-bdcb-badf9f05126a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701675072, "uuid": "db330ff3-b10c-4678-9e92-9315864f6b06", "value": "SecuriteInfo.com.Win32.PWSX-gen.10296.12496", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1736a846-9244-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Glupteba)", "timestamp": 1701653163, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701653163, "uuid": "01b7c108-6206-4b4c-b3da-2705cedde472", "comment": "Malware payload (Glupteba)", "value": "a474e3060a9f404479c442e38aad6268", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701653163, "uuid": "07e7708c-89a3-4493-a172-d47f473851be", "comment": "Malware payload (Glupteba)", "value": "f5be7905ff4e3fcff8697d08de785719c1eeac0d5ac5b8373917de764cc0cac1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701653163, "uuid": "0fbc84e0-9e51-4da5-8380-1dcb03e544da", "comment": "Malware payload (Glupteba)", "value": "0edeffd5675ff0d9f3ea3e88a7e5c17a2e81df5a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701653163, "uuid": "2a68ef5e-27e5-45ee-a9aa-76e36ee62edf", "comment": "Malware payload (Glupteba)", "value": "534498d74e804088d81c9a88645bde3bd0c79282faa1722c2f50e6bccf30fb9ec0fc918c55672040e9979ea09774557a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701653163, "uuid": "023377d3-7d43-406c-a491-528199d7a8b6", "value": "T11AC5DF63E2B5C5568F40B45F9FC1AACA17B3C33EE4A4A4B96BF10E4552A8FF51038127", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701653163, "uuid": "e1106603-15e4-4d8d-9756-9cdc37b29b97", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701653163, "uuid": "f8c4c115-6156-4308-ab7f-eb94ecaac1ec", "value": "49152:2O+hK8MFp4NzIYVDoAYCWMZ4Z6zVyy3PBzVBwo8VKiTw0qUthHfH:1MxoODVh35bwxf3H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701653163, "uuid": "bda51549-c3ee-495a-aeb5-4895d75e70e0", "value": 2614136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701653163, "uuid": "36c52b3c-0f41-4158-adc4-63f56d920f47", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701653163, "uuid": "a5ca90ce-8a79-41c2-971f-bc7c16a618be", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7395651-92df-11ee-b7ea-42010a9c0006", "comment": "Malware payload (RedLineStealer)", "timestamp": 1701720031, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720031, "uuid": "d202a104-6100-483d-9b66-38b11265a2d6", "comment": "Malware payload (RedLineStealer)", "value": "c4700a9a592077d9036d47f0dcab106c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720031, "uuid": "0be3b361-668c-4340-9502-9e287561de93", "comment": "Malware payload (RedLineStealer)", "value": "f674ab963f396887654d68c621609c782b222c8dc6d8935255d9716fdd385104", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720031, "uuid": "19fa0c8a-513a-4777-8ccc-ddea1f988269", "comment": "Malware payload (RedLineStealer)", "value": "9944646120b39191c4c6ac3b15fb427c6f7a9d52", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701720031, "uuid": "b7182823-0c87-41f4-ace4-ba5842f876ab", "comment": "Malware payload (RedLineStealer)", "value": "26dbf7a1591d74a771ad45af1e481bb247fa315d50d2a4fe7847d220ca521ea0a21a0560e6935ea9da19dd51c5660104", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720031, "uuid": "fb34cd6f-ad41-4226-af14-d3700aaade15", "value": "T19424D526F348555DE83A433DB41C38709F70BC52E16EE32E55BA7EED693BB098A104D2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720031, "uuid": "6bfed126-83e3-4283-b7a6-ca6bfeee5300", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720031, "uuid": "d9fc3512-aad3-4095-850d-aa2cdd41728a", "value": "6144:861Eju7fNgc6qr6cFfUVex00AE1Ss7IYi87:R1EsNgc6qr/0s7IYi87", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701720031, "uuid": "3aa90426-8a7d-4d8d-9591-3b62ffe5603d", "value": 224768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701720031, "uuid": "a6b70d2a-f2aa-4f99-818d-131686c829fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701720031, "uuid": "9d5d5d06-cff9-4787-a128-b9b092015f8d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa124ba8-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701682186, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682186, "uuid": "3277a4b8-7780-4805-b781-1908a97fee80", "comment": "Malware payload", "value": "31b448139679de1f33ae0211c4cd230f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682186, "uuid": "d077d2dd-0482-416f-8999-db80c92e6fbd", "comment": "Malware payload", "value": "f7286572c14b5cf630ede0ddcdf4ba794ee3f70e31fcfacf7e8cf7b5c2230967", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682186, "uuid": "e255efe1-1162-435d-a6ef-eee614a597b8", "comment": "Malware payload", "value": "6987653a177ad8636a1b3b07877d1584e1398c65", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701682186, "uuid": "fd8f07ff-775b-43cd-ad55-da0b517663ec", "comment": "Malware payload", "value": "3b73bc573c3435f5948f0343e1af5b11da82c6e61b82d274d8a69d9ba315a4de83fa42e90e36f635463163a40c2b0852", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682186, "uuid": "6062b652-3620-4906-8d0b-316320e2a05a", "value": "T1EA742291D729EF48DA80987C1BAF3F6A7C0E73CE5F085C0B4B9718073A2E1551651AAF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682186, "uuid": "dde5976e-5e3e-4da7-902b-f2dfe8a6cbb5", "value": "7542f7f4afa0320b017ef73bc6ddba34", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682186, "uuid": "0e827cb3-5ccc-4949-86e3-63344e920594", "value": "6144:IIJODx5jgLvLr95OAdOFRrV6ffu0g4Xw9c12M0YKRf3Rcutic61HpJXM5IyC:Idv8LP9OvaG0w9c12hYohcutY1HnkJC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701682186, "uuid": "7894bcd1-f6da-48e0-aee7-31a48d226d55", "value": 360448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701682186, "uuid": "ec564d46-f588-4bdb-ac4e-b64220cbe08b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701682186, "uuid": "6ecde93d-6d74-4aad-a88b-4b2c92d58f0e", "value": "31b448139679de1f33ae0211c4cd230f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8f59f84-9295-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701688305, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688305, "uuid": "317532c9-74c7-4b2c-af09-6136f4bd5d48", "comment": "Malware payload (Mirai)", "value": "872f83e73b8172295fbb5664d47fe448", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688305, "uuid": "df3cbda9-0165-4f39-9a3a-b68eb93b8f88", "comment": "Malware payload (Mirai)", "value": "f76eeb99655d587a864057b88f4de99807ddf8b83248efa687c09b68e16d5fe9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688305, "uuid": "417cf084-eaca-426c-8249-05d610180a2e", "comment": "Malware payload (Mirai)", "value": "8952c1916e6e6b315aeb876607a010bf2ff6900e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688305, "uuid": "df430b36-f31e-4259-9429-94579e0fa967", "comment": "Malware payload (Mirai)", "value": "c01f43087d2583dd274d0e66475bbfe2bff607eeaff056dbe640ffb2d008f6800e48445af7c89adf7e3812ad39f63b57", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688305, "uuid": "ef3eea17-1a86-4d7c-897a-c50b2844b3d5", "value": "T1EE535DCAB8119E7DF5CBE67E85210D0EB821722150931B17BB6FFC83BD731648956D06", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688305, "uuid": "6daaae17-8415-4718-bf86-bfea9b90b727", "value": "1536:sXyRgQFVTbSX5pxLepSGYocF1ohON2P3B+qo76E8c:R1UvA8E9oOq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701688305, "uuid": "a17864e6-48f2-4016-a555-7ff9b6bdeb16", "value": 66504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701688305, "uuid": "35e2540c-89c2-4a40-a156-a04635e79000", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688305, "uuid": "3ecdb478-27ce-444c-89a6-5c851cf333f2", "value": "872f83e73b8172295fbb5664d47fe448", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b51e396-9287-11ee-b7ea-42010a9c0006", "comment": "Malware payload (GuLoader)", "timestamp": 1701681947, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681947, "uuid": "dd060042-6848-4951-8a5e-fe8edcb51be8", "comment": "Malware payload (GuLoader)", "value": "8f63989c8be7c64f94460dd231a570dc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681947, "uuid": "6aabf60d-d372-4511-a55b-790a97f4794c", "comment": "Malware payload (GuLoader)", "value": "f7be02f5ceebf889ff98f83f55c9de2b825229952abc034529223641d8ff3e31", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681947, "uuid": "f14e3197-9654-4a10-9610-5d45b87d2cba", "comment": "Malware payload (GuLoader)", "value": "791a3bd61b86197187c4cf4bda00addadb0ed229", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701681947, "uuid": "71b22129-af1b-4dd5-8db3-8caa8974f047", "comment": "Malware payload (GuLoader)", "value": "ab1f446b3b1fc2a3486ac04ee5dac87d685cc6052e61d8520f8ee995a0b351107baa94f6abfcc551fceb22d60893a451", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681947, "uuid": "33b81253-6a08-4000-8f5e-74241ca7dcdc", "value": "T1BB84F22D3210C8E5FD99C3B02B369B0B5ADFA8832141191737B17BB99735793E91E9C8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681947, "uuid": "e891fd2f-9e52-42c7-b117-e73e4370126f", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681947, "uuid": "0ffc125b-0e31-4439-8a35-09f547620b58", "value": "6144:6Q606xNlmkDntOv/52sTYmEO6blgwBAg28nhoNW/OPk5JjllUBHKewaN:UFLtOH5uLbWah98SlUAe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701681947, "uuid": "58ffbf02-63f7-48ce-9d67-227027e70eec", "value": 374473, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701681947, "uuid": "3dff449b-ce36-4a0e-bb8c-f6212aba5a58", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701681947, "uuid": "017dd057-d3b8-411b-b0e5-fa2554418239", "value": "Liquidacion por Factorizacion de Creditos.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40a443d7-9282-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701679862, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679862, "uuid": "196e626e-8472-43e5-8627-9df973b99f4f", "comment": "Malware payload (AgentTesla)", "value": "28e84214d01c73f8ea58167ee4e15245", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679862, "uuid": "c9db6d47-3770-4c8b-803d-ef96a7510688", "comment": "Malware payload (AgentTesla)", "value": "f7d7dc0b75fcd11b825c2447278e540332c1a0a927a4559ae9494828fe0d1a88", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679862, "uuid": "f48cfdc9-0e44-48fd-91cf-1ea8ff146611", "comment": "Malware payload (AgentTesla)", "value": "7e35fac510a67e18a382807ed3582488c1aa2a5c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701679862, "uuid": "d537453b-1a35-45d4-9ff0-98d77f4b89a0", "comment": "Malware payload (AgentTesla)", "value": "ed1e6b13df71916f78742c179adb31a646cfbc7853caf4627fbca06343b13df2f406d08f050677081a47447a4922fdbc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679862, "uuid": "579662af-fe95-452c-9757-8a22a3e5f744", "value": "T14BE41380F983DB22E4561B33BCEA71B14271538A3237DB8D5C983296D615B43358B7BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679862, "uuid": "843b0b4e-2c17-48d2-ac3d-64c620d390c4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679862, "uuid": "10f2db93-9438-4c84-b3f4-602cc20bc0ef", "value": "12288:TA45+po2KJTXRubQYBBMiB09ApT6M58iSoezgJcDlrLVPjnbwR7KouL8mRfJuO:Tj+pJKdRub9NiuOM58iq8cDlrJbERP+b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701679862, "uuid": "89af56b2-cb20-4f26-b5fc-1b22cedf79c2", "value": 698368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701679862, "uuid": "f86b38bd-c33e-4cf2-8b7e-8f99c8cd79c8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701679862, "uuid": "5fb951d2-fcfc-4e0a-9bcd-f7dcd36255d7", "value": "Halkbank_Ekstre_0230622_073809_405251-pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c291860-9276-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701674861, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674861, "uuid": "6afa16db-09c5-493e-a67d-9790af06d037", "comment": "Malware payload (Mirai)", "value": "f995f7456d90dd8bfe97b8afacfa0e0d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674861, "uuid": "ff98f152-7336-4022-b7d7-7f1ab937556f", "comment": "Malware payload (Mirai)", "value": "f892ddb6927cfb5fa881b510d2b9b6914cf08bcb51abeef982b3456b4ad9a1e9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674861, "uuid": "0223f924-3a83-4498-baf8-ca44cdb97e9c", "comment": "Malware payload (Mirai)", "value": "ced93ac59d090ccc727e144671ed72f1efbd3925", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701674861, "uuid": "2eea7b5d-a5c4-4bc9-8086-c4486ebd567f", "comment": "Malware payload (Mirai)", "value": "c547ee8e54583edd17aeeb3d3b44e8c036547af1fc8d8a35d17cadb7a4b891ac5aebd6a46e2188684bfa9f3019ac17ed", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674861, "uuid": "f2776ab4-c296-41b0-983f-333c38b1ecf2", "value": "T164436B52721C0E17C4A31A70263F4BE08BFFEAE121E4B685655F5B968936E331486FCD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674861, "uuid": "5c366610-f302-4222-ba78-83495c5b647a", "value": "1536:67F+VqwFvQ4Xzc9yVVuakxObIJy6eJa10s:kebyUSyVVutobIJW43", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701674861, "uuid": "48164fea-54d0-4fa5-bb02-4f455a718375", "value": 59764, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701674861, "uuid": "6d06e88c-7a16-43a8-bffb-02116b557da6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701674861, "uuid": "5b8c566f-3afe-41a5-8af5-65cadf8b9c38", "value": "f995f7456d90dd8bfe97b8afacfa0e0d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "623c73b7-9256-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701661020, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661020, "uuid": "c7b16e12-5acd-49d9-a79a-45a66370c803", "comment": "Malware payload (AgentTesla)", "value": "fd449c40bc2b3d98e382da115c279ad2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661020, "uuid": "32b7477f-9cf9-4dc6-b444-a6c8debba0ab", "comment": "Malware payload (AgentTesla)", "value": "f8b5dcd1c184f861edfc7c29db1dd1ad495fdbcb3748f03c0880db211c3085dc", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661020, "uuid": "7e09030e-c1b7-446a-8ba5-126bfaa1530d", "comment": "Malware payload (AgentTesla)", "value": "a3e5c9695f7c5545df0710e018cfff085ffaf7cd", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701661020, "uuid": "cf103ff0-6fb7-482f-84fe-8992ae08ac69", "comment": "Malware payload (AgentTesla)", "value": "8a2dd7308d974e5a81f98b92108e04a94b9295c1732160c5e3d6cc3b3d9a04c6303d6e87d446fccf66eaefca83fff308", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701661020, "uuid": "d0e7f48b-070c-4457-94ec-b0dfbcc18263", "value": "T15FD42360B3CA5F12C1A9BB7E90B53DA0D77C3588BF11FA0B1CD121CB4962B49A657B07", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701661020, "uuid": "ba17c9fb-f39e-4651-be51-a40ec2672ba9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701661020, "uuid": "11b9edba-9646-438a-9d88-ef051142b183", "value": "12288:r45+po2TPt2lDBxdSwzy9C1HWDn5c3a0agozg5gHYF90lQ4k6TfpP:q+pJLt2V3dSu1HWC3a0jyGTKk6TfpP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701661020, "uuid": "328a08c8-d6ae-4a9f-9b6a-bc791f6536da", "value": 640000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701661020, "uuid": "64ca20b8-c800-49b0-bbb8-12fc2cc354e8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701661020, "uuid": "8b2b942c-60e2-496e-9f7e-e1ffbc8ad044", "value": "SecuriteInfo.com.Win32.PWSX-gen.3634.24172", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca655e31-92f4-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701729056, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729056, "uuid": "791dccc1-36b2-40d4-aa05-e76add674ac3", "comment": "Malware payload", "value": "16268b688a3381b2ae38e6e9f2692ad5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729056, "uuid": "9ef5d7fc-512b-4bd5-bf9b-bb6990e80fca", "comment": "Malware payload", "value": "f8edb214d9bdf554245d8ec7745ab9a33a520e77d1ca30897feb8388a492315a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729056, "uuid": "93b84bb9-27b0-432f-9a35-293f184b7359", "comment": "Malware payload", "value": "2bc22698a8b0d30cac2b48295b08a0d470079929", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729056, "uuid": "68111be0-6390-455a-a035-b0086b10cb4a", "comment": "Malware payload", "value": "fc7155f194b369f3440a8c3319d087c749b2fb202a13a09ed3b092dd694b063fdc85d080ee83c149942e75c0c23a7e4b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729056, "uuid": "3a8408fb-0cda-4a04-adec-1b15b0ec5a33", "value": "T1FCD3FD3E35B16807F9FD0A38F4F5BA1642003123B9E65CCE6D14AA2CD373977369A664", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729056, "uuid": "53a6ac97-8a6c-4a53-949c-f2985812ee20", "value": "bb9dc484d891a7cf70c5c51b76b5d7db", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729056, "uuid": "d125233f-008b-421a-8103-b8f151d482b6", "value": "3072:arKiddDSt4dtH1G2hfdE8IiSYs377PhrU:cKiddDIK7GiOTiST7jhrU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701729056, "uuid": "b3b72afa-c0b8-42c8-a289-38e788bff0ee", "value": 140288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701729056, "uuid": "3eb31822-2b60-4c22-9a3b-93b78ca5c18d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729056, "uuid": "243b97aa-1627-4b9b-a7cc-000850377257", "value": "SecuriteInfo.com.Trojan.RunPowerShellNET.8.15890.26256", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6fb22fe-92f4-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701729103, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729103, "uuid": "03281762-d349-46e3-aae1-566c1ef8058f", "comment": "Malware payload", "value": "886b88e5aa40810afadda9a4817d8f93", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729103, "uuid": "4e2fceb9-97e7-49d9-bccd-352edae70d7b", "comment": "Malware payload", "value": "f9c03024ff6ba93d2fae1baf61bbf4d764cad9364bd02706988115a804004c84", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729103, "uuid": "c87fdd93-8075-4ed4-87a8-fa6ab2fedec1", "comment": "Malware payload", "value": "9391752c27c082a792913aeaf0c5485d656c46e2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729103, "uuid": "aaa52500-b403-4406-8dc6-cea8e7e5b40d", "comment": "Malware payload", "value": "119ca56e0744205418a8ebe696cbc6aef635b74d0b73ae7b34e718b274633a2755dae39f2ecc3c9b8192e16cbbbfb008", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729103, "uuid": "62eae80d-494a-470e-a877-a137e9567c62", "value": "T19254F59382E07D41EA264B329E2FC6FC761EF6418E2D7B6A2118AE1F14B1173D673711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729103, "uuid": "d3176fbd-da96-4bc5-af05-0409e83a633e", "value": "f93900f7ca0f03abdf4da6da510ee5cc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729103, "uuid": "26f90138-dcc7-4f35-a9d3-f4120e59291e", "value": "3072:Cpr0hrtslIhmgGQZJxE7+cceXDJN20qRaZFHH5nNtVZkTkI:yOtsk1wNN21RghNXiT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701729103, "uuid": "956131b6-91a4-4c28-8ca9-9ee1f791cdde", "value": 296448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701729103, "uuid": "55364325-ceca-48ba-9649-b6eede409d4f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729103, "uuid": "b2300c33-b988-4cfb-a6d9-d62d79d000d7", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6a6df17-9284-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701680972, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680972, "uuid": "0890668d-30c3-40b2-a00b-8e9857d47ca7", "comment": "Malware payload (AgentTesla)", "value": "e982efe6f8a7f422bc6c6d990b86f43d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680972, "uuid": "c8cd5255-1b54-42a7-97e2-e455b3b1a87c", "comment": "Malware payload (AgentTesla)", "value": "fa1263a8e9dea6c3fa9dce2ca23f8f235f8821446eb5089574c706c37db54442", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680972, "uuid": "5b5cbabe-e979-451d-85b3-42bf2f0dd8e6", "comment": "Malware payload (AgentTesla)", "value": "430dbd8e9b6457c2866b5b8341826a09596afa21", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701680972, "uuid": "3c4360d7-fe75-45bb-b5ec-aff27a484252", "comment": "Malware payload (AgentTesla)", "value": "2d0596d66e2efce9b4e31bcb694980b2187152f0e7c55c6a904bdf4419607fea65f5954a4fba14a6b577984fb4f547a0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680972, "uuid": "edd6d08c-b61f-4f55-bce1-29c22ed0fb39", "value": "T182B4BF89FB63ECE8FE560239257158163F429C5E60D9295D228DFB263C36203509BCFB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680972, "uuid": "c416f4d1-3188-47b7-8d3b-b776cb6650f5", "value": "66fcdd6338ffed276966867e7cf86116", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680972, "uuid": "4718bb0e-ff64-4c46-9027-4d87effe72e1", "value": "12288:ZaWwYqkpp8KKQCr2j/xdsnKODz9xyGamW1MMv:oWDx5fj/xqn9x/amAMe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701680972, "uuid": "f6e7572c-7554-4f04-bb68-2eaf7177f45e", "value": 534712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701680972, "uuid": "f26cf9fa-3c19-4350-9777-5a094eb529c6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701680972, "uuid": "df80b39f-53e9-4067-8b36-15c61a2933ca", "value": "price request .exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb0ff748-92f4-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701729057, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729057, "uuid": "e677358f-1252-464a-b66d-39c433496d8b", "comment": "Malware payload", "value": "364f1eeb1ecba221d1ba930fbdb5e050", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729057, "uuid": "d39b77e3-e69d-413b-b9af-027da7ec0d8c", "comment": "Malware payload", "value": "facb6240627523db6b3ea21e1acefdc1183ae7f4496fd333227ac764a5ab2c21", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729057, "uuid": "b039a09d-e3de-468e-b75b-830a1c3e8d32", "comment": "Malware payload", "value": "b2c1a8c3fc1a68633b1ec64c48a25e8f7de3e598", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729057, "uuid": "64717140-cc30-4cf3-97cf-9e993d3e598c", "comment": "Malware payload", "value": "f11aea5bc2e9536be5930e2dffb9532c0918c36b40b26bc2d1f4f4f746d3d91d0c1cad4a8f4e2c906139ef62b1fd4ac4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729057, "uuid": "ae2765b0-24c2-4180-a53d-34c8c068659c", "value": "T14DD36D7E35B16806F6ED0B74F0F8AA5342003123BDE64CDE2D14DA2CD3339A7769A665", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729057, "uuid": "96b64fd6-2627-47ea-886d-af09cd4ec615", "value": "bb9dc484d891a7cf70c5c51b76b5d7db", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729057, "uuid": "a5413dbc-1c8f-43c7-a547-0818e549b328", "value": "3072:GrKiddDSt4dtH1G2hfdE1DecSTs377PhrU:AKiddDIK7GiO0v27jhrU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701729057, "uuid": "57a2e6cc-2b58-4d20-b7e5-35208ada6948", "value": 140288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701729057, "uuid": "1f5cc3eb-af9d-468a-bd78-57e565fd1adc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729057, "uuid": "93f2718b-d623-4bb0-96dd-96c0de06e2c9", "value": "SecuriteInfo.com.Trojan.RunPowerShellNET.8.21087.27712", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48e77704-9294-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Gafgyt)", "timestamp": 1701687607, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "198535e0-74c4-4100-b585-f00775fbf139", "comment": "Malware payload (Gafgyt)", "value": "6c3b4c8fa7687682e84dc30ccb0d0e72", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "6f93767e-bd32-4fe9-abee-af71d62fd259", "comment": "Malware payload (Gafgyt)", "value": "fb29c9f348246589349e48b47515bf37d58db9dfa40d931f9a411a0de7d8e69e", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "471d43af-d293-49f1-88f9-463ae62ef747", "comment": "Malware payload (Gafgyt)", "value": "882436549984bde750052e59b7bfa61c63a2a245", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701687607, "uuid": "b8e86746-96fa-47d7-8a30-ffce6b2a259d", "comment": "Malware payload (Gafgyt)", "value": "dcc1cebf610773cd3fb2288759f81a7176a0f44740a3f7ede46711fc1ea3c53b5dc224e7a673b7fcde7bf34061625122", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "755a68ce-8e3e-4908-84db-6b71434272ef", "value": "T1E534B624C91AD217C4E2EEFDFEC576CB631AF2439BC6A3027594516D1FE1E94242F888", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "286eaa4b-cb4b-4aa6-bfc2-14563ed3905b", "value": "6144:yz/X859I5g7S3ba0sTL84/meM/9+SmL7LOf4Ix:G859I5fbadgv/MSmL/Of4Ix", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701687607, "uuid": "d9ee8ce9-01aa-40ce-8860-f6085ea5659a", "value": 245719, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701687607, "uuid": "17083538-9434-4876-ba3e-cf0a649c2fbb", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701687607, "uuid": "96aa364e-91e4-4dd9-abc6-fb783681b5bf", "value": "sshd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b745b53b-92ca-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701710985, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710985, "uuid": "8be6971f-89ce-4d80-b92b-9be7a4e353bf", "comment": "Malware payload (SMSAGENT)", "value": "8ced62d797759f996e8621f3d793a816", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710985, "uuid": "ede9f2c1-a8b3-4e55-9c30-d6042ec630a5", "comment": "Malware payload (SMSAGENT)", "value": "fb56b281af0ef1ca30d8e53a43ffeafe75b237e1f2b8b4566a089e26a8819949", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710985, "uuid": "a0c9c385-8a8a-4e20-b99e-027438d84410", "comment": "Malware payload (SMSAGENT)", "value": "ed3ead0e36c2c82bca2573b7efe118d1162745b9", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701710985, "uuid": "dc7321f3-5d9e-48e0-b344-4ac77d330d97", "comment": "Malware payload (SMSAGENT)", "value": "dc974ebf2d3579f167a6dac9b76ae0a495f6e452f7c91df91f5370cee48ec3fa56598b0550c491713c94ff3ef29855ec", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710985, "uuid": "3d440621-2bb9-4a6b-a98b-ef30beca6b85", "value": "T122179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710985, "uuid": "c002b764-d6ec-4eca-bcaa-0f933fba75fd", "value": "49152:guuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgv8:Ev+49UBEIIddXHNqjeceOnMI+lEaAs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701710985, "uuid": "ace927eb-833e-43a9-83f7-0ac5e0f22836", "value": 18565217, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701710985, "uuid": "910d4a27-153b-410b-8995-cbe9348de3de", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701710985, "uuid": "9572b349-d58a-43cb-8934-fb491aa1c69d", "value": "\u0417\u043d\u0430\u043a\u043e\u043c\u0441\u0442\u0432\u0430 \u0438 \u0414\u0443\u0440\u0430\u043a \u043e\u043d\u043b\u0430\u0439\u043d (4).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "adcabbed-92bc-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701704956, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701704956, "uuid": "cad3d8df-2a3a-4227-8d28-70275e15d24f", "comment": "Malware payload", "value": "9f01767647e2e72f446d374bbcb20c53", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Wipelock", "colour": "#B09E97", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701704956, "uuid": "20d63c85-725a-4181-9a46-7c7988444236", "comment": "Malware payload", "value": "fcee982b3d0e1601b40078d98df03503668aec7542721f921ae8248bc3cec3a1", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Wipelock", "colour": "#B09E97", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701704956, "uuid": "b274300b-fa7a-46d0-9534-b4fb4a6d7a4f", "comment": "Malware payload", "value": "f6b1adcd7723b525418a05bcede5c671366d7ab3", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Wipelock", "colour": "#B09E97", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701704956, "uuid": "bda8d257-a610-427a-8be9-b39c319229bd", "comment": "Malware payload", "value": "3213940c754669c5e68b3edc2244879c37950c3d7139dae4ee47eba3b4bc13489a090163f7c0cf3821cd61e326f616f3", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Wipelock", "colour": "#B09E97", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701704956, "uuid": "7927f06e-59d0-4885-98b7-b9bb5213eaee", "value": "T145C423A4D2EDF583C9BBA73487654247D53777A268201B0016DCB837E4AFB644F42B2B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701704956, "uuid": "47921c26-1d09-46b5-9688-c56371927fb8", "value": "12288:kjRH6+O//n3tKpSsM+1HA+x283ecVS3EVqPlR6i0Ci3jM34D9Z:kN6+ONjstg38OOS3EW6i0C+M3SZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701704956, "uuid": "cf77a1f0-e608-4017-ae13-d7a815ba1834", "value": 546763, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701704956, "uuid": "5f6831f9-3247-4637-92e0-9adb3f9a278a", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701704956, "uuid": "b3f76a92-5723-4d39-808a-dd394cc11538", "value": "WipeLock.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c50fdf09-92f4-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701729047, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729047, "uuid": "20316bc8-8179-4fc9-8dcf-b389c2fbf416", "comment": "Malware payload", "value": "980d4e2461ba1eff402fd8ca32afd269", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729047, "uuid": "a12ab402-617b-42ee-82a4-f084c0570134", "comment": "Malware payload", "value": "fd74d210a74724c89ef7be69400c99949ecb299e131c264003fb34a1816e8cbf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729047, "uuid": "1de7c1a7-e6ee-4424-ac14-d2e7479beeb1", "comment": "Malware payload", "value": "b5dc45f27cc09d9d943627d9ffab8b02488b2b46", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701729047, "uuid": "7f0efdfe-1cdd-437d-9e05-ad148186e779", "comment": "Malware payload", "value": "c9f78ead63210a1d345942a1f0161ac449bedad59527007c2803995e850bd825390f4c718b246a40a12ec74f30b23c04", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729047, "uuid": "8504b1a3-a12f-462a-add6-a00609380135", "value": "T197521902BFD8C129C5ED0BB868F3A3144371A62B2A21DB1A3CE894997D7379406457FE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729047, "uuid": "a4c261c7-7d7c-4307-9088-89d7acae94ce", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729047, "uuid": "fb0cf287-ecaf-4f13-b42c-42d1c3c69f89", "value": "384:n4KNpcPFDExwiqgAtUUg2Ic87lDg4ryEMDQZmjQKkSu7ee3J:njLcqPqgWg2+f+tkB3J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701729047, "uuid": "841a6f9f-d454-4fa7-82b2-4013513eab03", "value": 14336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701729047, "uuid": "f051a797-3960-4d88-8539-3599eea4a7a8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701729047, "uuid": "31761a2d-5a58-4bc4-a202-358e215ea2b4", "value": "SecuriteInfo.com.Win32.PoshC2-B.26971.21401", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eca0b972-926e-11ee-b7ea-42010a9c0006", "comment": "Malware payload (AgentTesla)", "timestamp": 1701671560, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671560, "uuid": "6e0ed5b8-0824-4f58-8fa2-62d75d3c69ff", "comment": "Malware payload (AgentTesla)", "value": "8f6e32020ff43045b2167852d84e54a3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671560, "uuid": "4585ab35-5851-4c20-9406-6c8b4f609d2f", "comment": "Malware payload (AgentTesla)", "value": "fda6a19a5be3d7cdb1c894afa2b2b47bf7ce53c4ed27ba6d50035fe07046f076", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671560, "uuid": "83fdb7b9-2def-4ce0-ad3e-d68fb776f3db", "comment": "Malware payload (AgentTesla)", "value": "7b58b87ffdf0ff255451a178204934a2eb2e215c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701671560, "uuid": "614e0d1a-4c40-470e-b394-e31f7555f868", "comment": "Malware payload (AgentTesla)", "value": "40e38cd7a4553ad5fdc9ecd02253b86169a51beb611d76f6f580aa9761948a03068892a35243a6c3814003808eeafa1e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671560, "uuid": "1531a29a-0534-4b34-91b0-5f7daeab8c1c", "value": "T13FE4236B36D66F36D0225A3B129C69166BFCB7093563FA3F7ED950C85680F025E00B63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671560, "uuid": "2365297a-6b52-48cf-a8bd-faab609bb239", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671560, "uuid": "28a57c50-0b5c-4cd0-b503-1e241b8e46cf", "value": "12288:t45+po2KVqLle12KbhMsXj/aVZbKCLMya+VRB4SmL2EoSbpXNvLVslIqh:Y+pJKaQ12sMsXIBLpRIL3dFVslI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701671560, "uuid": "47559296-ecd2-4f4d-91ac-fdef212e5942", "value": 657920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701671560, "uuid": "4104191a-565f-4d59-8611-59205fdd24bb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701671560, "uuid": "46609d1c-0130-414a-b356-b18a2c13406e", "value": "SecuriteInfo.com.Win32.PWSX-gen.20898.7811", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f152922-92df-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701719937, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719937, "uuid": "6b29aa30-4da4-409e-a373-0a5f9951c968", "comment": "Malware payload", "value": "1989f0ceb6d9b97569b80ee906ec75c7", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719937, "uuid": "0842825d-0662-4693-b902-474a76e966be", "comment": "Malware payload", "value": "fdeafb461d0bb84e1bf6e28a5e9dd3b9a9838b00d4037dcd14d278679ab148fa", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719937, "uuid": "2b2ecc46-022c-4ba2-bd33-a090765f940f", "comment": "Malware payload", "value": "a92736d9e45e2f18f421a04dc32170f6d12fbc44", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701719937, "uuid": "d13afe01-4bb4-478d-9af8-d86c61b059bf", "comment": "Malware payload", "value": "9435f7145694c97cf32d0893592d48912b9d2f122205aeb64686f953a4239b48b078e8375c3a6a8b46fcc38f091648a3", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719937, "uuid": "0f94e0eb-8b16-4c10-bb8c-8b5ac38754b0", "value": "T13076011AB71EFC47E223DA3263728D4B772F89F51251E7116A06B038AFA3D448D1ED49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719937, "uuid": "65a08500-7bb4-4c08-85bc-1fea42fb0cb4", "value": "196608:erzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLF1F3nswU/Q6FKNcnF1:kw0pdMGbwBAej2L7nswxgF1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701719937, "uuid": "2b7ceca8-0fdf-4b77-b6c1-2db779cfc308", "value": 7336290, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701719937, "uuid": "ad7ff3e3-80b8-41a5-8db4-31f697f9c5bd", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701719937, "uuid": "9bbc7c3c-6c4a-4fac-a923-a56dbe1199a7", "value": "poppy 18+ Live Video Chat.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "907c5324-92dc-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Stealc)", "timestamp": 1701718650, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718650, "uuid": "4c281f1b-518a-42a4-b030-d102896086c2", "comment": "Malware payload (Stealc)", "value": "f57035d13d2cc9777b2c8df6e2470fa2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718650, "uuid": "893c2831-1d0d-4a02-be73-1b3432ab592e", "comment": "Malware payload (Stealc)", "value": "fe51a9deb7a5465e8bfd3aaa8352e036613f1c9f257c2dce810b5e01bab5bace", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718650, "uuid": "3dfdd83a-5760-4601-b6e1-0f06975708d3", "comment": "Malware payload (Stealc)", "value": "4e563e4957bfb8d1f2f504a640e14ed230463a78", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701718650, "uuid": "8a7a2969-d741-4cca-ba08-fc1cb088ae7b", "comment": "Malware payload (Stealc)", "value": "4526adf58a363e29f459801c06082a3c9017a3e810945fb317a04563a1589e601192e4ca2efd10cdb75b4ec53ab47eab", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718650, "uuid": "a691dc01-a77a-446e-8e6b-6e794db99a16", "value": "T14D5406A383E07D45EA264B329E2FC6FC361DF6518E2D7B6A2118AF1B14B1173D663701", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718650, "uuid": "7bfa2a4d-d8f5-4613-bb1d-5091e610ecf0", "value": "01f6fc978b1d93c9a83c4aab7e4e75ac", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718650, "uuid": "d5c90031-6c7a-475c-8d64-c7df400925d9", "value": "3072:M/tOuYXdXa+844dvwNwvxk9ThdGYCMd60iAJt17K+5Up0cVZkTkS:gHB4kvwavxATh0YCjc7Qp06iT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701718650, "uuid": "36d25e84-3f7c-4e7a-bdb7-4581b1c1fdeb", "value": 296960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701718650, "uuid": "ae8676cb-a461-4bcd-9a4d-a9dfcf96e7c9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701718650, "uuid": "e448075d-7c71-4d4e-aab4-5aa3178dda12", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68b07d85-92c6-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701709135, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709135, "uuid": "585c09fd-ebbb-4efb-b30a-c3bfc91ce98b", "comment": "Malware payload", "value": "9303dcb6c858809a804056a540250eeb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709135, "uuid": "497c8f8c-40ad-4215-9578-6a3294f975bd", "comment": "Malware payload", "value": "fe565bbcfa6ef7a07cfccb3606ecb49424fe0a270d56902136d3070187cf5215", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709135, "uuid": "c971df61-fee9-4ed4-a636-a33f22aaffa6", "comment": "Malware payload", "value": "dc3c86a2f2da9d40ac43eb7ec6d6f30832e46120", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701709135, "uuid": "bedeed4e-a4d6-4640-889a-618cdb79ad2c", "comment": "Malware payload", "value": "684f319adb2ec9c44163c36b9698f342db2547b4a565529df9ab6cf0283be678f18529d4893c616ff870805b33500a1d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709135, "uuid": "7d8ab9a2-7eb0-433e-a0e6-e35c1abe12e8", "value": "T17AF6336B537A4047EDE18C35CA33BFB57AB212574E85BCB58AD9BDC508235E4D202E32", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709135, "uuid": "37f8cea8-c4a8-4a26-af9d-b28b3a3685f5", "value": "d758755cd33dd55f576c6658b5cd164d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709135, "uuid": "09871ede-c58b-4895-9b4f-3f2b5ae06f18", "value": "196608:pdKT5MBK71zeVrp/I2FpbCnHifwj8BI/BxGp64RcJr+o9Bys19AjEUZHyccqslAI:TKtSKhIQ2LGHifwTXMj/+Gc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701709135, "uuid": "dd8b1f47-d312-4f3d-bcf9-58cd9eed5587", "value": 16632216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701709135, "uuid": "827c759e-ca7f-48ea-bcae-4a4165265f22", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701709135, "uuid": "4cc2de05-3ef5-4140-a0c2-97b1564ad46b", "value": "UbillSoft.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e39848fb-9295-11ee-b7ea-42010a9c0006", "comment": "Malware payload (Mirai)", "timestamp": 1701688296, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688296, "uuid": "38996e56-d72e-4e67-9b8f-ab8e63137e5a", "comment": "Malware payload (Mirai)", "value": "06cdabb801a7cc340f7a5220f788e674", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688296, "uuid": "8810f62b-98fb-4ebc-b79e-646e9814d5b4", "comment": "Malware payload (Mirai)", "value": "ff157dd8a27336e421d26cc8d5e77fad8d2499b4e2c55fcdeb5afc9f28174720", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688296, "uuid": "5fc607d1-4566-4631-875e-6cc0e63e5eaf", "comment": "Malware payload (Mirai)", "value": "8fa31dac68d157b8854659d43dee86089cdd886a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701688296, "uuid": "c336f782-cc45-4c67-825b-76427c950b5c", "comment": "Malware payload (Mirai)", "value": "a5b3b548f18f7afc077ac34745d590827ec4e7ddcd44a01fc7d315aab504133f54d820efdd8bc2d6e91b3e14f91ad4b2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688296, "uuid": "86b3010c-f755-46fc-84bf-ba4c1cf73144", "value": "T1C6E2E1B9473905F2D9F09E76CBFACD4267A17B3C715A7442129023D99AC360A32F94CB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688296, "uuid": "9879bb9e-416f-4316-98cc-046722b1f6d4", "value": "768:hljOHlOTcLs7Z8FviuyIENCHBhroJ4qDkGZ1vPtZ9q3UEL5C:hAFOqquyqBhEiQLVMLw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701688296, "uuid": "636264a9-c3ea-459b-84e7-d82f4b3385b1", "value": 33036, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701688296, "uuid": "f7ca1c56-0407-434d-b43b-afe4ec0a7eec", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701688296, "uuid": "e5eda382-0d11-4be3-b4a6-2bcb6e29c257", "value": "06cdabb801a7cc340f7a5220f788e674", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "08daa4c1-92c2-11ee-b7ea-42010a9c0006", "comment": "Malware payload", "timestamp": 1701707256, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701707256, "uuid": "a201e67a-2ef2-4c68-911e-61bb517e495f", "comment": "Malware payload", "value": "5aa612e94bdcb0f1f2b7da959c075743", "object_relation": "md5", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701707256, "uuid": "8db3d6ec-7df6-4d86-b19a-160957f3011a", "comment": "Malware payload", "value": "ff392321a6ee80920b3308fb70c570b872b211f9c7e6dcda93a55280521f1f3f", "object_relation": "sha256", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701707256, "uuid": "0db5b045-42c5-4acb-9f66-6ce5fd8c8caf", "comment": "Malware payload", "value": "872d830390d55727b19d1f5c03bb4e0e7ddc2a69", "object_relation": "sha1", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701707256, "uuid": "098eaa4c-b4ba-4f4b-8e38-5bda49e7d2db", "comment": "Malware payload", "value": "e0e532f461168ec1ade241a90ffa039e503ece39226cf4ac400ea4fbd5f4ac5dea711076833f987e6a25ed010be6b786", "object_relation": "sha3-384", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701707256, "uuid": "70468002-186a-4cd2-bd4b-96092ef7cfd5", "value": "T150163349C1E18E271E0E14CE97B01F2F9A59EF1126484BFDFBAE73611302DA1EA5C931", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701707256, "uuid": "fdad13dc-57d9-4af1-a434-944831270733", "value": "98304:tQSbzceDszOHawZPj9u/N+YaVrCroEtpaex5TJumllg7W5TTgfLspWs0y:iSUeDpHaijcFYOaaztllg7ITTQHs0y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701707256, "uuid": "2835cbf8-ed6d-4b84-a463-cc121f8e8e55", "value": 4298860, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701707256, "uuid": "9ee75db2-052b-4481-bb4e-b0a79bfc9ab9", "value": "application/gzip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701707256, "uuid": "58bebea5-7948-4908-a795-511d66757a19", "value": "SecuriteInfo.com.ELF.Agent-BJG.14149.17580", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7820695b-92cb-11ee-b7ea-42010a9c0006", "comment": "Malware payload (SMSAGENT)", "timestamp": 1701711308, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711308, "uuid": "e6cfa1eb-02f0-4afc-9ae9-19bda7530b1d", "comment": "Malware payload (SMSAGENT)", "value": "52b91c28eeb667df0b00f3bdf24ab226", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711308, "uuid": "2a2155a9-9158-4233-8066-73d29d0d32f2", "comment": "Malware payload (SMSAGENT)", "value": "ffea90b6544b9a9bf65313dcbb87bc7caef55b83c23ba73230a06cde593e9ed7", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711308, "uuid": "eebcc62a-ec44-436c-8e57-f680064d5351", "comment": "Malware payload (SMSAGENT)", "value": "6172d985da68288a1203c980ce65c0d984dfdb14", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1701711308, "uuid": "1629a808-30e1-428b-a627-99f41026cfa6", "comment": "Malware payload (SMSAGENT)", "value": "1f5531c70d110f0e7f3896f3d6050dac90c495941593eae4516a5692858c9750bffa712f00c5019bf0dc6616aa168981", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "smsagent", "colour": "#B59784", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711308, "uuid": "29a8bc1f-25c2-4c7c-873c-6da12c40baa2", "value": "T1CD179E4B7346A863C07E837A95F75B0137365DA9B7038B132809B6BC2DB31C58B56BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711308, "uuid": "6a300838-ff1d-4aeb-943e-6c7380f0b4a8", "value": "49152:fuuYWifWve4Mg/zoWIPyGg4CJCp4z8aGRuA/4SQ4sgEJPI2tSzD4gaLdXkGKSgvg:tv+49UBEIIddXHNqjeceUhnMI+lEaAA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1701711308, "uuid": "ba44dc5c-4f4e-4232-8680-7e7fd5ea066b", "value": 18574458, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1701711308, "uuid": "137198cc-dd29-4e67-89e2-20d98208922e", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1701711308, "uuid": "4866beb4-d334-4854-bd64-523267464c22", "value": "\u041c\u0430\u0440\u0438\u043d\u0430\u0418\u043d\u0442\u0438\u043c\u0412\u0438\u0434\u0435\u043e.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }