{ "Event": { "published": true, "date": "2023-10-18", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-10-18", "timestamp": 1697673781, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "dbcaa9a9-8160-4843-8a61-18463415728d", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15ab3258-6d61-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697597423, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697597423, "uuid": "414bb9f3-e2eb-491d-96f9-35128c457f69", "comment": "Malware payload (RedLineStealer)", "value": "96549289562f5533f59defe5354e2f9b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697597423, "uuid": "0a8de669-54a6-454b-85da-77379f574846", "comment": "Malware payload (RedLineStealer)", "value": "007435e873fc6c2112d636dd8016cb1b6d0179ed7eed633e734c56cd23d43e36", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697597423, "uuid": "c8ea6f92-768a-4879-b8ff-d72266c8a2c6", "comment": "Malware payload (RedLineStealer)", "value": "d0f358175b11ff823214220e65b9f4e02a09fede", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697597423, "uuid": "0f856671-6c28-41eb-b525-13567cfa3c4f", "comment": "Malware payload (RedLineStealer)", "value": "58d3e74d8cf3ba444e24b25222ce729a1cd9afb6495de492e2c0c9f97c29a64dd2d704f1a390a4a2ba78486ce6c94092", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697597423, "uuid": "19afee42-fe4f-47e5-9fb8-b5ed6201964a", "value": "T1C2F41242A7E84072DDB117B069FA03572F35BC925E7C475A2B879A4E1C733C4A931B2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697597423, "uuid": "134eb896-e77c-4552-84ac-cc3d9a9fcae1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697597423, "uuid": "482aa86b-6a72-490f-8d0f-f74683a7a3a9", "value": "12288:lMr2y90ckIsuVNitdQiCZ6TqQTiIoBqi5QDA6pek7LV2qwCM0lrKfq:HyXkw6XvCZ6Kbr5f6peeLrKfq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697597423, "uuid": "15f3e8be-4853-49c9-9a65-88e15c2c38b6", "value": 755712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697597423, "uuid": "db5bf525-7509-4505-972a-ee719fcb96ae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697597423, "uuid": "6658ed2b-2bae-4788-8e6d-767f35963598", "value": "96549289562F5533F59DEFE5354E2F9B.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "13ca02dd-6dec-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1697657120, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697657120, "uuid": "580c7133-8e6b-44ae-a6cd-1d844d7c13ca", "comment": "Malware payload (Stealc)", "value": "7576e26d1694b9c91628fdd00e70c7b8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697657120, "uuid": "2c555267-8f80-459f-aee9-eccb69148758", "comment": "Malware payload (Stealc)", "value": "026852f32a62ad4182dd36c3b344ebb9eb76f9446cd280eabf342703379968a7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697657120, "uuid": "8015c0b5-8508-435f-ab21-24f35d4b09c7", "comment": "Malware payload (Stealc)", "value": "2ff02fcf9a7fa78503eee5f09434c70900c69c51", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697657120, "uuid": "c78d30d0-4b2a-4afe-83e1-559ffbf7c721", "comment": "Malware payload (Stealc)", "value": "a66849dc2bab28ac62a4cdacc2942636123faad6d3b76b7dae1624b4e5a89e4443f06461332f97c598f0d2c72ac6f827", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697657120, "uuid": "3b91514b-fe2f-4633-af3d-ce229e3e0368", "value": "T1CE44DF2176A0E431E4931A315870D6652A77FCF3AA6586CF37843F2EAE312D15B75B03", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697657120, "uuid": "513ed92c-2da1-433f-9491-e53ba161f0b5", "value": "3be35b9fbdf783b05b0280d396415c6c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697657120, "uuid": "ca7be34b-15fa-4591-938d-19b1c81e6f2f", "value": "3072:AeEBNTwHymjS8YGlJQZjgGaey11eEz28bxEnFzTnj6qSB:Y5YymjyGlJQZjgLDlHExvI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697657120, "uuid": "bb1ee5aa-0611-4767-a54a-20bd7bb81f58", "value": 270848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697657120, "uuid": "e9b4b084-ef20-4ea7-bd9c-4554820af825", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697657120, "uuid": "f10fd7e2-01b0-4f02-805e-39e3319ccad4", "value": "7576e26d1694b9c91628fdd00e70c7b8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "539a6d0f-6dab-11ee-8907-42010a9c0042", "comment": "Malware payload (RiseProStealer)", "timestamp": 1697629310, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697629310, "uuid": "5a02b0cb-0bc0-4c86-94d2-2e345ab7996d", "comment": "Malware payload (RiseProStealer)", "value": "5343530ccc47a3bb626067b9bd63363c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697629310, "uuid": "d26e8073-4697-4a5f-97e0-2267b0c3e928", "comment": "Malware payload (RiseProStealer)", "value": "0313a5f02468d30e523310b3966c2f71cdf378160eb3089c92622c1cf0bcc9ba", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697629310, "uuid": "03d65ced-19b8-45c5-a611-97eef8fcc8c8", "comment": "Malware payload (RiseProStealer)", "value": "9f1552b9e26d270f29f32b1bd00a08332602ad5d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697629310, "uuid": "49fe7c17-4547-4779-bd72-93765b103387", "comment": "Malware payload (RiseProStealer)", "value": "35fa040ebd6e593c7c840dca0c9f82c54cbde6cb62e2ea7064f8b032b7815a224c0dc577886b2847c512c9bf93383808", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697629310, "uuid": "631d480a-2797-4f7f-8bd0-2ee68fe3f620", "value": "T12506338AF7426C5ED68901706359D13CD5342E90FEE909C1264BBFCB2ED81F24AAE54F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697629310, "uuid": "e0ca8c20-d23c-40e4-a48e-3647a9e39089", "value": "a7b93c85322555ce5149c255418da6de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697629310, "uuid": "ab6f721a-4275-48f4-9003-7bc0425517ad", "value": "98304:1chuLzRWoAlTc04ozywk+hL/OrbAk851ggu3G3ZUk2CQHrBT:1cYMhFjvzNhLq1+83G3ZUdCQH9T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697629310, "uuid": "c41f2b8b-65ed-49ad-b35f-d4d28854e26c", "value": 3783864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697629310, "uuid": "3367c816-71e8-47de-b9c8-e09e32180b4b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697629310, "uuid": "59e5d832-c6ec-416d-854a-524b71463ea3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "194248b7-6d9b-11ee-8907-42010a9c0042", "comment": "Malware payload (MarsStealer)", "timestamp": 1697622340, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697622340, "uuid": "86cb4191-16a9-43e1-81d4-79176cc614f7", "comment": "Malware payload (MarsStealer)", "value": "801d070a56519e8c09382c1452a7cea3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697622340, "uuid": "e3c86011-8c29-494b-b68f-d60bcdb1dc40", "comment": "Malware payload (MarsStealer)", "value": "04f11d41e2ecdff73696e13542852f8a5adece9cdaa16625316eb621a0aafbba", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697622340, "uuid": "97a88f4e-168c-4505-8f6a-58a030a7614a", "comment": "Malware payload (MarsStealer)", "value": "42ec310406b99bef4b48cb11f385f55156469f4b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697622340, "uuid": "438c0edd-4f63-4602-8f1b-4160e41057b7", "comment": "Malware payload (MarsStealer)", "value": "c4de0056a119d64cc177de0d8d673a98ebeaec8c11009e7dd714bbe43b207b0b7296e8ee8b5683d2c10f9f7f42f1ab51", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697622340, "uuid": "afdcca57-6656-49a6-95b2-5cfdfdc57653", "value": "T1CC54CF10B6D0D476E9A31A355830C2A61E37BCB2E9A985CF37943E3EAD302C05B75B53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697622340, "uuid": "f9a0a495-daa7-4078-8c35-6dfb71529c9b", "value": "70c0c8c536ea72be5890cc7832a19ddc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697622340, "uuid": "3f8c1d84-7d27-4d17-9bce-ed6c09391dee", "value": "3072:TpBNd4EzykVJUTGHHU0AMxv2+anJJExHsDQ93OVweBU3Nsi3YkV:bX4YykVGGHHU0AMHan6HsDg34BRi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697622340, "uuid": "85ba98ae-46e2-4191-989b-7fd71e4b4040", "value": 279040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697622340, "uuid": "0c2150ce-b4e7-4d30-9263-6821781742be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697622340, "uuid": "bcaf5c28-416c-4795-9618-a6be363f5e59", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48dabd77-6dcf-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697644754, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644754, "uuid": "d9e0f078-484d-49c8-93e0-1656e237b9eb", "comment": "Malware payload", "value": "d6f1f8854b3ab07965ac9f0b109fd65b", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644754, "uuid": "db9ab8c9-9e7b-422b-af12-c8f45a8811ad", "comment": "Malware payload", "value": "05cfb6d52e31028e3c972506574ec7b175247c6a6adb59958e0ea11b47d1dc63", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644754, "uuid": "33257de5-4097-43d9-88b0-9ffac678f466", "comment": "Malware payload", "value": "4bbc1c7f2d2090a1dbf5d467bf80d4ee56b93c65", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644754, "uuid": "a97640ae-84e3-45de-a247-315637f5032e", "comment": "Malware payload", "value": "dcab51d4982ec3d31f8143099d3ebd72c1a01cb4a8b68d00f36a89c3ad5b6b7f2252c5aecfc8d315d4f058de6c433d5c", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644754, "uuid": "3231c8e7-13b6-4104-91ff-f566ded86d08", "value": "T19165F0039804DAC3C45D83F8BD1329E90E0D7F2AE8D979DB14927F9B3A31AA7095E15D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644754, "uuid": "7e4605bd-8173-474d-a21c-16961236adfb", "value": "24576:xWQmmav30xsxZyiw6VC+6bvdXXXXXXXXXXXXUXXXXXXXXXXXXXXXXy0yqZytw6VA:AQmmQ30G7y6V76SN6VP6ypLfDCM/6v/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644754, "uuid": "3289810c-73df-437a-8b87-5b8e9b6ffa48", "value": 1492480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644754, "uuid": "33d1f650-2161-4ae4-bb17-04188430eded", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644754, "uuid": "a156d0dc-8d44-454e-9efa-a89f6e6a3346", "value": "DOC.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "39513ab0-6d8f-11ee-8907-42010a9c0042", "comment": "Malware payload (Pony)", "timestamp": 1697617240, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617240, "uuid": "c20394ff-571d-4799-8bec-934d5e6b13a6", "comment": "Malware payload (Pony)", "value": "a017ae7ad78d5ce6fc8501193aa42355", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617240, "uuid": "2989e7e3-1d76-4e45-a659-f3830f0dd05b", "comment": "Malware payload (Pony)", "value": "0608e75265cf09373a3e1237ac9e53952dcf688f741ad3003be437df7c9a8218", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617240, "uuid": "f7b8ff59-a6d6-4816-9639-b64cf34c1da0", "comment": "Malware payload (Pony)", "value": "aa9528d422fd7216808a9c0a863616d0ca4f3043", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617240, "uuid": "0658b3f9-976c-4536-82f8-eb80dcbe96f1", "comment": "Malware payload (Pony)", "value": "5fba4933f313b6e1772731fc5feca7c888223068328f3b3b5e9032c091406c3b9e81fb0f721a7843fff212bab2404596", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617240, "uuid": "6204b670-54c7-4dfb-b484-15b147414a83", "value": "T1B0D3BD6A9D841412DCCC107C44A2573BE8219C1B2BF806E32BBA7B2CD57149A7D1FB9F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617240, "uuid": "e5a8df11-039c-4483-81ee-b379e6825f7b", "value": "c21ce34bbb484df12925d4f3b6d36da6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617240, "uuid": "1d4dce91-e2d7-4c8f-95f2-dbd2267ab173", "value": "3072:4dz1b0lqeaEL9UEZ143E0aFidq7KjSjtTiM4ijyh:Z9aEL9LZ1QEvmq79d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697617240, "uuid": "30225916-87dd-4e9c-b98c-8e32be812920", "value": 134144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697617240, "uuid": "3809896f-b1e8-45c8-ac1d-f13ad206e74e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617240, "uuid": "71d34bbe-67a5-4aac-9636-add365db7e8e", "value": "a017ae7ad78d5ce6fc8501193aa42355.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "392fb5d7-6df5-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697661048, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697661048, "uuid": "881ed4bc-e424-4fc8-8d10-d4950f7c8613", "comment": "Malware payload (Mirai)", "value": "05f3f3b73adab857364dfca9c34ac6f9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697661048, "uuid": "878284a1-b8ba-40db-b740-a1b0038347ee", "comment": "Malware payload (Mirai)", "value": "065d16d0299fc623839b13415836c836bbc93ada8c949e7a4be1ea553d6af0a5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697661048, "uuid": "075399f4-2b6b-42a4-8df0-9776f614703e", "comment": "Malware payload (Mirai)", "value": "cded5c47bf6ff07d11263312cea854f4a245c6df", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697661048, "uuid": "aeadc848-bbe4-45f6-83fd-0e08fc15810f", "comment": "Malware payload (Mirai)", "value": "f76ba6307a2a829320a98f199637361faec98080d76b49d49d3a74573d884c51445a2b812d14bee4b472b4ae57b67685", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697661048, "uuid": "fa11bdcc-df1b-4957-a55b-e26198000c69", "value": "T159B2D1F67306B671C5200834B6FAC48977C2257CE1F431B3A55746A8709A1B7C9F2D6B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697661048, "uuid": "42963d71-c64a-40f9-b6d6-351775ddc592", "value": "768:wsOnMLVCC8HQe5tU1dO+uwsi283sNSTxs3Uoz8U:wsOn7NxiBsAAz8U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697661048, "uuid": "3b04c83b-c159-4694-891a-161429a4cbba", "value": 25304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697661048, "uuid": "e650cf1f-2e0c-4246-af17-d5b706ac48e0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697661048, "uuid": "1179246d-03b7-486f-8027-e5bfadb77cf9", "value": "05f3f3b73adab857364dfca9c34ac6f9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e76bea54-6d98-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1697621398, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621398, "uuid": "ec268534-6c80-4614-94a6-530f0cf72106", "comment": "Malware payload (GuLoader)", "value": "a1e921da696ef76f22f1b46c8a9d3160", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621398, "uuid": "ccb66ef5-9227-4fc3-8ffb-fb5a70a43fa0", "comment": "Malware payload (GuLoader)", "value": "066fc8ae5ec7fb2d4ec270490c721d97df66daa02dde0d25645c94912c37db74", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621398, "uuid": "97e2f080-52d3-4d99-910f-2f4f7a0baf28", "comment": "Malware payload (GuLoader)", "value": "9a712ab9286f7bf47f199ce149f7d14f6982b9ad", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621398, "uuid": "7b1b4662-8f3f-4868-ad49-80c11dc88dc6", "comment": "Malware payload (GuLoader)", "value": "d310bfd8720572f291c66c5af8800c10f7f844b5231c1f1751a0e1f2d233d357c83942c153c70f886f12220f6ac0ae30", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621398, "uuid": "e52d772e-cf0b-40cf-873f-179535d627b1", "value": "T180A50155F004EA8EE83A41B0F827E5F3845AAD59D668593F31427F1A35F3207127BA3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621398, "uuid": "00c10b34-f1c9-4306-948f-e7da476ed70e", "value": "0293eec0b5432ad092f24065016203b2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621398, "uuid": "942ecd7f-a509-4810-ab92-1455275ef905", "value": "49152:457jqXY9tBwvDQqk1DZ24AcrVjDaHmkux6ZSblYMJz:45mY2vDQlj2vcrp+GZs+lfJz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697621398, "uuid": "1df92a82-1194-4fae-b1df-9be69adb6e4d", "value": 2118536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697621398, "uuid": "672c0832-b7f2-41a9-a437-756034f45c26", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621398, "uuid": "18b7649f-5fb7-414f-ae9b-912aaeba3148", "value": "SecuriteInfo.com.Gen.Variant.Nemesis.20619.6283.20823", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d4527fa-6d97-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697620736, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697620736, "uuid": "b30d5527-6831-4a8e-b5de-02d20bf924b1", "comment": "Malware payload (RedLineStealer)", "value": "28869b1167c5f816e2923a2d3133dcf7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697620736, "uuid": "0805d17a-730a-4276-b46c-d73c890e86e5", "comment": "Malware payload (RedLineStealer)", "value": "0862eca8195791d0880bb2c7b9089fb975fa30b9567c158f03a70fc86991f70d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697620736, "uuid": "a6931fdb-b5fe-453d-a6b5-466e635cacb3", "comment": "Malware payload (RedLineStealer)", "value": "9e393c6f760a3a69bb7852a144e5abd68b2215b7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697620736, "uuid": "19db2cd6-0d5b-4330-86ec-f75528abdb4a", "comment": "Malware payload (RedLineStealer)", "value": "e746dd43be0362bb49a61cb541cf5ec9ba3b34f3b482b8d619b65f5f618cb9dfa03cda0a511004961f00d556beb5471e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697620736, "uuid": "b6f0bcd3-24b2-472b-a3a6-5e078c17f3a8", "value": "T18F94381330824131D3E092F659E68F751B26F438DB62A94F131A1DBFA6F726296377C8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697620736, "uuid": "89db380c-3583-4c43-9152-4a6c141717d9", "value": "4f0cdfd3e1be2bc790b5aa9061b7d52c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697620736, "uuid": "cc89cd69-5d4b-4d2d-8bcf-eba566d105dc", "value": "6144:xqrm6g5xShvihb5oVIlCMInrAOA2UPu4TTj05JmC83X24SCD+waljy:xAw3SBibAVOaov05JmC83X24Sm+w8jy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697620736, "uuid": "3a60ea43-939e-4d79-885b-ae81bc209a9f", "value": 433664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697620736, "uuid": "fb32079a-ee1a-4ef3-8107-c307132b30fc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697620736, "uuid": "b5770ef2-1073-4c9b-ad8b-c7a8ed12f626", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "08576907-6ddb-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697649800, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649800, "uuid": "f38061c1-3dbc-4959-9669-45174e765660", "comment": "Malware payload (AgentTesla)", "value": "487fa93e89fd1ec0969e0083966714bd", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649800, "uuid": "44730f71-d6e1-4816-b8cc-732231bd5674", "comment": "Malware payload (AgentTesla)", "value": "08bef6d15fe30410b624cfad64ba2e410312d8bb03fa602a31b69c91dd307147", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649800, "uuid": "21374122-5246-4a42-9218-0fab8e36ec57", "comment": "Malware payload (AgentTesla)", "value": "9863eb9fcca5e3c1befb4a11f3ca6ab3dae6cda8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649800, "uuid": "6dde95d1-f92a-4f9d-bcb3-d03a8b5de141", "comment": "Malware payload (AgentTesla)", "value": "37ae53696901f2e38e5b9f022b9a678cb978669e044c68ec7f44277d23f1d1534dbad67c67d2d5b2c0d96946a41ce78d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649800, "uuid": "1a0178c2-6a21-427b-acf1-6818dd605802", "value": "T197156B7E1DF98227B978D6A6CFA0C432B062D6EFF5665D2AD0E746418702803B4C71BD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649800, "uuid": "517064d2-77ff-4ce4-8ee3-5a1683fe90c7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649800, "uuid": "43619013-9b0b-4267-a6d3-7ab6959f17e0", "value": "12288:7jYnlngXMUZZ7FMlyXEc4TZyTxsltRuLpcXvZKZFBYfdO:PYneM6uyXEc4TZyT6lKmZKFYf8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697649800, "uuid": "1f6185e9-5244-46b4-8af0-771269971ab3", "value": 946688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697649800, "uuid": "f95f9473-01bc-42ef-b3d4-3669aea1e0ea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649800, "uuid": "ecfc0e65-4d90-4db4-bcfa-12c3a0fcc6d6", "value": "487fa93e89fd1ec0969e0083966714bd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2715c090-6d80-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1697610767, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610767, "uuid": "621db687-6952-40c6-8d8b-c43d23094587", "comment": "Malware payload (Formbook)", "value": "a567c65aa004ac7952471ab00f7830da", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610767, "uuid": "5cb25a40-3478-4121-b474-57935acf6ddc", "comment": "Malware payload (Formbook)", "value": "08cd8549926ebf2917a0191018a82cfd45e66461361d9cbbd4a36507f502eb35", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610767, "uuid": "c75b1ace-d587-467e-8534-e9761e4ea36d", "comment": "Malware payload (Formbook)", "value": "7c4952f19889832e835bcc3d2b12c670b78c248d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610767, "uuid": "4c78cd11-f4b9-4142-802d-e11b9df9bae9", "comment": "Malware payload (Formbook)", "value": "f0e3f4ea802eb4fc31f2d9cce78f52bec9528dec7bf7d0404323c7f5d287b63991f7a0589ccfa08fb3ca9d3a898e9c2f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610767, "uuid": "cbdf36ea-8b13-4079-bb51-e9871ed13190", "value": "T1C1D4125537A8CF2DD8390BFB8570E310C7F5B826A831D6681D8528DE0A7BB648614FE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610767, "uuid": "e2da9a3f-72cf-4470-92af-eaff9103d5fc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610767, "uuid": "69197460-be1d-4157-8e66-5fd62d3d42d6", "value": "12288:JzfqB2Up1Ya+bMyFLGqd9p7Lnqwmpab78FihIcxPHzGqsbkY:JT62UDY7MKLGM9p/qJu7yb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697610767, "uuid": "b56d98f6-b93b-46c9-aafb-6c5f57252ed9", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697610767, "uuid": "6ec87216-d2c9-4368-bc09-700ea61f5770", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610767, "uuid": "b3a11763-3fb1-4182-ab52-6fac913d3f5f", "value": "IMG.00HJEIY PRICE-QUOTE SSG.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "129cdb20-6d7d-11ee-8907-42010a9c0042", "comment": "Malware payload (RemcosRAT)", "timestamp": 1697609444, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697609444, "uuid": "12129463-bcfa-4431-963c-f70f524aebf1", "comment": "Malware payload (RemcosRAT)", "value": "8e02b4bfe1075611f57c4de66a31584c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697609444, "uuid": "91a47f21-0baa-418c-b6f2-af2dfe9f23ee", "comment": "Malware payload (RemcosRAT)", "value": "097728d666fc53c8db011b2194f36b7f01b5dabc602b4857caf4c01877385bb0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697609444, "uuid": "187bbb83-2266-4bcb-9c01-cdd0dd2fce15", "comment": "Malware payload (RemcosRAT)", "value": "3582ee3c7e091c9d0c16a0f1d14c0f6346223763", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697609444, "uuid": "776ae9d9-6384-42de-88d1-878c884bec04", "comment": "Malware payload (RemcosRAT)", "value": "bbdcca3a60c7a16e07bdadaabd9de3192e16ebc84ebe8fa509a8fb541d9391f255b5a43646b295997f48c5e7b0ecb790", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697609444, "uuid": "ba730f66-7bb3-46ef-bea6-f282d44ad478", "value": "T14EE401CB063F57BDD4BA19BAC8C45D406756C83889D3629B7C42A16A0D19ECFD4C39BC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697609444, "uuid": "3ecd8b66-1cb5-4b9a-b44d-3bfc32fd9cc7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697609444, "uuid": "cf80565d-3389-43a9-9626-6e0272d49cde", "value": "12288:JEyEq+UwjUDcXhZYH0VQeHXUyLLHI+BLWkKm+0YrOiqoB:WWAjU9HHeHfN3KBV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697609444, "uuid": "bf0b837e-5612-43e5-a55a-86a06e25b0eb", "value": 706048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697609444, "uuid": "edc498b9-468a-433e-8c39-7632612faeb2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697609444, "uuid": "9fe3539a-ae7e-45df-b457-8bbfb0a17ca3", "value": "FGH0987650980000.cmd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e200d406-6d9b-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697622677, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697622677, "uuid": "53e538dd-574e-4636-9a6b-5743a4303c56", "comment": "Malware payload (Amadey)", "value": "cb732910eeefea982a2be480bd76aef6", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697622677, "uuid": "2cfa1099-9322-4558-bce5-d75a418efa86", "comment": "Malware payload (Amadey)", "value": "0a25ae93bb04dc653fae12737ef5e65b7e3e2fe7737df67fc9f430528a0672b5", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697622677, "uuid": "19fd3156-d15a-4657-b462-8265527d1996", "comment": "Malware payload (Amadey)", "value": "8b24f5d002b88456c45a888107bc362dd9668dfa", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697622677, "uuid": "71161b5d-8791-4881-a062-54cc5a58e7da", "comment": "Malware payload (Amadey)", "value": "7d4213cd6a0811a07036cf25b3ff9bf50918ea3623acd3b24e3ce5a7b3ca73bd94b7ebc8000d5d8d8da0f51a6bd373dd", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697622677, "uuid": "fcd6061a-6a0b-438d-8f84-dfd603cd0f25", "value": "T1E8352342A7E84432E5F5277448F253C30EB9BEE15978877F2782E9894C77980E87136B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697622677, "uuid": "a19a026f-cbd0-433b-8f86-15218bbcde68", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697622677, "uuid": "4853b63e-f682-49b5-84aa-1f37a3847883", "value": "24576:jywq33rFAbvyfdOUVr1iAVPGRalhngPmLbqQJIu:2wQObvy1OUGAhGIHgPmnqCI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697622677, "uuid": "7246ffbf-61c5-4b22-a0f0-a90477afe488", "value": 1089024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697622677, "uuid": "e2f3bab4-9d11-49dc-9e32-77e1baa67ba0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697622677, "uuid": "ab47da19-8da1-4e0c-920f-fd4a30cb6b1b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77a37ca9-6d9f-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697624216, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697624216, "uuid": "dd0c4df5-49b5-4e5e-b8f4-e61ea7beb631", "comment": "Malware payload", "value": "8d86eba88d867c575ac9f78f28164e0e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697624216, "uuid": "0e2676a1-033d-4296-83e4-3beb9e6c7d09", "comment": "Malware payload", "value": "0abe025db85d896d5f65b69800229ebd0ca3168d83569d8c77a04c0bcf06097b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697624216, "uuid": "9a8c551f-6b06-412e-b9d4-681effa62710", "comment": "Malware payload", "value": "93ecc89259e42f920a540bb3c6c33d6cc0805674", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697624216, "uuid": "ab29a9d9-9f24-4bd9-95b1-4ecdf8ba01f5", "comment": "Malware payload", "value": "0c1091c2215eed591f5684fc24316f113405042c07105f8b4e887e1bbf8c128597bf6d5ad7acea9dfd09a6cd4a7260f6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697624216, "uuid": "8c24ec7e-1a38-423f-9c26-7e31f7b4c5f6", "value": "T1A9123F91E3F80936D45F27BF68E24E836E3AFC6D4871C5C92FA4204E19B75447393692", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697624216, "uuid": "0715e595-b6d1-4e79-ae13-b057541155e6", "value": "475cb2ae04372a0676e2c1a79b649f8b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697624216, "uuid": "9120d6ff-a28f-4d4b-92a6-c174f48ccb45", "value": "192:gfsSOEnYiqv9X/XCXmXUgXjZo0ZfeXCXnyEJ1cNMBymfKT01G:Y9nkvy2EpSlI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697624216, "uuid": "acc1c687-8186-4976-be24-02e8f3a3cac7", "value": 9728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697624216, "uuid": "7242bd68-36ed-4385-ab2c-3229794ae6a8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697624216, "uuid": "7187d73a-5dd8-49bb-b464-2aada1bcce91", "value": "sppc64.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5396d022-6d4a-11ee-8907-42010a9c0042", "comment": "Malware payload (DCRat)", "timestamp": 1697587649, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697587649, "uuid": "91e25d5b-d21b-4dde-9730-9fa8057a8bae", "comment": "Malware payload (DCRat)", "value": "94a984bf1a5e49c36ec69ca989ee4d60", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697587649, "uuid": "f937d6e2-3a36-4a37-ab1b-dcf6ba67b5e3", "comment": "Malware payload (DCRat)", "value": "0b925858e95e6c67ff0f18744d28f80f4e9cf3add2adf34540820a7fd79ea240", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697587649, "uuid": "2a3234b9-ced5-43c3-91ab-f7ec1df37bb0", "comment": "Malware payload (DCRat)", "value": "29c27892637f491630be833dc6cb4eafab944bf2", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697587649, "uuid": "d4773fb3-ce9d-46d0-bef2-3d3f775a3737", "comment": "Malware payload (DCRat)", "value": "48d77c6198a9e7155fb4871870f15c96f5e0fabb6c29fbbcb42427ca63a3c9bc7fc1579af2fffc7e421799dca9c70b85", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697587649, "uuid": "9767ce15-2064-4a08-b69e-c27ff9d2a564", "value": "T12906F11A66A64E73C2D53F3584D7142E92B2E6237512FF0B361F31D1B8062338B5A6B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697587649, "uuid": "ceb000b8-1895-49c5-8f00-77debb1f59b4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697587649, "uuid": "2398c3eb-634c-4e65-bb56-ea34d7979a7b", "value": "98304:Dd+UB+9YJf+O0vJwrKzAj3bsE1XQyp/6Y4WuuCnrw:Dd1U9AfovOrKUj3bscgy16JU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697587649, "uuid": "6013d427-8cf7-403d-a794-6676583b7dd7", "value": 3806720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697587649, "uuid": "0540ac7b-6739-4d64-91ce-2fadcb5d9142", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697587649, "uuid": "336db678-d400-499b-8f41-40480933a00f", "value": "68ebff4655ce8e3641602b31a0f12adcd4f5d0813604655a309fd881", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "842c2476-6dba-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697635834, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635834, "uuid": "fc0ff49d-94cd-4fcb-990a-c1d977f2a3ed", "comment": "Malware payload (AgentTesla)", "value": "99f7fb9a269850783025f360ad624592", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635834, "uuid": "9778d55c-23d4-4f11-8755-88346a25d842", "comment": "Malware payload (AgentTesla)", "value": "0be380906ad865eadadd41573bc90cdaa2de6112a075b7c8ea65d94e8531ef6d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635834, "uuid": "d1b94052-a9c7-4e09-a77b-9dc5d44e675e", "comment": "Malware payload (AgentTesla)", "value": "2d4daeec8010d786178fd8fb58f39ffce60ee70e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635834, "uuid": "4b4e93b4-ca9f-4943-adbc-aabf841d20f4", "comment": "Malware payload (AgentTesla)", "value": "63071b331ba575ef5504c9689dc37c10789d7579a5f45ce63d473524ba1f5d2c0bdccdc66083e5b62699dcb691a5b699", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635834, "uuid": "8e9daa55-50ea-49c2-b1a9-415dcb191378", "value": "T1F5257F3D19BD223BC165C6B9CFE5C827F00498AF3461AD6598D797A64342E8739C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635834, "uuid": "4d4251a0-f4b8-414f-8e69-de215a57b1ca", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635834, "uuid": "5f8f9e51-af34-4551-999d-ffcecaf3ad3a", "value": "12288:9o5/a3Mm2e1CPOJSjQscABSivxw5ukEbFuCV3hKj7M4x:2WMmV1CPOomGSiD7V3h8o4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697635834, "uuid": "bf0f36ab-5d4c-497a-8bf4-3c19781bb04a", "value": 999936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697635834, "uuid": "a4469d18-1dfb-462d-b435-ccd7b86d106a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635834, "uuid": "023231fd-6505-4ec0-8a65-83a573f31092", "value": "SecuriteInfo.com.Trojan.DownLoaderNET.710.24178.12001", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f47ceec8-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697596509, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596509, "uuid": "b3b926c1-e72b-4bf4-9cf1-37fe1a917401", "comment": "Malware payload", "value": "a2fb955547f1ce1c7bd98e6738fafa7b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596509, "uuid": "f4b3926c-b6c0-488a-9110-eda5e8e8972d", "comment": "Malware payload", "value": "0bfdee81f9d4c2d27d8cf631a244e439dd58c458fe2e86d7e426c2ebe2ef4762", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596509, "uuid": "4b931167-3eb9-4742-a549-7115d165c11d", "comment": "Malware payload", "value": "1aa89cb044ed1b673e5adebfd437d4017232f97b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596509, "uuid": "84bc33ac-7abf-4165-9eef-c8f85b8b7746", "comment": "Malware payload", "value": "dbf80655f49795f7324df5b0da0f5d73b8b86a1b083f6f9e25bb1f7eb7eb00305197d66e3b0c7f16830895750bed7163", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596509, "uuid": "46f9948b-d38b-41fd-9e85-b44511e9b5f0", "value": "T12414224EB6369A0CD1C814734CE5882B3955ECF51248A016F6F1D72F2C32B919A8B7F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596509, "uuid": "8fe3bbaf-3f3c-4215-8b03-4e80a04ae848", "value": "20b0e594b518d6d246ce05511acfcd16", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596509, "uuid": "db2effa9-71cc-4ef6-aa93-bf4747df5b04", "value": "3072:iOYUUHZV796HM0XU+aDe5UEjmIlmijI7rUGimM7s+uIpyT8hsAdQmq5a:rYNHnn+aC1meyUGimM7PtpyT8eAdJqw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596509, "uuid": "09712d01-c598-450f-bb0b-acda29324b0b", "value": 198144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596509, "uuid": "c6b79eee-c7e0-4f69-a0e2-5c470e68ee75", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596509, "uuid": "7f33f40d-9875-4b63-b90f-fee43a8fcc7e", "value": "SecuriteInfo.com.Trojan.MulDrop2.25959.7044.12407", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "207853bc-6d98-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697621064, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621064, "uuid": "a861cfd9-79fd-4e37-a308-7d094d2f4aed", "comment": "Malware payload (Amadey)", "value": "534d8d08a87c27eb310bba3ceb42fb95", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621064, "uuid": "00436f62-f7af-4c92-a051-46f95a45c794", "comment": "Malware payload (Amadey)", "value": "0da998042a1ac6a64e8d39b54a48bf26e8aba748ddf8cf5b6d4bb92d3d2f2031", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621064, "uuid": "29a07f48-cc87-4b31-8b56-1fdf057d56c2", "comment": "Malware payload (Amadey)", "value": "19da4ef85129835e4f789144b62394c58f412be0", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621064, "uuid": "58a0247f-64f3-4ece-b279-eeb62ff244d2", "comment": "Malware payload (Amadey)", "value": "3f2a793cc8a9df97d1d467ae1902197147cb041271ae73b57ae02b2541e7c01fd928f4576a69941efbbc56150285bdba", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621064, "uuid": "b47e76e0-b06f-4615-b1fc-01350b82fca4", "value": "T1A63523021BD81462C8F52B7018F307D31A39FDA28D784B5B3BC96DDA5872AB4A57533B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621064, "uuid": "80905650-49c4-4ff1-b07f-840f02cf0c0b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621064, "uuid": "36d2a363-9df9-4aaa-b204-2fbc53332fab", "value": "24576:by99kc4M99EyAlEgIlldLP+8TYw3BDm6LWa7f+S1TKXt:O9vV99EXEgwLL+Aj3Jy82", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697621064, "uuid": "2855b989-0834-4226-bd48-3d10930bdad8", "value": 1089024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697621064, "uuid": "8a7cd4fc-131b-4c2f-97ac-9ad4e834bcb9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621064, "uuid": "52c6c8d3-4af2-4170-9a4f-0833d30ed4b7", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "055222ea-6d77-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697606845, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606845, "uuid": "d6fd83b8-5cfd-4d9a-81ad-5007b2cb7352", "comment": "Malware payload (Gafgyt)", "value": "4722e11a69fcd743e7cac56f63995c51", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606845, "uuid": "579cb1e7-7865-423c-982d-1b062cac63af", "comment": "Malware payload (Gafgyt)", "value": "0dce59f3c849b3c6fa66faefacea3b79604bd3bf05c810f02d7b8ae2e95e95a3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606845, "uuid": "70cb5df8-a9b8-449f-9417-bdd69d18c730", "comment": "Malware payload (Gafgyt)", "value": "913250dd8f60b0f3b9b6726d65bb5336fd17b0f0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606845, "uuid": "9436b62a-43fc-44fe-9e5e-e6b334723596", "comment": "Malware payload (Gafgyt)", "value": "440ae3941338118bb59194ef323c43e9b66abf8aaef46e161ea6a6dc925e7904da804c06738d139d9560a2b8b5dd233f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606845, "uuid": "ed557b6b-86f8-4dc9-9ddd-bbc19ca28f32", "value": "T1FCE34905D7408B57C1E2277AFADB424933339B54A3DB33099A38ABF43FC27995E26116", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606845, "uuid": "45f38c27-8ab2-4242-9c63-e57102d2f4ce", "value": "3072:it8iFDKEfFN+Fa+1sWch7rz0JH/WbUMbmQwfCMQiGW:g8iFDLf/+FaN9h7rz0JH/Wb5mQwfCDi9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697606845, "uuid": "2bc78025-8b8c-4c44-b32f-a8635f72385f", "value": 150077, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697606845, "uuid": "9390c8f0-2d3f-4b26-a206-738dfff30b93", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606845, "uuid": "51c5b616-80c7-43ee-a3f1-6314d6c905a3", "value": "4722e11a69fcd743e7cac56f63995c51", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "941dd842-6dca-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697642733, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642733, "uuid": "c29345df-feda-41fe-985b-2b2f6cfa27d8", "comment": "Malware payload (RedLineStealer)", "value": "895e352761223ed92e526b847a6ef7af", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642733, "uuid": "aef7aa5d-008c-4778-9d2d-c1cf4a58dd33", "comment": "Malware payload (RedLineStealer)", "value": "0ea2448efc5876c15e00b816516cca7797cb516a40e2f892f530f6f293a57bae", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642733, "uuid": "be5911b2-9fe5-452a-900b-1f84383e65c7", "comment": "Malware payload (RedLineStealer)", "value": "ab4cb374cf46658123f5d4bc5ea6b9bf154d0276", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642733, "uuid": "98bbc843-1266-46c0-bdb3-dde900b2b12f", "comment": "Malware payload (RedLineStealer)", "value": "72c338d3629b53e336a26a5263dfc2aadaf9993b2f3dc35302d28b3ff606a6debec28411a1552aa8506bc6b4a5beecb3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642733, "uuid": "ad06b31f-27e3-4ac8-8fc3-5e47af810458", "value": "T1CF34BF01B6D1C473D57215360BE0EBB56A3EB8700AA29DBF67D40F7E4F30281DE25A66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642733, "uuid": "ab80d7c3-aef2-4145-bf1e-68fc8ec44c3b", "value": "4f0cdfd3e1be2bc790b5aa9061b7d52c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642733, "uuid": "267cdf4a-b35b-4372-b5e7-d4679249e7e4", "value": "6144:2mE/98lu5jfJYyJ8isiKQfeAOMiCztannTi:2tClu5jKOeuNsnTi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697642733, "uuid": "f71b77fe-8646-45a8-8148-022fdf877a5f", "value": 235520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697642733, "uuid": "606fbae2-e8c7-4838-a726-9596b1f3dcb9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642733, "uuid": "35d3690b-f82c-4585-bcb9-11230e38659c", "value": "895e352761223ed92e526b847a6ef7af.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fcde58f3-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697645485, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645485, "uuid": "8fc0a705-0f8a-41f1-b922-63cc20e04f8d", "comment": "Malware payload", "value": "bbafce32045ed289e5e843411fab2c6f", "object_relation": "md5", "Tag": [ { "name": "130-185-238-40", "colour": "#DA3B5C", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "nazarenoagape-com-br", "colour": "#98B06E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645485, "uuid": "021c8fab-0942-4ff5-946c-f9b7b5b3bb8e", "comment": "Malware payload", "value": "101ef008bbddfe683f2ca4d6bc7742120d11b3685cc2c9f6f4eb75df5ad5d6a1", "object_relation": "sha256", "Tag": [ { "name": "130-185-238-40", "colour": "#DA3B5C", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "nazarenoagape-com-br", "colour": "#98B06E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645485, "uuid": "125ab295-53bb-44ce-a3b2-2923cd04b870", "comment": "Malware payload", "value": "749336497137446cd85805ee2efd04d32adcc288", "object_relation": "sha1", "Tag": [ { "name": "130-185-238-40", "colour": "#DA3B5C", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "nazarenoagape-com-br", "colour": "#98B06E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645485, "uuid": "70578c27-6811-4e7f-855d-83fc1e2602be", "comment": "Malware payload", "value": "4da0acd6b22e6e03c78197c3201a5ca168e10da9d2bf11d9613b650fa54587d91fff66c95751fd2bd0dfff8734eb00ae", "object_relation": "sha3-384", "Tag": [ { "name": "130-185-238-40", "colour": "#DA3B5C", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "nazarenoagape-com-br", "colour": "#98B06E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645485, "uuid": "cbfbc3a1-848c-4d84-9524-b683d71eca68", "value": "T176A60273F0DA2071F9731A36B8A25422393E089CE0872DA929F46BD7F572D488F47795", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645485, "uuid": "4144b2c1-ff06-4196-9c26-28fe73bfd5b1", "value": "6011984d7c1f1b97a34d7517a498bff8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645485, "uuid": "ce1a344f-a918-4152-802f-de76aac04089", "value": "196608:eeOl5FS4DZLTk2CTVHJack+YlGlSRRbCvO:EsacJYlTFF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645485, "uuid": "9e83bbf2-e4ea-4293-9522-825703a3b6d3", "value": 9718729, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645485, "uuid": "056fbe6f-9ae5-4ce6-8ba8-7790910e9299", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645485, "uuid": "6f5ac2ac-da74-4fdc-b520-553da9765496", "value": "BrowserEngine.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b137b08-6e06-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697668353, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697668353, "uuid": "b43012e2-4348-490d-a269-e1ca529fda9f", "comment": "Malware payload", "value": "dcb5d127b4a883bc2e2b662fbc06e292", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697668353, "uuid": "dc425e2b-fa9f-4310-9886-910b02d3a8f4", "comment": "Malware payload", "value": "105dd6588b4c238c1d53131dfb31bf6927839accea90d2d798765e0a96f4f0e5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697668353, "uuid": "5ee9a5d7-d081-4958-9da2-6e28b19a1f3c", "comment": "Malware payload", "value": "dc978fc118f0a4ef58cfc51f263faca8c44e272f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697668353, "uuid": "7e1be39b-07cb-4248-96f0-fc53d631d564", "comment": "Malware payload", "value": "750d9104749174f731cfaa4c4073392adc27478022dc920c4d20e64dc30a3a95340f9d87ab86465122ae4b4bbed13a97", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697668353, "uuid": "05d83515-c7e4-4dc1-95c1-1530512aabb7", "value": "T11D44D1117790D832E86319324931C6AA2B37FCF2A97545CB37983E2EAE716C15B71B43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697668353, "uuid": "525def48-93b2-4622-8a9c-a63e72e78691", "value": "5241d7444d4d8584697b8889b03f1a00", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697668353, "uuid": "4e7888b5-5b7c-43c2-8f97-63355650fcc3", "value": "3072:ADBNyDyvjTcG+mK12mB+lqyYo/3e/B1xAvc30OSu9o8GJ:4UyvjgG+mK12g+lqyD3IT2c30OjoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697668353, "uuid": "4d2cf0ce-ee57-4741-ab5f-aa75111861f8", "value": 269824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697668353, "uuid": "0d849595-ac2d-420b-8978-cbd71624137c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697668353, "uuid": "092bca2e-e76a-4420-8fbf-a4ecbf72c073", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0347669d-6dc3-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697639483, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639483, "uuid": "34a36dca-1190-4e44-a296-ab6e730f24b8", "comment": "Malware payload", "value": "62f4e01685716b7a7f505045bcbaa601", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639483, "uuid": "870f1304-2182-433c-b1e2-874ad10577ce", "comment": "Malware payload", "value": "10ce5b97831bcfd86eadd63b080e5e89d6a6f0d7583fd4bca8b52a725d278bae", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639483, "uuid": "56eeec60-a4e0-4926-9a0e-4d35616786b4", "comment": "Malware payload", "value": "3b8a35d97d5ed3ae952f9bd7e8568404503fad90", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639483, "uuid": "33f52dce-4dcd-4323-8842-1f7eabf72302", "comment": "Malware payload", "value": "61cf072d91716a20a2a1881f579dee663b536c62d6da91ad983dfc8e8cccdc6cb838945b43a261e7b70c43fd6cf6e200", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639483, "uuid": "5969de6e-7f07-4c72-82b2-ea92ae3f2823", "value": "T133A42A03AF9B25D5D0454E3240BC5B6A432EFF446F339B6B9D5D2AB4C8A22C39E5172C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639483, "uuid": "243381ab-f4c2-4265-9f1f-366abfad0c41", "value": "3072:L7tD9YOYiZFPACxbVjfO3nUrHG3VwzV/TtAdPdjBbmyHwQ7e3feVQbF:XY3iZGCxbs0vzV/ZEdjXHP7e3feq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697639483, "uuid": "4eb1a816-43cb-4c12-b70f-3d3e19a37c58", "value": 475136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697639483, "uuid": "c36b6a28-7b98-4b21-8a36-069eccecf046", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639483, "uuid": "97c0b85c-18db-4b9f-96cd-f01c7e2a2e67", "value": "SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.14120.5515", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85216ea8-6dc4-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1697640130, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640130, "uuid": "4805054f-c944-4994-b281-189070402416", "comment": "Malware payload (Formbook)", "value": "9697884948b2352802a418b95da8ceb7", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640130, "uuid": "9deb37a6-6d7e-473e-a248-778b83000488", "comment": "Malware payload (Formbook)", "value": "10dcb01fdee6e2bc818dbb7287f30544a419b52c28e6ca19ad0ab1b07608a771", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640130, "uuid": "6e138087-24be-4400-8666-35e70efda55a", "comment": "Malware payload (Formbook)", "value": "6e7b1a8fcf2c72f5ed729414039d919ed13a74b3", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640130, "uuid": "e097546f-924c-4b00-ad6c-918b0bba74a6", "comment": "Malware payload (Formbook)", "value": "f35058f0e65d41e74be7e295ca2f5b69b99b545eee725271b1a779b5ebd2175d938b179fedea3adfe1c14433c3547516", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640130, "uuid": "b81ca373-11f4-4b3c-9ae2-785c6a7bfe0d", "value": "T1F245E0039804DAC7D41D83F8BE1329D90F0E7F29E8D569DB14927F8B3A31AA30D9A55D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640130, "uuid": "c7889c3c-5a64-4064-af60-a249def632d4", "value": "24576:8WQmmav30xDBzZyKw6VOEOZyLw6Vwb6bvdXXXXXXXXXXXXUXXXXXXXXXXXXXXXXD:RQmmQ309m6Vw76VS6zVUjnmYKm0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697640130, "uuid": "52587f84-8f4e-45f9-8aef-a5954d7d7508", "value": 1219584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697640130, "uuid": "d379263b-67a3-4852-8b0e-63a918d5fc0d", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640130, "uuid": "3cb5f9f0-9e8e-445c-a6b4-2223c5bd35df", "value": "PO# 34798450.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef3594ec-6d99-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697621840, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621840, "uuid": "3ef4047a-01b6-494a-b914-786313a43eac", "comment": "Malware payload", "value": "fc6fa8575ab64bf00135db82c8760b51", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621840, "uuid": "aec6f865-995d-4e17-a405-d90c1e9684d0", "comment": "Malware payload", "value": "11d6dc3deb0401d65fb072d5303c0886d4a07e5307d6eae6cf1dcff1cad372f3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621840, "uuid": "3de057fd-0795-4a31-bd36-f0645020f150", "comment": "Malware payload", "value": "cc05f67eeda8333f5ae6bf920b94b64a2143773f", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621840, "uuid": "480c23c8-2333-48a4-90e4-47a40bb8b19b", "comment": "Malware payload", "value": "ba6b4f36d64e460a86bdc4336dc3a8ad0433b7ab73fbee1a96099420aceed93c36b04912a94beb417adf639873ac8862", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621840, "uuid": "2e598deb-78c6-4cc5-89b3-3c68b2e9f8f6", "value": "T1A255F126F6918437D23329388D9B76A49835BE503E245C4E37E81F8D1F397823B5929F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621840, "uuid": "a444a456-5365-469c-a86d-5936fc4a4c02", "value": "aec94a0f6b56569be1fb44b408c9236f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621840, "uuid": "938a6964-2c70-486d-98c5-9b6d02c803a1", "value": "24576:IoOEiAA2FeKxWgd3oIkibGOM1sdpi4nO2unODRpiWs:IfsFlqIkiri9gji", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697621840, "uuid": "eaa8d5c7-1bce-431f-b4b2-b6af4e91967b", "value": 1406392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697621840, "uuid": "0d53d250-a788-407b-b7d6-71113f6497f8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621840, "uuid": "4a41ac43-ff95-4a41-a1df-c73c193730c2", "value": "pjTG.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e68cbc82-6d8f-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697617531, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617531, "uuid": "0228767d-d6a7-4918-9822-78542ed5d3d6", "comment": "Malware payload (LummaStealer)", "value": "a480be7dc0dfdac52774df3e5c0dd82d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617531, "uuid": "5fd0e06a-848e-45fe-9208-2342fc844f4d", "comment": "Malware payload (LummaStealer)", "value": "12f2167ae41e6f329b52d8490678aa5d7acdf2eb8781713e0d00331d43696ecf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617531, "uuid": "39d425b9-b078-4972-9a77-5121adb7893d", "comment": "Malware payload (LummaStealer)", "value": "58c0de420aaf5e0c2df12f73ed670ceaa90f9c82", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617531, "uuid": "f3545c10-6efd-4f8b-97e2-77f51dcf2fab", "comment": "Malware payload (LummaStealer)", "value": "b59acf029347630c6fde3e96ef90c9859ba2973af0c048fc92f50aa79f8f4c3acda8be9b3f4b1454f6dd4ce6802307f4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617531, "uuid": "af4af93c-1c24-46da-be8d-dc0d6a9f37f6", "value": "T173E3AE0275C1D872DB7229310970EAF14F7DF8700F542E9F6398057A4E646F1993AE67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617531, "uuid": "0ed802b5-690d-475c-8ae1-6439982d5380", "value": "c7c9eb7dc16fdf30c39a296c30ab2134", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617531, "uuid": "9fe663af-f482-432c-b8aa-4ca634a50b9f", "value": "3072:JsE3z98m/NtBuu3P7gKOhiqvleDT2xns0yjzYQRW2o+BW9nrJmTqX4TJn:rd/gu3PkiaRnyYoo+BWpEw4TJn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697617531, "uuid": "998d7bf7-35bc-481e-8e96-2cd52cc350ec", "value": 148992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697617531, "uuid": "a040883b-aa7c-4392-80cd-d6d4ed5fff40", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617531, "uuid": "9b8f5f7b-3679-4834-8fcf-69dbe033340b", "value": "a480be7dc0dfdac52774df3e5c0dd82d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "741f5fa1-6d85-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697613044, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613044, "uuid": "b96d2057-5b59-4fca-9980-0e3df254d3b6", "comment": "Malware payload (Gafgyt)", "value": "8952989056ae2363be52b2445eb55b8b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613044, "uuid": "c582f526-54f2-464a-8e8a-4ba90f2a8292", "comment": "Malware payload (Gafgyt)", "value": "131c68ac0f308087b82bb0258e64af91d09018f6fda4989af5dbc693dd0f1ea8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613044, "uuid": "74157529-7e93-4420-86e2-ad83c095f20e", "comment": "Malware payload (Gafgyt)", "value": "a74298a550474ea34b7c556377e3bfc65a5d4551", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613044, "uuid": "4af324c3-75f3-4dac-9f61-cfbdf0697562", "comment": "Malware payload (Gafgyt)", "value": "40be865d260fd0436ddb4205e72f740c3fe6025f64e924b76e3eddd9f8be6e87ffd575638e6d04ebcc070e47494207ad", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613044, "uuid": "20078804-3e8c-4098-97c4-ead50b5708f5", "value": "T10CB30805D9905737C2D22BBEF79A82CE73221F989797331186287BF41BE5B9D1E39020", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613044, "uuid": "20e1b0dc-dca2-44ef-b13b-371412a835ac", "value": "3072:I6z1WqLgV4ZQGBcD3i/lMpaLhmVAg/iLezaOMzUxglryYlMU+hyn8J2W:j6zaOMzUoMU+e8Jn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697613044, "uuid": "3c4646e1-3212-4cec-afb0-94de98fd75e2", "value": 117425, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697613044, "uuid": "ee4d61aa-18e3-4bca-b68a-238ab9098f4d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613044, "uuid": "73eeae94-185c-416b-a0a7-dd2dd09b2776", "value": "8952989056ae2363be52b2445eb55b8b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2774ffe2-6db2-11ee-8907-42010a9c0042", "comment": "Malware payload (RemcosRAT)", "timestamp": 1697632242, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697632242, "uuid": "d67da6b4-58b5-4965-8b62-1be4b88b16eb", "comment": "Malware payload (RemcosRAT)", "value": "80be452a0691b6d764a3d522811d062c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697632242, "uuid": "e68313a7-786f-4370-8f87-ff6a402c43b9", "comment": "Malware payload (RemcosRAT)", "value": "13c527233819f76ce94c4ab839838a213acd727de5cae5660222a5c4ddd8d5b4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697632242, "uuid": "2c06a607-5cd5-40fb-94ff-77c1dcbad0f6", "comment": "Malware payload (RemcosRAT)", "value": "2b674e2c12125636c1524d22d8801e9b7c0e2788", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697632242, "uuid": "d1432fcb-2d78-42f3-b763-204d5a1a952e", "comment": "Malware payload (RemcosRAT)", "value": "b8027a0234b72a2df461d4c82aad27367cc67ae2272ab31386d1f7b221dd7166b0c846086598a288ca2cb27542170910", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697632242, "uuid": "3937d849-a360-4dc2-9b19-e15a756e0b3c", "value": "T1CAE4018D725EFA3DEBD710FBCADF6744C2AD3BA77023D6A96C0A20226952540D743253", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697632242, "uuid": "0bda6073-6a64-437a-8dcb-8e267a0e8aaf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697632242, "uuid": "e590e43c-e61e-4bfb-b397-9d5cf6f595fb", "value": "12288:KEyGWXpuEYhJE/kDhLMZbU5wBbE8tmXjsStaOPD5WNaQXJYrOiqoXx:1GpOJdhLMZb/BVUjsStaslWRXcP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697632242, "uuid": "0402347f-f979-4ca2-a1a3-029a7d32c456", "value": 706048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697632242, "uuid": "7bd8ff71-1b1b-46b0-8005-10783a33c451", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697632242, "uuid": "d5044cb4-a902-492c-a278-d9ec243776bc", "value": "FAT-065456789098765.cmd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "52c3197d-6dd4-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697646918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646918, "uuid": "5c0795b0-cd2e-404a-acd0-f7be7f28e40e", "comment": "Malware payload", "value": "6550b181486c080b7c524bec6370d85d", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646918, "uuid": "28d0541c-da9f-4091-9c14-f8d2b733701b", "comment": "Malware payload", "value": "143c1f6a1095fd6f63eae25d3b2cee9ba800c47b48279c8f7c62609118cc4299", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646918, "uuid": "69a71436-72c0-4281-8a27-ae6c46f55620", "comment": "Malware payload", "value": "b54ca1ad61df207e0aa3215cb58e362886f68095", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646918, "uuid": "b5e2ade5-9f98-4b7b-be0d-c355664a4908", "comment": "Malware payload", "value": "44c9793db8bb692fd2c98eefd4e71f3e240b6cefae7fd9e6fff484215a2cd9a137c13c0f23e4dfd464a72c40f9921c46", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646918, "uuid": "e19742fe-9fa5-4573-909f-2d5a81d724b7", "value": "T1DB06334137D8C237D29E023649B6E6B6212A7E351B20E5CBB7E47D6D5B303E26D39312", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646918, "uuid": "b96b9d64-b902-4bd4-8347-e4935f9a1919", "value": "98304:TpA1DCG1G1w7cwv9JAEh7DyU35oGFYGHnzzMBdHB3:gE+dvLAEh7DyU35oGFTHz4B/3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697646918, "uuid": "ea1f3373-1c52-46dc-b582-4dc4e6b20051", "value": 3751936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697646918, "uuid": "0c7f0c3e-e25c-4380-b9c2-bebdf3fd3d32", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646918, "uuid": "fa12b443-ccd7-4870-97b2-075df668719d", "value": "sync.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "761bee62-6d5c-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697595438, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595438, "uuid": "2401c64e-17b2-477b-838b-f0dcc0be9dfb", "comment": "Malware payload (Gafgyt)", "value": "f00e8794ea038ced455271568e4199ae", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595438, "uuid": "dee1b818-a3b0-4d5f-9b9a-b19c8775d03b", "comment": "Malware payload (Gafgyt)", "value": "1448fb0ef0629f5bd436d5e6820f36a0ef0f1f634730040d5f80eb5be032f20b", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595438, "uuid": "9aef8b74-4294-400e-b9e5-fca6c105fb18", "comment": "Malware payload (Gafgyt)", "value": "8fcee12a3cc1b40c748713370a7d0d7195a5f3a6", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595438, "uuid": "5222b759-8eea-4084-8d59-c988cf8150fe", "comment": "Malware payload (Gafgyt)", "value": "4f8478db9b02215ad9aa61fc38ccc00c722b3e6abfd947e790842ad0026fe217c980baf582e29c91266ac4655fdc9a2d", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595438, "uuid": "c1b37fc5-7213-4d80-afe6-b5f48a52bc34", "value": "T14EC3A72A7E12ABFFE168863107F35F70979521E327919382F26CDA581E7128D1C5FB90", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595438, "uuid": "3699cb4d-2b33-42ce-b0ac-6ffd2399af97", "value": "1536:w7jx1TFaq+rgIyZ2rKqxS/czO5OHeyyL2y5hJdddddByFhdwmeFfkq+QCyRnVgj:MbeTzO5Ooyy5hhyFHwmeRkq+QXnVgj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697595438, "uuid": "42dd60d8-2b56-4dff-b475-b4c298318af4", "value": 126905, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697595438, "uuid": "829bb82a-ff0b-45f3-8846-29f8ea802517", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595438, "uuid": "f66b478d-e40a-46e0-b292-06199ab6f8c7", "value": "Ayedz.mips", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50d24682-6dd3-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697646485, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646485, "uuid": "f3a5673b-72cb-4036-98ec-067b443871ed", "comment": "Malware payload", "value": "10fdcdde8b4ce6736b72c81616c2e5f7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646485, "uuid": "1e0c59e7-8aa9-4eb5-8d7b-46655c056f89", "comment": "Malware payload", "value": "1489a47a4b67219c132250fbf634b1f2860874b14fdf544ce8f4c5764cc83f06", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646485, "uuid": "af7f227f-0eb7-4314-9d93-02379fb64eac", "comment": "Malware payload", "value": "f9f21d0efe7dd38d4913ffda9ebce4442c81e4dc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646485, "uuid": "67d0ed74-17c2-4fea-a165-c51a8e01872a", "comment": "Malware payload", "value": "572413ac9d0649f6f2c8d13910e0805913d4b75abdecc91e0bbb3eab58f3aa5f806c10de9e000204bf2f2b18042d6f5b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646485, "uuid": "2dd811ec-afd1-44f8-8b9a-c5d59a75220d", "value": "T11684BF0030BA9073CDA5C53049E5E6347D2FB86146729DBF9FE507EB4AA0AC0F67A935", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646485, "uuid": "3258a01c-3215-4b1d-9498-37041d49dd32", "value": "4f0cdfd3e1be2bc790b5aa9061b7d52c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646485, "uuid": "b6341ca3-e55a-4242-be7c-cc2ba4b3bffa", "value": "6144:qimUJS2f1THNhYBAqkp4V5eAOo3woAt9fmtOsBMFsLGKJuq/5MlLtDy34tDaTi:FDSu1TtseeNntO6MaKrq4L834t2Ti", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697646485, "uuid": "ca583c86-a3bb-4715-85f6-3fc35ba491a3", "value": 389120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697646485, "uuid": "32b8619b-4bec-4c02-aa94-63ebad4aca9d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646485, "uuid": "6a7acf5b-b697-4551-9bee-a2313c50512a", "value": "10fdcdde8b4ce6736b72c81616c2e5f7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0b099811-6ddb-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697649804, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649804, "uuid": "3b02a019-6b79-4ef6-9f2f-48f33a09f2cf", "comment": "Malware payload (Mirai)", "value": "4b8766d339462130a047f593f968cd78", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649804, "uuid": "fb33c7d5-55ba-4b34-9743-47ad2d870dd5", "comment": "Malware payload (Mirai)", "value": "14b2cca4944c8f44a199d28f7011c4a2a95d87a8088ec4af194b3a613a437ff7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649804, "uuid": "d1acc6c1-83cb-4c33-bdab-e6a2739e38e1", "comment": "Malware payload (Mirai)", "value": "5107725fbe2dd05c1a50763bcf85215ca2c6c7fb", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649804, "uuid": "a4f25854-bb8b-42fb-b46f-000d5cc69210", "comment": "Malware payload (Mirai)", "value": "3c638d110244737f0baa68b7867543eab6704e5c1c9cf2c1e4ceff8e0f4dbaf134ef23e4a538f987d580b90a528b671e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649804, "uuid": "700f6c8d-e572-4f26-a1c5-fdc0782740d7", "value": "T1C2C2D084F041DE45DAFB29B13E80DAD6BBE06F1F6A628E8026A453C25E5D3670305EC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649804, "uuid": "7ea1e02a-b197-47a0-9bf1-abf6b277873d", "value": "768:vVdafO76jpmNJJKehmA7trpfIX9KeA7Pd4uVcqgw09M:bam+AnKehPRa9al4u+qgw09M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697649804, "uuid": "4bc2d232-f381-4438-aaf0-4ded929872ba", "value": 27048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697649804, "uuid": "13588433-d7af-4ffc-a91e-af603c5a16fd", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649804, "uuid": "a08685ef-2712-47ac-80a2-07a46a23f096", "value": "4b8766d339462130a047f593f968cd78", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50b31333-6dcf-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697644767, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644767, "uuid": "d768b61b-a761-4f48-997b-49a44c86e657", "comment": "Malware payload", "value": "0ab3be6d261ea2dd1eedc918841ebb34", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644767, "uuid": "17d9fe43-8608-4cba-8964-bf3530aa5623", "comment": "Malware payload", "value": "151423f512f313829ed3ab479cb92779c032904530d8df13f81e2e82fb66f1ff", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644767, "uuid": "1e496ae3-db02-40d6-bb1d-8b83b58a746d", "comment": "Malware payload", "value": "a5523efd1b57e4806c4f10f7980d316cff4fb8ac", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644767, "uuid": "ab008280-dbd6-4b72-8057-8a29bb97bdcc", "comment": "Malware payload", "value": "3377ea9e14c626eb4dec3d651c8505326529651c08576ba737fef45d5402b4aef2a111a57770f682a6a3ae930e5fe12c", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644767, "uuid": "78735e80-5f30-4402-9039-624180449d05", "value": "T171D3F1197236E085C192913E8EDAD2F746167DC9DD83C24F31C0BB9D557A6C3EA0B22E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644767, "uuid": "ac61e71d-472f-4a93-b165-3f7a8643280c", "value": "1536:YnsZ955CNvDUyPILbqcHKITJ5jT48k7SwSPL/LTftCWeor5F/oK9Af76y/XO8c35:YwzcgBbqoF5jT48k7K5ewF/oV7V/e8c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644767, "uuid": "f3579080-68d5-4d56-9223-638ec8d2f3df", "value": 132608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644767, "uuid": "90b21a2f-7d9a-4b8f-b6a0-4bd4f2966a07", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644767, "uuid": "f1a70055-a76d-4019-8f91-125eb3bc673c", "value": "oferta para Tcnica Salgar 757889.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "04b0409f-6dc3-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697639485, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639485, "uuid": "40235dcb-65c9-44d0-a6c6-dd43407f9888", "comment": "Malware payload", "value": "3db28dc664b210edd6a7afc1c62c4cbc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639485, "uuid": "ae7dcef7-f537-4707-9710-a2ad8bd53c73", "comment": "Malware payload", "value": "15250c9f06501a72909e73299eda42281ec4b7263e569f5c2294ded27510ee13", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639485, "uuid": "781f48e2-9836-43e2-a13c-4484cbe75506", "comment": "Malware payload", "value": "51629b1de6d60e27339a7201ff4aab04d1a391b3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639485, "uuid": "95bd2e0b-03c9-47cc-8878-97e8d3ed0cf7", "comment": "Malware payload", "value": "6b500a523f34d3f8dfbafef6e32ff99ba95dd0c21df650a05d25e5e1f8bf12e51db2065230f9b42a7f036ca33cf09f9c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639485, "uuid": "ae5d841c-a1a5-4954-86db-27b13bfaff4c", "value": "T171A5D183FB83C5A2F7177472043E6B369A37FD561B2596C3B264FA8E4E336A09815113", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639485, "uuid": "f487db26-fc93-4726-a676-d7a1f3e7156b", "value": "24576:4kKkRd8WTRBOp+5haQbN4f2FfWl8KuqGavkg3NyNIbbbIoIBAUZLY:4tNIRBVDaZ+s8KuqGaX0ToIBAUZLY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697639485, "uuid": "8138ec51-d805-42c7-9623-0c5b334b3d3b", "value": 2072576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697639485, "uuid": "c9d88bb9-9d39-4ffb-9f40-aaeec36dbe8a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639485, "uuid": "21a4c0f4-d606-446f-9814-4ead7dde10fc", "value": "SecuriteInfo.com.Win32.Trojan.PSE.1S437JY.13431.30153", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "350354dd-6d75-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697606066, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606066, "uuid": "3d9ead73-82ea-4bb8-96bd-dd7b459b0bbb", "comment": "Malware payload (RedLineStealer)", "value": "976d57f907420b9bff616ddd8fb93536", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606066, "uuid": "4071841b-cbe3-4d95-9351-401729be03b6", "comment": "Malware payload (RedLineStealer)", "value": "153b5d5462215b05ff28bb65a68443713e4a30f0bca1f79f3143ff6cdd6c1e79", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606066, "uuid": "e74024d9-0b81-4c9b-99f5-09f020405b53", "comment": "Malware payload (RedLineStealer)", "value": "c51506e133913db8d29bf4c5db14d427d4b51d98", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606066, "uuid": "f49eaf25-9184-4e73-b45c-76f195ceae7b", "comment": "Malware payload (RedLineStealer)", "value": "cc65e96e4bfb0328d0ef22411280d2db313810f63726c1f7ca30501fff006695b34174bf269a55cac1ba2655ba7fb65c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606066, "uuid": "3523eb3b-4214-4154-b234-8247250348bc", "value": "T188352303ABE155B2D9F42B306DFA07C70E35BDA28E69871A7785D9411C32688BD313B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606066, "uuid": "8141d8d4-f320-49a5-9a0b-e8c0077c551e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606066, "uuid": "8fcd08f2-4721-487e-9a07-440aa2f51f85", "value": "24576:Ky8GxWgVTxO7mBnd6m/wPlC8Q7nTbte3cZTdCCp:R8Gx3bOGsOulp0nTcM9X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697606066, "uuid": "6d10fa82-4b74-445f-ac01-e17ab21dd00f", "value": 1096704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697606066, "uuid": "c2bab29a-5033-467e-88e0-a6e51312de4b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606066, "uuid": "0eb984f4-9526-4445-b846-45b01e8f0eea", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14a43fa3-6d77-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697606870, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606870, "uuid": "ae5ae1e0-57c3-4a6e-8837-aa2f04f7d587", "comment": "Malware payload (Gafgyt)", "value": "92df0e3730df96f6292f54692c714a99", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606870, "uuid": "e7aca68d-758b-42c0-a3e5-0dac5beb0483", "comment": "Malware payload (Gafgyt)", "value": "15678ef8365f9ca80250d46e0309af63f26c381e67c5176ad1b50f8ab31fcc2c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606870, "uuid": "ecf632ac-457f-4ecd-8fd8-fcdc29539c45", "comment": "Malware payload (Gafgyt)", "value": "4b5c561576ee7d5dd5ebd8664eb42c565ae14e17", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606870, "uuid": "790ed888-abb0-4f7b-88b4-11940347dbd3", "comment": "Malware payload (Gafgyt)", "value": "50d4b342cd4d0c8fa708cd840d0e25e6977269423b5e6fdf77d3edc2dc1458ea0dc1caa52ee5b4c4d20c3b7d84a65f0e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606870, "uuid": "9acb35bb-9b39-4d41-9452-573b42d07bd1", "value": "T1BC831A46D3A2C5B3C4831BF605E7D72B0231F9164B2A9F0AE36DAEF47B12584719A317", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606870, "uuid": "6930f83c-019f-421c-816a-9075f881e821", "value": "1536:L3oLQ5TCzSVYERb1aGy8gwi5vRMbBZzp6+m5CsNFPVYLf0:D8Q5Tv+U5aH8VkpMfp7mwsN1VYLf0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697606870, "uuid": "6139b4e5-abbd-40dd-b9b6-789d840ee5db", "value": 87461, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697606870, "uuid": "e49fac7a-7117-44e6-8705-b551ba19b8ea", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606870, "uuid": "05c3f8ff-1453-4f88-aa4d-b297a40789fd", "value": "92df0e3730df96f6292f54692c714a99", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f7d0b9d-6dd4-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697646886, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646886, "uuid": "89b19102-c9d2-49e6-9d61-803dcc9718a2", "comment": "Malware payload (AgentTesla)", "value": "805dff76d392e5e8b803f82a3bc8ad8f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646886, "uuid": "6762ae48-dac2-4080-a21f-709ff1641e7d", "comment": "Malware payload (AgentTesla)", "value": "156aae9a22259a3682fff3d9a904dc443bbf6fd77192092ae5e3a9fed9cc792d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646886, "uuid": "b81b0fab-b81a-4732-8790-a85605cf4dcd", "comment": "Malware payload (AgentTesla)", "value": "fe2f8120600d77852a8133cf81637e6511c5420a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646886, "uuid": "36cb577e-104a-4995-be99-83aa2464a1a8", "comment": "Malware payload (AgentTesla)", "value": "c92b7f9ad77fc4992ed5252f794bffe41b5a0d124f689625dad7ad8b860f934e41c5f67d4877bf3f82f8d8ee0e65cc40", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646886, "uuid": "20988b17-de7e-4165-90d3-dd5a4797dc02", "value": "T10F156B7D1EF88227B978DAA6DFA0C432F061D6EBF5665D2AD0E746418706803B4C70BD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646886, "uuid": "5db0e7cb-7eb1-4e83-954b-8f37eef1098f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646886, "uuid": "06bfe302-f425-4993-9c78-64e599b6f5e8", "value": "12288:l3FSu6eDh4IGeqPu4CjMz/0A07GKXPA9IPcN6iVcl8Vw:NsudDhdwPu4/rh0yFNdil8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697646886, "uuid": "8ce15409-6325-46e5-8ab1-9bb99bdc7446", "value": 940544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697646886, "uuid": "f56be9d0-4c8b-41bd-a02b-1ec253ef6e41", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646886, "uuid": "35e15cdb-8204-4c82-812a-5762d09a72e0", "value": "DHL AWB#5862701084.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fff7a067-6dda-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697649785, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649785, "uuid": "e0295692-fe77-4733-a414-1c38853f6b6a", "comment": "Malware payload (Mirai)", "value": "5eee09343f3bc03864c3091a3c8d70bd", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649785, "uuid": "4c0a07f7-2d82-4183-9018-5152f10cfea4", "comment": "Malware payload (Mirai)", "value": "1635001223d326d18c3bad639d741386fc854b6218660a9c4ec939e4481d6c0a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649785, "uuid": "3a813019-d29b-473a-a51d-7cafec603788", "comment": "Malware payload (Mirai)", "value": "8c08e021ad576118b69a3fe1656d3a1e5e155371", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649785, "uuid": "4de52aa8-f616-4e5c-9671-180b1ac9ea08", "comment": "Malware payload (Mirai)", "value": "80dfee0837a8f3dad99706ff37c288261073cabd60dd6de3800f4e3aaa7cfa10670d1acd0a07355ca9620beb0cc92a90", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649785, "uuid": "d5dd7142-eade-4f3f-b1f6-5841a7521436", "value": "T145539FA5C5ACAE58C71441B8B654CD398723F408A5A76EFBD646C796800BEFCF0187F1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649785, "uuid": "d0f62eea-d749-499e-9205-07a7196bb327", "value": "1536:PaAtVnz1/mUUNztiYmW6ihiYLTofs3wfpWIDNEJ7JC7:P/tVz1eUUfwN0T0f+whWONEJ7J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697649785, "uuid": "559ed25a-79a5-4bdb-9daa-dcf9c286508c", "value": 63772, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697649785, "uuid": "c256ea2a-ff1b-43f4-b0bc-c538b8ea3207", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649785, "uuid": "823e6791-7cf0-4c5a-bb7b-33434fefbaaf", "value": "5eee09343f3bc03864c3091a3c8d70bd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d413ab52-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697645417, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645417, "uuid": "ff99a64c-b64a-495d-8ddb-e6601f1863f6", "comment": "Malware payload (AgentTesla)", "value": "f1a23a4c5cd1eb390f13c9e23a86ee8f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645417, "uuid": "9a828c6e-667f-40d1-a685-5e3dff8b95ad", "comment": "Malware payload (AgentTesla)", "value": "1780af6c8c1a5e1b4758e82dc226f3c18c874ab4012c38fd9924a62bd2cc0d15", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645417, "uuid": "ddccfd87-7d36-47c9-b97a-354a20097d2a", "comment": "Malware payload (AgentTesla)", "value": "4b7f309013b77e9d6410c31136a578b668f2e09d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645417, "uuid": "24d73a53-3176-439a-ba63-7a4b0e665bcd", "comment": "Malware payload (AgentTesla)", "value": "4713c80d5f070dcc352b8bd9a52f16097df99eceb007cf6417f1b2d7be6e15b0c154a522bbafe0e0a617e8bd18164a6d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645417, "uuid": "3073ea5a-8706-4a6c-89b4-185cc6157b33", "value": "T129F4236493700297C30037F814C805495B76978FE6FF5A9DF69A9C33C682CCD6A8AA1E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645417, "uuid": "a5ccdffb-4425-467f-96e7-be735fb9aed2", "value": "12288:PYnWP8iEWlhZlsvjFJ2ND8bKiBvxtWc+/fQTpZ341thZQw8ApqqidCVJqAMU6fMz:gjxWl3ivDtbKmvxtWc+3QTpZ34tfL4qJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645417, "uuid": "839e2663-8b3d-43e3-98c8-b7fdee89e3c2", "value": 773343, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645417, "uuid": "9129f4a0-ba7e-44b3-84bf-294688f5b626", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645417, "uuid": "1f95a504-7f41-475b-9ec1-cc66f3ca908f", "value": "PL_INV 28048_181023.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f2e42b2-6d85-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697613035, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613035, "uuid": "e0e3de1e-e188-4f8e-a56a-ef616a34552d", "comment": "Malware payload (Gafgyt)", "value": "1613fc55998e4228d4334a2b40bce507", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613035, "uuid": "137f0927-2652-4ee3-a7dc-2a43f4bc4920", "comment": "Malware payload (Gafgyt)", "value": "17dfb2f68981c5595a69489926eabdc1005b1b5fd4fff4b9e6bb813d095c5072", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613035, "uuid": "db0f8feb-1941-4dcf-a42f-1d9a25b02662", "comment": "Malware payload (Gafgyt)", "value": "7b9443f0329150121e063a1cade80c1a203c1a81", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613035, "uuid": "1a066435-5d28-49a8-a665-1e238d0688c6", "comment": "Malware payload (Gafgyt)", "value": "307cec1a6f723d40fcbec5401ed8df742a0ada7e2860ad6cb5cb8df991975c06845755f0080a9109dda485896b23d3d6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613035, "uuid": "d39fbceb-53d5-422d-bab1-bd54593fa55b", "value": "T12B735B45A680D6F7D14306F1069BAFA8033AFD3A1ABBEE85F3587CF48B710847925719", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613035, "uuid": "4577b9df-8088-4530-9939-f2b84fc8bed3", "value": "1536:8K4pwx7y6stOSV9zyjeYwMcp5WLfuBs1T2T/O/sGw2w09RLZ5:8Kx7x+R9zyjeYwMcmLfGSTu/vGw2p95", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697613035, "uuid": "d1b64f94-bdd8-4a42-8662-6df9f2eca2a7", "value": 74492, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697613035, "uuid": "a1678928-dae7-4919-80ff-c607b11d5b2e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613035, "uuid": "dcf2d740-50de-44e0-9e47-2ce1f82428a0", "value": "1613fc55998e4228d4334a2b40bce507", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "47a7c4df-6dd6-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697647758, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647758, "uuid": "b3c73077-3e0c-4da8-b900-0365fe1b07b9", "comment": "Malware payload", "value": "ee6b1849cb1835f3da87c674963d5975", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647758, "uuid": "26a71359-0c14-43b3-a7f7-a417cb14772a", "comment": "Malware payload", "value": "188c8f49d7602ddc0ae9276ae1e1e9d14012c401a79dccca5e8e32c120525197", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647758, "uuid": "16dec59d-e0a5-48d4-bac0-197845e89eb2", "comment": "Malware payload", "value": "923fea5fd1a2f6ba96cdd5e4ccacf6455a633d5f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647758, "uuid": "c8a9caee-6281-44c4-999b-d450cf4d9184", "comment": "Malware payload", "value": "61eeefbb44fdca20857468d6db3ecd87a2d46c4ba9832107e67ae3fe1b5addc8fb24240c3acefe1abcb84944e8c9a7fc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647758, "uuid": "f67fbade-5f5f-49b4-aa18-f8c6b4c11808", "value": "T13C459E71B402C037E1A111F5AA6D5BA611A8BB301BAB4CDBB7C45E3D98F1DC26235F27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647758, "uuid": "afd57edc-645d-4a61-a7b0-a44c004f7bae", "value": "b625b0422748e8ddd8a2e69ebe413b45", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647758, "uuid": "b142395b-ddf9-4294-95f6-da9fc0c4ae3e", "value": "24576:hg9wtl3DRXmdKYEkJkX0Ghd2bLjNkPbijM+ks19FWHMIsT2V3+sgJDUP07q5v:/j3lXJ9+jybijMfs19MMxT2+sgJYP078", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697647758, "uuid": "27864c17-489b-41dd-9bef-5e2ea5279918", "value": 1280000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697647758, "uuid": "f15f414c-9fd2-43d5-b057-a05e4def9d96", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647758, "uuid": "804810ac-a47d-4e4f-bdfb-740f68709e9d", "value": "ee6b1849cb1835f3da87c674963d5975.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1cbedaeb-6d77-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697606884, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606884, "uuid": "ab45cdbf-1d38-40c6-a23f-5e144b97db7f", "comment": "Malware payload (Gafgyt)", "value": "dc75cfa6f3446d8952468dd58b3b4a27", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606884, "uuid": "85f9be52-e6ad-415b-9aaa-e95c7612b246", "comment": "Malware payload (Gafgyt)", "value": "1a02307d828a00c38bb4f8d2d5486a88c0f74133660b78d51ab0cc2b592e31bd", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606884, "uuid": "4e238151-214e-4037-b6e9-eb5acffe03f8", "comment": "Malware payload (Gafgyt)", "value": "db4540a0cbeff1d3e181f7edeaf5a4c3c968f2de", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606884, "uuid": "4416aefc-cd03-4ab1-b901-2e0068419651", "comment": "Malware payload (Gafgyt)", "value": "53e99fb7552033f488a0daece43ccf5ca9a1b987c688cc227b5397f37f799621c4e22fdd31298163060e91d20222d5e8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606884, "uuid": "08ba5e07-2a0b-480e-8372-7a7f8d9cebd9", "value": "T1CBE34905DB408B17C1E2277AEBDB424933339B54A3DB33099638ABF43FC27995E26516", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606884, "uuid": "18ab1fee-d072-4eec-8c2a-563c13c20ab9", "value": "3072:ut8iFDKEfFN+Fa+1sWch7nI8txVpUMbmQwfCMQiGW:s8iFDLf/+FaN9h7nI8txVp5mQwfCDiGW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697606884, "uuid": "639f87b2-aa5a-45d5-bebb-a9cc6a382813", "value": 150049, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697606884, "uuid": "8aed36d9-1c53-4cab-902b-fa4526d5c55b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606884, "uuid": "d10b3188-0370-4ae3-8ed5-6faa63d077dc", "value": "dc75cfa6f3446d8952468dd58b3b4a27", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70d1fe24-6dbf-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697637949, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697637949, "uuid": "5bce6c3d-26dd-4217-befc-6f8d1b79b007", "comment": "Malware payload", "value": "8478c048e1279e827ac8b1a8456d7c4b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "test", "colour": "#E8E8B4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697637949, "uuid": "bce1c723-ff48-4d8f-b75b-caeabe4b5dbd", "comment": "Malware payload", "value": "1a54db3ee35e0b99518f057f039a598bde43c958bb3c941354f0845bfecc6a75", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "test", "colour": "#E8E8B4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697637949, "uuid": "0f3af5cc-1cc9-4a80-8563-e9ffb75cbb88", "comment": "Malware payload", "value": "2097f43bd9aa3a178407a0f9ce2fc2e4ba05ae5b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "test", "colour": "#E8E8B4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697637949, "uuid": "7b73f535-90ae-4543-8f1a-b22c0e971064", "comment": "Malware payload", "value": "a44a883c5ecddfb4af9a3c3c42354515cadda5559da38c55ef880b01463d2a3360bce0f5280b066d39b76a98774cca32", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "test", "colour": "#E8E8B4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697637949, "uuid": "ddb6ce1b-4c08-4af7-9ff3-8c7a5d725b80", "value": "T1EEE48D9932648625C097CB3F7962F45046B0FDDE6A49E3BE6900B57E143EFC1C4A863B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697637949, "uuid": "d255d268-32dc-4c99-98a1-ad5ba42547bb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697637949, "uuid": "206f6d78-b863-40c3-a234-6ca16b561caa", "value": "6144:Pzlcd/VsoRP085cgUTTKx8rrt+zd6McnODzpN2BDXTIRSwRKSK3NC5xMFFKgVCEg:PRcbLICxxELnODze58Rjg+56Kd8ndz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697637949, "uuid": "1cacebd3-4780-4c20-b2ef-732ffbe3502c", "value": 707072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697637949, "uuid": "d6d5c345-ef4a-4509-8d04-bc05c0b78356", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697637949, "uuid": "da474f46-66e2-4a4d-852f-155017d56e17", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e56ed6f-6dbd-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697637005, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697637005, "uuid": "b06bf025-ec9f-4452-b829-134f3da95ebe", "comment": "Malware payload (Mirai)", "value": "c369e47c44cf7f1982946c1ffbb24d08", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697637005, "uuid": "56433120-9bfd-44b7-b0a7-78b755e7a301", "comment": "Malware payload (Mirai)", "value": "1bd8f0104b04d627d1572e82f5d8f3d6c81b967f1c99f9681c1a45ee0792356b", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697637005, "uuid": "34ad06cd-76a2-44d0-8229-237a85b1dcdc", "comment": "Malware payload (Mirai)", "value": "12d3c2741ff0ae94903621739187127db5bbe99b", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697637005, "uuid": "bed5776a-01ab-41ae-8d98-44f077cf8065", "comment": "Malware payload (Mirai)", "value": "2eea8558b91ce249c8513382e15af4a7a44a1fc1854e31314c2e9ae0b1a68cb550260e42b10be8b34bd87f2602c5ab56", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697637005, "uuid": "2c28c74b-df89-48d3-bf84-e8d689f1461d", "value": "T15C736BC4E1C3E8F5EC111938307AAB729E77F13E7139DE9BD399A1339941202E60625E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697637005, "uuid": "f4634d0f-91b9-4bc7-b532-2c08c7ffe334", "value": "1536:b/DYQYs1ZokODichcF15UzOHIt09bfsH18ruUGDKVQSi:zDhzUkODichcZUzk4090V8qbGVs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697637005, "uuid": "8bda6ded-5a7d-44f6-b372-2176c725624f", "value": 74640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697637005, "uuid": "e6dbd1d8-2a04-4928-a2ec-791145a28609", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697637005, "uuid": "cc05b27a-e072-45f5-b152-0442470bf98b", "value": "x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ddd11851-6dfe-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697665190, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697665190, "uuid": "fdfd1aea-f3c6-4cdf-a278-1724fb7e2112", "comment": "Malware payload", "value": "6218a0374d26d356ddeb4ae4763b5a5d", "object_relation": "md5", "Tag": [ { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697665190, "uuid": "d94c002e-4bae-4b24-8edb-59811bd746e0", "comment": "Malware payload", "value": "1d081d46504e0f4e054c428df07fd0926ec7507c1dae382cadc22ce9ebb99861", "object_relation": "sha256", "Tag": [ { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697665190, "uuid": "26196422-dd3e-4c65-8f2c-7fdec183bd98", "comment": "Malware payload", "value": "c5237536d897ab938fb9e6fe978e9867f477d758", "object_relation": "sha1", "Tag": [ { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697665190, "uuid": "be7bd67d-520a-4d27-96de-40c282981b05", "comment": "Malware payload", "value": "e857e68b1d8b355c632c4b9059703b5ade803a6c90ff5fa46c82f21b5b4b07e39e36704c6f20398c972930dea3dabbb0", "object_relation": "sha3-384", "Tag": [ { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697665190, "uuid": "eafeaf7d-a2c3-4332-a515-354e86f7afc2", "value": "T1A5C08C2082AAD42988A7446C680D8C2DF802F0413116EE3082E01D98E8578268E6EF85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697665190, "uuid": "0fd7f918-5df3-4700-834d-5795b09cad6b", "value": "3:HRAbABGQYmaXQuXEZgK2WRXHrld8Ly2YSo1YSo/QJ5BCbyYesbBSn:HRYFVmaXQuUZP2Wdr7slXSoIJ5yyYesc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697665190, "uuid": "4f060a02-1985-4a2b-b986-d2b7993779d9", "value": 154, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697665190, "uuid": "1a9f6437-9f67-4b1c-95f0-6c05d489ed9e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697665190, "uuid": "b5d03126-ef09-4d49-a8bf-3adde68d6aba", "value": "181075023-ref.url", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f5747e69-6e06-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697668666, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697668666, "uuid": "66c2da2d-41fd-4937-8de9-4bb3bfaec36c", "comment": "Malware payload", "value": "1d14fe082ca22877edbcea8f33401b18", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697668666, "uuid": "5e527816-1253-4295-bb21-bbc3a0bbdc7a", "comment": "Malware payload", "value": "1d1df8181d25fcd601c8e00af76781c48ac50eac2db8bd93a97347f5989968b5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697668666, "uuid": "6a06227e-8a95-40e4-bea6-869deeb87b23", "comment": "Malware payload", "value": "4fa41e914a4e25a95716b9308a940a0541433133", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697668666, "uuid": "b1d5d398-51d2-4b82-bd5a-905bb835e7d0", "comment": "Malware payload", "value": "c84ae57bbf3240f4dea012c87d0d59c455157643666f82f701fe1dd26c9783023f003c5203263002733404d94345f48c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697668666, "uuid": "5c172f66-fde7-4380-8dee-58d712fb8f71", "value": "T10644C021B7D0D832D46229354830C6652A7AFCF6E97441CF37983E3EAE712D0AB65B53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697668666, "uuid": "4dcf6f58-81ed-4811-8eff-a98278dcd560", "value": "5241d7444d4d8584697b8889b03f1a00", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697668666, "uuid": "3c68c11c-e3e2-40bb-b7db-fc84fd4f254c", "value": "3072:+DBNQ1zybvj2aG+W6OWJ3K6rr+IzdQIbMzZqMPUxRo2jJ:C0ybvj9G+W6OWJVBz+IQ8WUxRoi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697668666, "uuid": "3ed39803-e1c3-434b-bc20-4c2992deb39d", "value": 268288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697668666, "uuid": "fdf37711-b1d7-4a84-9779-7c0a70f9d8d8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697668666, "uuid": "f743db8c-79d2-45e3-88a3-fc63f9492067", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27d33ca2-6d80-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1697610768, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610768, "uuid": "c84fd27a-7f89-4ddf-8c71-1e7121312623", "comment": "Malware payload (Formbook)", "value": "48729dc0682876c7c4a8ca6e50763b03", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610768, "uuid": "e4467862-ac2e-424f-ac28-9ad6d5a842dd", "comment": "Malware payload (Formbook)", "value": "1e053c6bce5db98306f6795783016d7d94aaac748c80798210d7932e0c248d61", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610768, "uuid": "14166df9-5780-46f9-bce8-21e2318be3e2", "comment": "Malware payload (Formbook)", "value": "53d0fdcb6b9f8928618da878f3bc62212918da1e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610768, "uuid": "beefe6e0-852e-4db5-bd52-356c6d931bba", "comment": "Malware payload (Formbook)", "value": "b8c0543af478daf2aa6c4df079db7515638fd389d291907c5efd8657117f1523cf0e46763f39ce219d92379d40936f21", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610768, "uuid": "1a245512-ac5d-40d6-986d-8c94904dff76", "value": "T168D4126423A8EB5ED4B91BF98621E310CBF56402A93AE76C1E8804DF4777F68D510F93", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610768, "uuid": "0df88a1a-5352-41e9-b596-cbd77b72c130", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610768, "uuid": "d4f460b7-c1f4-4c12-bdca-9125bf9ccca6", "value": "12288:ozfqBSkkSPn4HcwyLF5cuyTfYHXG6IBI:oT6SkkQ4jyLFGY3T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697610768, "uuid": "ae5d472c-73d5-4842-982b-ff01db3e4102", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697610768, "uuid": "290df256-7380-43b6-b9cf-90de58f30b74", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610768, "uuid": "b2110e5e-7470-4e29-b010-44a7353c3fc3", "value": "48729dc0682876c7c4a8ca6e50763b03.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9968be1a-6e06-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697668511, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697668511, "uuid": "840848c0-f609-428c-8c7d-0cc6524bebc2", "comment": "Malware payload", "value": "b22db970aeff8f7b4490d206b850c205", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697668511, "uuid": "a9070a9d-c4a6-4e3e-a789-90a38d9b382a", "comment": "Malware payload", "value": "1e6b6f2b94ba22f1fd86fc927e87f1568deb3762590af9d091cd9c02b8390456", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697668511, "uuid": "4ef708a8-53fe-4d2e-ac44-44d97a82d624", "comment": "Malware payload", "value": "8d758db65bfe2962a2211c6d9ac90d48efc5a881", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697668511, "uuid": "5b36af01-e615-4e8e-a111-767a65e6d362", "comment": "Malware payload", "value": "080a9cfb208831a7e5e87e5b839b9b2cdb9f99fb09ce8e00b074dfd0b7165596b1556775a4966ed1230259bd8173b5d0", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697668511, "uuid": "a443f5d4-8d34-4835-a8b7-328932a1be5c", "value": "T1FD71C978378E4CE3D587C5F1F81A7F650697F11A56C2068063AEF5B2043B7102C7A951", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697668511, "uuid": "0f3b6ef2-55f3-473d-a712-50086642d6d5", "value": "48:8BBfCK7WHjbNT7xVxdnGBaaDv8NB4VKNsZFHFir0pKjQN/S5nMTnyxOyF711wKDy:8T65TNV3GwbNBIKNs7lm0qM6elFcO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697668511, "uuid": "533eb9c6-482c-4003-8eeb-55cad8b673f7", "value": 3675, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697668511, "uuid": "85ef384b-920a-4086-8db1-8c0ae7cadeab", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697668511, "uuid": "c7654471-ae0b-4afc-9aa7-f77e39b17547", "value": "SecuriteInfo.com.Exploit.CVE-2018-0798.4.4081.11101", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d57c8cf-6dbd-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697637004, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697637004, "uuid": "9044ddac-cac9-46e7-b8af-777b8591ae83", "comment": "Malware payload (Mirai)", "value": "57211dfdd580d7a31d9655df95d0b049", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697637004, "uuid": "07f8decc-6411-410d-8da8-d8b56e4020a3", "comment": "Malware payload (Mirai)", "value": "1ead244c0ee07d382d4dc1b315946e374f98a83b9b6b285784f1421dc58fc991", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697637004, "uuid": "516cf1bb-cfd5-4285-a1d0-4b55621fec6c", "comment": "Malware payload (Mirai)", "value": "327ea90e7ab949e766004f83b65a971785d4c551", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697637004, "uuid": "4ae3a641-7e55-4a5a-9071-1ec942953041", "comment": "Malware payload (Mirai)", "value": "6c36b28e2c332658e6564c89fe78bb09e1ee80e4dffb11e1c9972a00a23cb203a9696757bc7d7e006d6b1a832bc306b8", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697637004, "uuid": "85eb2aaf-c35d-4862-85b2-0dc2c9b99ff3", "value": "T18EF33C46EA418B13C1D71776FA9F414A33229B94E3DB730689286BF43F87B5E0E17909", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697637004, "uuid": "a1a3d6cc-7006-4b2d-a2b9-87ca727e3765", "value": "3072:dUW6GNytehMwYh4uaWGLKWdwffuSFYEJPdslWM/9OalM:dDVytBLSuaWGLKWefDDJPds4M/9OalM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697637004, "uuid": "888a8ce3-2327-4f33-aa03-09ea66b0aeab", "value": 165371, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697637004, "uuid": "8c536855-93c8-4119-9448-6571d1a7449e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697637004, "uuid": "35a44604-8c20-43e4-b5e6-db6a64f7f659", "value": "arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e77a5e93-6dce-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697644590, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644590, "uuid": "8480b40a-cd4f-43ba-bd65-c66a54c95962", "comment": "Malware payload (RedLineStealer)", "value": "35edff71b2b5021ae4064264d01f25a4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644590, "uuid": "a7ab72ae-4bb6-4297-9904-95e70b12e254", "comment": "Malware payload (RedLineStealer)", "value": "1ef24be692d22d09c4e52b2c806d475454879f40adc851d1e919f7be8a3ccb72", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644590, "uuid": "8596bd0a-d4d3-4ee8-8d27-975d3f0e3bf4", "comment": "Malware payload (RedLineStealer)", "value": "33d4a4b67f3dde45c3327d877b242bb6c767041a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644590, "uuid": "1a1fca15-c9c8-420d-ab45-0275195ef3ba", "comment": "Malware payload (RedLineStealer)", "value": "124831cf8451005d649cf72e80f50b43037dac11593247dc96b46b6596973d26b64cb031ee9f0177ffce5023b6494c4f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644590, "uuid": "d247804c-1c2a-443e-91c4-b7b6cb676e99", "value": "T12E745B5223CDC054EBA8527FCE9BB2A512DD8BE56A1DCF6F212C8D07D768F80614285F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644590, "uuid": "291f5988-5baa-4aeb-be78-2387d63d9c0d", "value": "993e953762ca135b10079a743060f9c7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644590, "uuid": "46e8865c-d12c-4f18-a498-4faaa777c41e", "value": "6144:FyHBQgBDOVueBEzSqGXnRGs5ZP8Jsxjs1IDC8JFvWR95sPhftZ:FyHBQgDOVuePBGg8JsxjsyDLJFvWkhfD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644590, "uuid": "a33acfa7-6385-4064-9b22-1f532ba21125", "value": 361472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644590, "uuid": "d23b3276-4d64-4324-9780-fd34151f24f1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644590, "uuid": "71eb13ba-a067-4a02-8a69-1341ee957b42", "value": "35edff71b2b5021ae4064264d01f25a4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f68de669-6d76-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697606820, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606820, "uuid": "1489fee5-01cb-4413-8d77-20712ace013d", "comment": "Malware payload (Gafgyt)", "value": "5224732c9f1e2e3f8f61bb40a73bd844", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606820, "uuid": "f0e22d21-b68c-440b-989e-874994af28c8", "comment": "Malware payload (Gafgyt)", "value": "1f31f7876f076ac3a6fc890232cc54b3f62fd7b5f42d23f04348a2d9e11bdd40", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606820, "uuid": "0a9cafd2-d928-4497-9cbb-150cdfab5ba2", "comment": "Malware payload (Gafgyt)", "value": "1c5d671599f1688b70f0df2581eed5572e5a0e19", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606820, "uuid": "aca5b541-cd4f-4bee-8346-8d2970c160f5", "comment": "Malware payload (Gafgyt)", "value": "562d663797d090f7b482f8cccdaa76411715e91d09f1c1267bdd6fd7c5d4bcff5ffff9834d4161bb0c0864fe8160538e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606820, "uuid": "eb5883db-51c3-4197-8eaf-b38719c3dfdb", "value": "T101B30741D6548627C2D32B7BAB9F438D3336AA54A7E733095528BFF43BC27981E3A111", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606820, "uuid": "cb4bb1de-7581-40ca-8dad-56af9de651d1", "value": "3072:HgvUxOcKFN+B9Jy8D3XvpIhfXx4CHz9cm7QnKQXaeW:HDEKXy8rvOFXx4CZcm7QnKGaeW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697606820, "uuid": "8faac2ed-c94d-488b-bb16-6f85d6fb4230", "value": 111561, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697606820, "uuid": "d207f454-9863-4b8f-b3ed-32d1d98da397", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606820, "uuid": "9c313970-260f-42ba-9da7-845b0871c228", "value": "5224732c9f1e2e3f8f61bb40a73bd844", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a74c182a-6d8a-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697615277, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697615277, "uuid": "d1eef557-ee71-4773-b13a-39ebf56bab82", "comment": "Malware payload (AgentTesla)", "value": "b67ddf6cef57729b557a66460c0b6dd4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697615277, "uuid": "2b9b3ebd-8eae-4897-816c-1b81e873d6e9", "comment": "Malware payload (AgentTesla)", "value": "1f508794b33e17edc44eda815b6e76d7f55083d8225340885554b26c8450c95c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697615277, "uuid": "1c3f3198-3c81-4358-b211-4ac1923a8ff6", "comment": "Malware payload (AgentTesla)", "value": "31e462c279b12c37818ef217eb03d49dfb28f428", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697615277, "uuid": "e5e9284c-0683-423f-afc0-b36c9c0db924", "comment": "Malware payload (AgentTesla)", "value": "4aa44974ec2329b6984a6ec1b918085a02cc64a7821a458deeb6f565ecdfeea39cffb0999849f16484301343209056e2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697615277, "uuid": "f0fb369b-b06f-429b-8e5b-cfb396927d77", "value": "T1FDE412127B0842B7C67A4FB8841ADA9807325D717476EA88C8F47DB372BBBCA1455CC7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697615277, "uuid": "8f593665-16ff-4da0-ad61-206d46f5fd8f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697615277, "uuid": "1244428b-a303-41cc-a165-782cc1f1b28d", "value": "12288:aIDJ92I5TwMXKFPXVV2tqE/n9z+UOXc7GoJuGejTWns2qYU6X3bRQV9a:1/hsI/nhAs7GAuhSsAU6HbRk9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697615277, "uuid": "50a8bd6d-273c-4544-b308-6105fe3d65e7", "value": 718336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697615277, "uuid": "de3a3e3a-e06f-4125-a736-abb3859e001b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697615277, "uuid": "e0e391e8-c595-48d5-883b-c4ddd16d347f", "value": "b67ddf6cef57729b557a66460c0b6dd4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b79ae488-6d62-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697598124, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598124, "uuid": "98b525e9-f138-4ad8-b47d-18963494cd4d", "comment": "Malware payload (Gafgyt)", "value": "1701075fd3931ec269d1b36c3bbfc8b1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598124, "uuid": "5114443c-a759-4a6a-bf88-279ea62a958f", "comment": "Malware payload (Gafgyt)", "value": "1f725607b914e46b37af4858ba9bbdc5f871e11a8d1bd0919dd78065c4252889", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598124, "uuid": "28bbdeb7-b20d-475d-9441-6277aaa3b199", "comment": "Malware payload (Gafgyt)", "value": "7c41e3203b768642a1a1963620d42be64c0e5ad6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598124, "uuid": "d6502de3-b8a2-40e9-bb18-e65b4f23456f", "comment": "Malware payload (Gafgyt)", "value": "31269e1adff42764e89817f22d749a299a57651d028b941bf566148bdbb5bfad6ff03a5a745fd2a377d1ccdaa98ab5a2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598124, "uuid": "0f9dc22f-10b0-47c3-a789-188c950f34b4", "value": "T1C3A34B03B71D0B53C85B59F029BB27F1CB5EB6E216E26181A11DEED05733AB02522FD9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598124, "uuid": "d874a48d-61d0-45e3-bc8c-2575b044d384", "value": "1536:lM7oK3uv1eTL1/nMWzC8Ai03+q4t5vfsiQ5hhdddddbm83q6mYj10PZjgVf3Nj:lgkvaMWfAi03+qeq5hzf66mK10PZkVf1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697598124, "uuid": "6e8d7e7c-189c-401c-b7cb-d9689e582adc", "value": 98046, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697598124, "uuid": "60bcdc35-aaed-4ec9-859a-6649e7692f88", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598124, "uuid": "c18142f5-9b0b-40e6-bb82-e1b8ccdf14a5", "value": "1701075fd3931ec269d1b36c3bbfc8b1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6eca0e30-6d74-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1697605733, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697605733, "uuid": "fd951c91-02a1-4cbb-a878-58e74a4ed8fa", "comment": "Malware payload (Stealc)", "value": "247b18c24bb038aefe61c07c5f50232e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697605733, "uuid": "20dd7f59-8892-461c-8143-e0d1090a0b6f", "comment": "Malware payload (Stealc)", "value": "222b7eb53a9454593635f77e50b9598212058ce03ff0dec5b920b2a309a11e4d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697605733, "uuid": "48471927-d05b-4f6a-9486-c3df67929657", "comment": "Malware payload (Stealc)", "value": "8d298abd99ee0c9e95e73f41c7bcea462e207893", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697605733, "uuid": "5c311618-510d-4885-ba7a-dbfdb0265552", "comment": "Malware payload (Stealc)", "value": "c94830b0724e4f1d38633f8b73399301073db02021aa4a62cba51c9e3f120c47f503d4f2bc702d42e71ed42b83a312e5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697605733, "uuid": "142da4c3-1c1b-4063-9735-64a6ad4536b0", "value": "T1F144CF11BAD0C472D1A369325871C2956E77BCA3A67841CF37983E3EAE722D05B65F03", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697605733, "uuid": "ffa9c591-0996-4109-bafb-691fe69fa527", "value": "6e271afb044c82a75efd91befa40c2e4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697605733, "uuid": "6bd61f9f-7372-4186-8f80-cf22d5cb68a1", "value": "3072:tJBNY9+OcRREMZ/tT6PRpYSL9PSy2nT2NYlZV:FE+OcRRzZOpt9P26", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697605733, "uuid": "e3117f78-7543-40df-a39d-54d536a8951a", "value": 278016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697605733, "uuid": "5580c64f-ce54-4a7c-b27f-e35190d1c303", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697605733, "uuid": "2e216254-790c-430e-87ee-88eb28f44a41", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d453303c-6d5f-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697596884, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596884, "uuid": "ffb8e836-7252-4073-a454-a4d792618141", "comment": "Malware payload (LummaStealer)", "value": "12dc4554013a37dca23433b97334726c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596884, "uuid": "9c2aa9cd-3b95-4041-8170-e8734f23ea2b", "comment": "Malware payload (LummaStealer)", "value": "225be0d6e3eb75698de571537fbef370ab14eac12500bab18a882b9a126c5230", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596884, "uuid": "8deb8ca5-3983-4816-a013-b666110b8090", "comment": "Malware payload (LummaStealer)", "value": "89d6e4e3e0e8490af1e7a933a503e729763709bc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596884, "uuid": "3cbf77ff-8bef-4cff-8b04-722be6cb1aa7", "comment": "Malware payload (LummaStealer)", "value": "1acff10fafc0a4f70f538c85dcfbade2bbb36632aa0f87d4449f6fb765fb3d07cd36866eba5834842006281ffb749aa0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596884, "uuid": "1ee6e737-b1d6-4360-8148-67c6aef3dec2", "value": "T1243523027BEC5021DCB1133108FB02C32E3AFE926EB956776B46BC5F59621D4947276B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596884, "uuid": "27ac3cbf-cf48-456f-aade-fba2d7754391", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596884, "uuid": "4c37ee05-63f8-4072-81f3-5f67db0569aa", "value": "24576:gyTt3CkJuWaMhjEmibPk4eRyPqjGYTaNJD4w2pUgl:nNCFWaQkbkdQyjGrN3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596884, "uuid": "c55fcb15-28b2-4c9e-a0cb-4dae8c3444bc", "value": 1097728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596884, "uuid": "29a09ae4-64e2-40e2-87b8-410b22a4a5c2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596884, "uuid": "edebc30d-78e5-4f57-9a66-cf6c26e7479e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "51145d4d-6d6f-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697603536, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697603536, "uuid": "e002f054-006f-4f7e-af63-fcc5e0f1f7c1", "comment": "Malware payload (RedLineStealer)", "value": "6fc32ab7b200d540945905562bd5cca0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697603536, "uuid": "7f0bbebc-75a1-467d-86a0-8cb1aa9c09fd", "comment": "Malware payload (RedLineStealer)", "value": "2273d660850fff2d4501f1cb9307ad041f4b199d714a82f416b1321233b9c7b5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697603536, "uuid": "cc792d71-c8fa-435e-ae66-44bef625aed3", "comment": "Malware payload (RedLineStealer)", "value": "ce94c5a93a6cfeb909929ef22026537bd2b68595", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697603536, "uuid": "889666bd-2e68-43cd-9cde-d0a44320c937", "comment": "Malware payload (RedLineStealer)", "value": "bf24051e2c0ef41a9e6a326fa53ce56b0a83b1874d1522199575e9c78e3a7dfb43d577baefcd1a159c77683b7907eb69", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697603536, "uuid": "aa53f224-776a-4822-af90-caed59d981fb", "value": "T13A352343A6EC5072D9B023702CFA43D31D3A7DA18D719A6F6385E98B4E33684A835777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697603536, "uuid": "2c9e69ed-dfa3-4ae1-8caa-d8a92fe5ab21", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697603536, "uuid": "27354a04-8f52-41f3-a178-9bf2f427026f", "value": "24576:5yT2zixopxR2e3avp/njMJNDP5o1yZI+sU3BwibY8OS8o:sTpSbR/ejsNT5wSIQB9YTx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697603536, "uuid": "64226e0b-7d15-4ec2-a917-8188a072991a", "value": 1097216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697603536, "uuid": "91d8e561-74ac-4f32-b87e-a7a3829243cc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697603536, "uuid": "ae39384e-e6f6-4b92-a3e8-42537b164c3c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b275e355-6e07-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697668983, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697668983, "uuid": "e4164f61-f0b5-4486-bc18-692ad5eca794", "comment": "Malware payload", "value": "f566f09a6f5789e3c906740bba208635", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697668983, "uuid": "37e7cc27-9c99-4468-9ec6-b2e983e9c778", "comment": "Malware payload", "value": "23036cfd0482390c6d77d9c56611037bd5270c4847137722b7755489939ecf15", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697668983, "uuid": "e0fa446f-2143-4f23-9bcc-c4eb12efeb41", "comment": "Malware payload", "value": "5a6b43bd4034ba205bad8b207ac0172506e65fe0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697668983, "uuid": "32cf818e-8edf-4169-b4b0-21e04777180b", "comment": "Malware payload", "value": "0662baea85a0d1da72b29aa1c439d130271e6ab0d7d40ff37b054aee5ec6e59e808c077db2ae01fe57e2b2f940c2a3cd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697668983, "uuid": "bfef0b97-4807-4012-bf56-a439394ef35e", "value": "T12B152307ABD88526EAB567F014F752D31A3A7CD0CD78831B2B12AC1A49F21C4A1757BF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697668983, "uuid": "6bb71db1-d700-4ed2-9b8f-7561495c71f5", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697668983, "uuid": "84a04615-c7ee-4073-83df-e20c43c3cad8", "value": "12288:1Mr9y90pFrQcxZOPFbfLDgxDjdIMBxooCaFITWMwqc27eJ2Wof3dgZDuNkkQXKe4:sy8YZoxDjdVBxoozB2LWe4VkQXdz5m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697668983, "uuid": "4647b71c-3981-4149-b02f-6ebe54c0f250", "value": 887808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697668983, "uuid": "3be4d355-5fb7-4e9d-bb31-e91c23cca09b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697668983, "uuid": "9a9e733f-5357-4fdd-8fc4-4fbedf41ac9b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26eb85a3-6df5-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697661018, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697661018, "uuid": "f0449135-1acc-4140-8b75-b5fcd45116b3", "comment": "Malware payload (Mirai)", "value": "19bf0cd4ae87e14263bd00bd6a452ca7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697661018, "uuid": "a4e582bf-1ac4-4fa2-8cdd-e39ac9873c70", "comment": "Malware payload (Mirai)", "value": "2379263adb6bf086c7a43b36581ffe8930d826ed5d8b8b1ea691c38282d515d9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697661018, "uuid": "91f0987d-4195-440d-8208-ba1114b2000e", "comment": "Malware payload (Mirai)", "value": "9d6218e09b79b3181b2ff5624413bd58130ed08a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697661018, "uuid": "c1aa53bd-d9f7-445d-bd53-66712748974a", "comment": "Malware payload (Mirai)", "value": "b84cf8b4304e0c349808de674ac5db92ed5783ee9c5037918de1444c6c002d866787226e8cb3fb6f04758d51a74f0d2a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697661018, "uuid": "e662aae9-7777-4ec9-9069-587fc8101063", "value": "T1ACB2E167F2C85DE5CFF35C34C9E099D5A3E3BE8E71980EBA23491F61A2568346548EC0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697661018, "uuid": "0dd285af-5892-45a4-a3cb-66792336f5fe", "value": "768:ZUIYiI//trOYbiyOzqokj0EY4uVcqgw0ze:uIYz/tr3hOzqDj0T4u+qgw0ze", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697661018, "uuid": "338fc3ef-0b29-4b16-bccf-a0dfc3ae72d9", "value": 24824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697661018, "uuid": "caa3886f-0a4e-490f-88ba-1d2fce34bcad", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697661018, "uuid": "dd7dd9bf-4075-4ca4-8d11-b4d85d3753aa", "value": "19bf0cd4ae87e14263bd00bd6a452ca7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65a950f8-6dd6-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697647809, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647809, "uuid": "5189521e-98c0-49dc-ace4-3a049be5be67", "comment": "Malware payload (Mirai)", "value": "ee7f10568b761721c451d6cc8f7007fb", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647809, "uuid": "748a01b9-d6cc-4ea3-b3e2-2144b1ee27ce", "comment": "Malware payload (Mirai)", "value": "240573115a9c7a0b75d0c5583d3d882a9416c54f91ed456ee8b988f76db91c4e", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647809, "uuid": "3e115b8c-7e79-43e6-90c0-a969aaea614f", "comment": "Malware payload (Mirai)", "value": "8c1a0e150a05fab11de127468aef4a2e4ed7ecbf", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647809, "uuid": "59b594b6-659b-4797-aad0-5214b9ce8b2f", "comment": "Malware payload (Mirai)", "value": "a6ac24b3928262da0c4be9818d069f139107dc1ebe20a140f3795bdbfdf4b22d7f7a0655ece6f68b30914b4faa7f8cfa", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647809, "uuid": "d12c09d1-37b3-4040-a908-1c18f0692011", "value": "T1EDC2D070A3AE1CB1C6500932F6B856C9BE530F7DEAFE2C90114196BB3C45D052DEA9C7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647809, "uuid": "050fc3ed-40a4-42dd-8d7e-427616a953d3", "value": "384:Aot/koxisa34beDtZwuaCBsk+G9lLSsLYSTFs9u8OtqlrNEOTWrla55hymdGUopY:A8soTAZ3alkXLvFh8nNEcK055s3UozG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697647809, "uuid": "ecb5c316-2217-4c20-ae13-a623979a4cb0", "value": 28176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697647809, "uuid": "d94bd3dd-62c4-486e-92a7-02f70477d220", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647809, "uuid": "8dc7aeb9-e4ec-44bd-9758-7cbfae48d176", "value": "sora.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbc7ea35-6d62-11ee-8907-42010a9c0042", "comment": "Malware payload (Metasploit)", "timestamp": 1697598158, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598158, "uuid": "89f1734c-9d4d-4185-bffc-843359d43f3d", "comment": "Malware payload (Metasploit)", "value": "3939345bad08812d7dba41f064c1665d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598158, "uuid": "d9052d14-c5d2-492f-8b7f-2894e9134bf5", "comment": "Malware payload (Metasploit)", "value": "2467ecb2205d0efbb55df472d486b0623b4501edfaf70995ad040fdb351b4bc8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598158, "uuid": "b6e4aed7-c027-4ef0-b963-3764a404fefc", "comment": "Malware payload (Metasploit)", "value": "953716363f8ddcb9979540293cfe13b3439a89d8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598158, "uuid": "620647a1-9f3c-493a-a8b3-e55d73daa60c", "comment": "Malware payload (Metasploit)", "value": "bf4aa302cca975061d9191f716a7dc58777334a91706d04586349c6cce1a3a7df217177f93e43bf67ef3f79359407a7f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598158, "uuid": "bb8acc74-a211-447b-9601-1e6be511a652", "value": "T19B73BF429AC45526C1B2117E1BB53BB559B8E67B3211C29B3B8CCDF5EFC1CB062293C6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598158, "uuid": "82b589f5-607a-4d90-94c4-4115d0399e7e", "value": "481f47bbb2c9c21e108d65f52b04c448", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598158, "uuid": "c65fea18-b4ef-4c35-b4e1-a94392502659", "value": "1536:IU6ylU2vIA1wBNDbX/uCPJPMV0BMb+KR0Nc8QsJq39:jxJI+Y5bv7JPMV0Be0Nc8QsC9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697598158, "uuid": "c00af624-c4a4-45a1-84b3-b4d72a04fe9f", "value": 73802, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697598158, "uuid": "1f62c0b7-e39d-4209-b4ca-58cd9688f87c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598158, "uuid": "233d4340-58d2-4f4d-8067-5ab751994cb6", "value": "3939345bad08812d7dba41f064c1665d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29716a46-6d80-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697610771, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610771, "uuid": "3c8075d5-bd6d-4a0a-a733-b0f77a259acf", "comment": "Malware payload (AgentTesla)", "value": "ef36052532d93b729b1989c8bf5994ae", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610771, "uuid": "d48919cd-44b5-4e4a-8f96-96ea74df1ed0", "comment": "Malware payload (AgentTesla)", "value": "24b51ecf556dc199059c9a83f21d37b60c920fe15afa9809cc402b9d6c51b383", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610771, "uuid": "9db82d0a-e5a6-4d8e-962b-c41a583ba954", "comment": "Malware payload (AgentTesla)", "value": "148d0d88ac46c79b7c1b9c943efae796d09dd460", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610771, "uuid": "0df43a29-94f6-407b-92e1-bce3341c999b", "comment": "Malware payload (AgentTesla)", "value": "402de73432a382f0f1050ca0a33efe51ee741ef376b796f704a5680c9b6f4078e2d2a3d0b9cad817acea196d5278905c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610771, "uuid": "0411e1af-e3c6-4c6f-8c3f-096c144231ea", "value": "T1ADE412A023B5CB1DD9A85FFB8062E310DBF16C269535D2155DC524EE4AB2FA8C160FE3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610771, "uuid": "10d7a13c-898f-4287-90dc-c41dbd296b5d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610771, "uuid": "4e5c1975-8004-4c9b-a9c1-00d7dea12cba", "value": "12288:ozfqBPv1YEqlRaQ1HPZDZBzAVj/kXjrjB5O4AxAL:oT6Pv1YEqlRPZ15GjEB04AqL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697610771, "uuid": "9083f50d-71de-4e46-a94e-257b612abfac", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697610771, "uuid": "d6b6ff02-ccfe-4e44-a90b-9c04614b7b47", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610771, "uuid": "0204bbfb-9391-412f-81b4-357fc20d8ba2", "value": "BBVA-Factoring Pago a Cuenta.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3a27049-6dce-11ee-8907-42010a9c0042", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697644611, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644611, "uuid": "7d0fbaab-5af5-4d82-b97a-0c2d187ae3b3", "comment": "Malware payload (SnakeKeylogger)", "value": "568d54be64781494b448e7a9a74fe83d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644611, "uuid": "aec084f3-f9b0-49aa-a7f8-d55d2cf5f1d7", "comment": "Malware payload (SnakeKeylogger)", "value": "25006bde4f75e9b1ed6c5b65b71cf96ded1464f377b03c3d235af285080f875f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644611, "uuid": "170f9d28-cfb7-4b3c-9df1-378bd80c1605", "comment": "Malware payload (SnakeKeylogger)", "value": "8b77db27fb92e6f7baad9a197207c10e749465ce", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644611, "uuid": "c78947ab-51b4-494c-9d0c-869b85b5019f", "comment": "Malware payload (SnakeKeylogger)", "value": "7edd63c5111840cd44640926b9f8e31ac4159df1ed5b13a2c2efc6604d7ea4e02cd77b07e86fb780432c940bb7c03235", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644611, "uuid": "0560ae3f-d48f-45d5-a53e-727223e18c26", "value": "T151053B3D19BD223BC1A9C6B9CFE5C827F000D96F3461AD6598D397A64347A8635C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644611, "uuid": "c051cbcf-3c7f-491f-8cca-528dc7167501", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644611, "uuid": "9dd20fd3-c100-4265-8af1-b927c08c03a3", "value": "12288:4mMXig57JhjhRahGMgvz0Krts1gjGfTQU1Am7l/:Vg57vT+xgvzzsKmQUfh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644611, "uuid": "3717ee9b-96bc-48fe-ad25-14327746b334", "value": 874496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644611, "uuid": "f843d1b6-826b-451d-bd81-8b9ab7798c43", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644611, "uuid": "0d814947-815f-4e68-890f-4079f1d269f2", "value": "Halkbank_Ekstre_20231018_765435_456754.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "425e83b9-6dd6-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697647749, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647749, "uuid": "892328e4-9d0e-45ae-a983-5a4b6542bc77", "comment": "Malware payload", "value": "0491d92d7b459a47211f01863283797b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647749, "uuid": "c5780eb3-3fab-4a42-9eba-d2a9be28285a", "comment": "Malware payload", "value": "2572c082d35221c834d813f97bfa3ddaba2735022710cda187db8142f93222c0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647749, "uuid": "a21ef5f6-053d-4b2f-9c1a-0e49a6b53a75", "comment": "Malware payload", "value": "3f96b855094d98d82afddede1e83f372fa84cc1d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647749, "uuid": "a1ad1c0a-25d6-4fed-b589-65402ad6d99e", "comment": "Malware payload", "value": "06582acb2616628b816b3ed42352065a186431522da0a9fd99d8c7f027a4eb40941be05f9096fb40e3993a6e378d7ac7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647749, "uuid": "3022d9e6-8bf2-4268-8f0e-f254bd1e2e51", "value": "T122459E71B402C037E1A111F1AA6D9BA612A8BB301BAB4CD7B7C45E3D94F5DC26235F27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647749, "uuid": "437f9b14-40b7-4a1b-92c9-2cd16ebc766c", "value": "b625b0422748e8ddd8a2e69ebe413b45", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647749, "uuid": "79918fe7-bb79-4934-bd3d-9222b0b37c9e", "value": "24576:NGtxVttexesBf76ktHLn20+xsjzV9OgubSjMcq/FwY7QKRdYyTXaEs/WnEsTGU:eHaesBFSknWbSjMn/FwY7QKLYyTd2WE6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697647749, "uuid": "eac4aacb-2e23-4b8f-8fe9-a0454a2080fd", "value": 1279488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697647749, "uuid": "22e05e4c-9530-42f5-8c57-d8ca534ac2cd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647749, "uuid": "88bcbd26-e704-4fd2-b213-e5fc1e54b60b", "value": "0491d92d7b459a47211f01863283797b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e983812-6d85-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697612981, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612981, "uuid": "d071dd33-f9e3-4c5d-9e63-784665f80ed1", "comment": "Malware payload (Gafgyt)", "value": "42e44c45ef7f87c726a3e0bd96d998c5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612981, "uuid": "fac65385-d9ac-4363-9f7b-e5e35d2c6ec6", "comment": "Malware payload (Gafgyt)", "value": "25a46afa4079cc4fa1f69aa7fae82b4fbdbccebb12de09ecb84569c9de12b237", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612981, "uuid": "5627dddd-3369-45ea-a74f-de4f0eebf28f", "comment": "Malware payload (Gafgyt)", "value": "aacdc846606f76cfcfe4a45779a6c044beff79d6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612981, "uuid": "64738b34-0ba3-4db5-b72e-bfa3b9e3c6d8", "comment": "Malware payload (Gafgyt)", "value": "5d52d962c6676506f4a7d38b400344e94009a57b0dee4627cc73aaef1dcbf74ed4becb14e70cfecb792e2acafecb0e08", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612981, "uuid": "7a393f76-9599-4b9b-b63b-672873495188", "value": "T1119318A2FD01EF66F00A8A3A05C707256630FF660B931E7173577A669A763C47427F0A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612981, "uuid": "2cf30cdd-2512-4f56-9498-b6fa25c22f3a", "value": "1536:gEUPvCOzEx6on4gC8GbywhzGXQgGUniGcVMbCw7OT8IPzIHUIN:gEU3hAkgCZKAgvTbCw7OQIS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697612981, "uuid": "9ccc4306-919e-4016-a770-e94b34a3bc97", "value": 89369, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697612981, "uuid": "5f5b8344-c0dd-4df1-9ef7-3dc5e3ae4c27", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612981, "uuid": "77b3a432-eb94-4262-b308-c5d1ef02a677", "value": "42e44c45ef7f87c726a3e0bd96d998c5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "88a32ad9-6d9a-11ee-8907-42010a9c0042", "comment": "Malware payload (Sfile)", "timestamp": 1697622097, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697622097, "uuid": "715354a7-aa30-41c9-be2f-9cac07b69feb", "comment": "Malware payload (Sfile)", "value": "4ae8efc6c80fe086aa27117619718fc2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SFile", "colour": "#61941B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697622097, "uuid": "fb2f4b7a-6ac2-4a2a-8b9f-082214b5983f", "comment": "Malware payload (Sfile)", "value": "25a906877af7aed44c21b4c947a34666c3480629a929a227b67b273245ee3708", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SFile", "colour": "#61941B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697622097, "uuid": "a8b88178-3baa-410d-83c1-84852ac3dabf", "comment": "Malware payload (Sfile)", "value": "09170b8fd03258b0deaa7b881c46180818b88381", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SFile", "colour": "#61941B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697622097, "uuid": "2d4dae2c-924d-4c80-9539-f182af1d9847", "comment": "Malware payload (Sfile)", "value": "6e75637af88c33c8e9036b526c7af83754f9132adefec21ddc998df3490f673d37db20ca581d8b58b4db9d9a50ed3126", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SFile", "colour": "#61941B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697622097, "uuid": "966d5b9d-a6d9-4f34-9cfc-0cce46aedaeb", "value": "T1B0643900B2D19632FDF305B8F7AB1AAB895D59312356D3DB12D21C8D29713E2EB34B46", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697622097, "uuid": "ddc1d7e5-73db-4f49-8334-9f6f10b8d88f", "value": "e8fe6c58a0a1d7d1162ad35656f7aaec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697622097, "uuid": "a24600b9-4eec-4e80-8993-efc1b9736c5a", "value": "6144:a9GxIp80vvgsYW0/kNAhHDQGsarUs7/TvgfBEwmXjAbImzFps1Se:aYI/6MN0jQjbs7cBEaJzk/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697622097, "uuid": "82289091-7f95-495d-b377-ea5ef5ad4ffe", "value": 308224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697622097, "uuid": "6d9d76b7-22b5-4dad-a9b1-dd3f5274c5db", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697622097, "uuid": "53e882e2-605f-4847-9be2-9e9b3d9ade4d", "value": "ransomware.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0cab82ac-6d99-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697621460, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621460, "uuid": "40ed8435-90f9-4149-9a18-8feeb555edab", "comment": "Malware payload", "value": "f4bfdbf687a10507a351b63a8360850a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621460, "uuid": "19bdab07-8236-4a0b-b25a-3ffc666ad065", "comment": "Malware payload", "value": "26a8a4a4f1417210d22639c95eaa6f85122b308ce24a8473c32c68c1616f49a3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621460, "uuid": "28c94d07-abd3-481d-9112-c48a48a1017b", "comment": "Malware payload", "value": "3a3df4fe82c60b63ddf1e4a9be426ae21aadd367", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621460, "uuid": "d88ae17a-940f-41d0-86f9-4e42c5e3b581", "comment": "Malware payload", "value": "18ce5fc7cd17b0244ec6de11d4225435eab01eb546a1727f17869eaefbe8191763c2eccf7a35a1a1e79850461d40c21b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621460, "uuid": "bff156cd-efe0-43c1-bbb2-96abf5d38b3e", "value": "T1ECD7CF12B7C88A27E99E06B184BBEB5583BDAE520775D7CB1014FAD918333D29D312D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621460, "uuid": "1860f18f-0575-410f-be26-c7260466a6e4", "value": "d9bd840c4b42e1038456030d561b51b5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621460, "uuid": "dc5098c7-205d-458e-94de-82663688ac72", "value": "786432:Bm0S7O7PFgs4vNtp6O0Dase+0QTzq1Bh09bUo7ov:BmmL/OS0ezBbURv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697621460, "uuid": "8584684b-1b1f-4995-8ae4-79d2f8310b07", "value": 59625463, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697621460, "uuid": "46fcd56f-dcde-4d8f-9e82-f0f24539c306", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621460, "uuid": "e1eed496-0b43-4f30-95ce-f511ad4afdba", "value": "wow.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2c3e9e7-6d82-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697611968, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697611968, "uuid": "3dbf0beb-72e2-42de-ab4e-46a7f0227a1a", "comment": "Malware payload (Smoke Loader)", "value": "5aaa27d8500a7a8c0862a661fd017e2d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697611968, "uuid": "577b63af-76d4-4176-8c5f-5e42b3898593", "comment": "Malware payload (Smoke Loader)", "value": "27653ad608b1b035478c8c2de2dfd12c81a25c78a6136632b1d76389508417eb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697611968, "uuid": "e6279545-265c-4e35-9030-c6ca843e6cdb", "comment": "Malware payload (Smoke Loader)", "value": "cc9bc3dbd6d6e96f9a685601c3bb308c9ed54a84", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697611968, "uuid": "9a4d1276-a8bb-43f6-a6cb-e8adf915619a", "comment": "Malware payload (Smoke Loader)", "value": "c4b97157c83b1c59e92e5caef956db2519c62d8c0db38353a55990ec7dae0ec89e962fe1c0255b85f7ba674d3ccd64ea", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697611968, "uuid": "551f416b-4654-40fa-be93-6b3f0afd11d3", "value": "T17B3523027BD45077D9F52B7158F103935E38BD629E2847AA338BE9250C732E5A836377", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697611968, "uuid": "0cdd460c-acca-445c-9264-6b01efb9efdc", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697611968, "uuid": "066e092d-6546-4f60-9e40-baa38eb750aa", "value": "24576:mydeShfAYZBFljq23PP0ls0ISMpi5yqWFA3KM3co:1MShFZDljq2fPMsSv9WmM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697611968, "uuid": "50ec9add-1cf0-4192-acf1-dc59f07f3bdf", "value": 1099776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697611968, "uuid": "1e89ec9d-c372-4ac0-81ff-7d669772718f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697611968, "uuid": "349620ba-8a58-45df-bdb6-9d5f77fdaac7", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe9a1cdb-6dce-11ee-8907-42010a9c0042", "comment": "Malware payload (RemcosRAT)", "timestamp": 1697644629, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644629, "uuid": "13d20f1a-f23f-4f0d-9811-8b5ea20dcd9b", "comment": "Malware payload (RemcosRAT)", "value": "8aacb5bffc09002fafded8c5c251af07", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644629, "uuid": "de14754e-6666-4281-875c-34226b5eabd1", "comment": "Malware payload (RemcosRAT)", "value": "280945c850b2ee81256b36dacdec35b2bbc147c3cba57b344cd50bf464d74f97", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644629, "uuid": "4c02559d-bf74-479a-bbcb-87eb45efab23", "comment": "Malware payload (RemcosRAT)", "value": "c64eeaa0ddf23d176d9bb3a3ed4854baa9e240af", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644629, "uuid": "baa5eeee-061b-4686-bedc-147ea7d26748", "comment": "Malware payload (RemcosRAT)", "value": "b4e2850f18db49e9c4828510a22d6c69f2922fd78709001d719285f89d80c73fa756abdfd43dd13ba37eb8621111d01f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644629, "uuid": "1a4b557e-4a03-4af3-930b-138428dd39ac", "value": "T1D1D423A5B272D1B6CCE322B1886DE1512EA5D97C94CC970793C13F0C68B3911A47FE6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644629, "uuid": "17c3ab6c-9a18-4dc5-8b5b-5e0300896fb0", "value": "f4639a0b3116c2cfc71144b88a929cfd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644629, "uuid": "284333b5-6671-4cb7-9e3a-deb55659479d", "value": "12288:RfL0Xs3uxBCvT5hwCRn50bw/POLjrtYdWMoLn1iZZxUW5:RfL0Xs9vT7pRebw/POPiNoLn4I8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644629, "uuid": "2aba11cc-f76e-4605-a40b-30fa62130be5", "value": 628717, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644629, "uuid": "68b54091-2d7b-4b30-a909-dc473df13753", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644629, "uuid": "609a2470-74de-4954-a525-1a6e4b29ee29", "value": "fatu0009876500.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5785afe2-6dc7-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697641342, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697641342, "uuid": "6eb6e100-5a0c-4441-a3ea-3bfa4bf6df94", "comment": "Malware payload (Amadey)", "value": "c140c82662a54a4d1236c3a420d01af5", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697641342, "uuid": "f0b30293-5090-4f10-a5c7-2ef74dd2b029", "comment": "Malware payload (Amadey)", "value": "282dc6e812260cc03b799309dae8fc341d2fbdc635e67aaadb3f5b3e045865db", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697641342, "uuid": "12af9a19-8e8e-4d7b-a988-e96227f506f9", "comment": "Malware payload (Amadey)", "value": "1ddb415ad03b1642c72aeeebc9b5111cefd80e57", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697641342, "uuid": "58e1dbb6-26a4-4924-8c82-cf5234265c9b", "comment": "Malware payload (Amadey)", "value": "69424d6ada58d6a2b6e56b5738b1b898b951813f7a970e829f1f37e6f2afc2835943e1c5ab18f87e88fc6401514b269b", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697641342, "uuid": "b4409cce-8e2d-4305-b2d7-53f5e36624cc", "value": "T10415224AF6EA9071DDBA273018FF0BC31A367DE24C70C367678959955832A84B13673B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697641342, "uuid": "b072c1a5-62b9-4996-8eb4-a38dd3a1c45f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697641342, "uuid": "7d4744bc-5308-42a8-9b27-0bb953581cb1", "value": "12288:cMrcy904EzIWcloORUSHw1RJPp+Yzfj963BB3xEhJlgXkob6KCRWrP90MPS2mQc/:AywMEOZC+YHERsXgX1l+WaMPS2Du", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697641342, "uuid": "002b0d59-ab66-4809-b5d6-eb0bbc7a2beb", "value": 905728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697641342, "uuid": "801ec5fc-cb36-45a6-b68a-4ae864932fd9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697641342, "uuid": "93b6b1ac-86ea-4616-bbda-2d73caabbbb1", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "caffadb7-6dc2-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697639389, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639389, "uuid": "b32b8e0a-44c4-4e11-9b9e-3317fed97dfb", "comment": "Malware payload (RedLineStealer)", "value": "281535b78f9b24af39dff332b2e3067c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639389, "uuid": "da943830-44a8-420e-aca5-9e59011171ee", "comment": "Malware payload (RedLineStealer)", "value": "283404e8dcf4c669db0e33c6d0b84b2eadd3f5f20248cb2988db0876179c6c30", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639389, "uuid": "4c95e943-8d66-4052-a957-3d3b7adf574e", "comment": "Malware payload (RedLineStealer)", "value": "7a261d2137a6c4be80b400c868f7e70516a264bc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639389, "uuid": "84d8552d-f50a-431e-a02e-e516b016c467", "comment": "Malware payload (RedLineStealer)", "value": "68a8521d3f0d60e1473edddd3c0dc95f3ac96b61701cfeceef300b50e4b8948d47af5e8ceaa8fae71291198d340fb2cb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639389, "uuid": "fb47ffc8-bd9f-4ca1-bd1c-ef121d3836ad", "value": "T1E654CF21BAA0D436E5631A305830D5A61F3BFCB2E97485CB37943F2E9D716C09B69B13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639389, "uuid": "4572b957-2466-4720-9d5a-c2815256c61d", "value": "44371442b035be4cbafff0985c627120", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639389, "uuid": "588e6d2d-5679-4d9a-a805-ca48c2a4cc9c", "value": "3072:+DBNNK0LyCVkFUGXY8/FWwuh/QbRlMW4yj/wQ1Qi9qkV:CnKAyCV3GXY8/FWDGN9jw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697639389, "uuid": "26ce815d-524f-4cdc-9fad-3e3cde2e4687", "value": 279040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697639389, "uuid": "9cebaaf0-556a-468d-a642-b58006e390a0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639389, "uuid": "dd087ca8-e056-4d95-a831-b582241ad309", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "faaf5dab-6dda-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697649777, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649777, "uuid": "0c889b17-fb90-4df6-bf60-28c5fbb5aac2", "comment": "Malware payload (Mirai)", "value": "2f7f0cd954cee476051e3f268ae3ddab", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649777, "uuid": "8fee91d3-2021-424f-bc68-de8a5c15009c", "comment": "Malware payload (Mirai)", "value": "28b7c454cd3984568f3183bbbd536d8fff2536f4dd9729e916d8abea23e995a5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649777, "uuid": "900f1733-771c-47fc-bca4-025ccc7c741e", "comment": "Malware payload (Mirai)", "value": "bedccb10a3ebbadb5271436fb103a9828719634f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649777, "uuid": "5c98c20b-3eb3-4984-b48c-0655f90d5a3a", "comment": "Malware payload (Mirai)", "value": "a862fa0150f33e8cbf0fad60eee8746bc8fdf5a4e45cb79d95f8a7b97db2e79ebffbbbf378355ee09cb6ecbabb814d02", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649777, "uuid": "92291750-5235-4808-9518-4dd82b73ecb5", "value": "T189E2F293D332F052DE382FF1F86A85CA6BBD4F6CD53B70A3160556241EAA0431A3C993", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649777, "uuid": "7fbe36f6-2dee-4d26-a9db-9e40b2926e4d", "value": "768:1oiWiO031vpAPbrVWZK3XVGxm9XgY9q3UEL5IR:1orm1vpALgUJALe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697649777, "uuid": "f71c0a82-20f4-47d8-846a-6e3f680e097e", "value": 33028, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697649777, "uuid": "049dd494-b4f9-455a-8e75-e4dd3055329d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649777, "uuid": "92454e96-752c-4c6b-9064-0f353fa9d1b9", "value": "2f7f0cd954cee476051e3f268ae3ddab", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4c89490-6d70-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697604133, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604133, "uuid": "a9bb8178-7b70-47ba-b395-32c7c15b858b", "comment": "Malware payload (AgentTesla)", "value": "85b7d14c272f7d0ad66a74ec947b7677", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604133, "uuid": "ecad398b-7a79-4879-9b0c-4085cd0b2397", "comment": "Malware payload (AgentTesla)", "value": "28df40eb3104e2feb9fe3b1e7915d245abbd70abc6523756a61617731b8d8ada", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604133, "uuid": "eb5a23a2-c040-4414-ac00-94b864f45cf1", "comment": "Malware payload (AgentTesla)", "value": "075d0b34e24ccb223cbd97abc5cfeaf60ecca1c8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604133, "uuid": "e63a3979-d34c-459d-89a5-336f86931b91", "comment": "Malware payload (AgentTesla)", "value": "0b7c9daf803d7234a631fc6c24e0cd25666d9e837d0a9f7d33fcb9779146c0042ce8f5d831c144c92107d42b54947dc7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604133, "uuid": "b7c1842f-4473-4016-8730-ed6d687d360c", "value": "T115F41200F6088966E61A5FFC0416AE040A35AFB77560E5C898F47EB7723BBCA4D55CCB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604133, "uuid": "56329d21-1a2f-4d4d-9fc8-9f8c3385354b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604133, "uuid": "a5ee042e-853e-4acb-9330-917a4d9c375f", "value": "12288:J3DJ92IORBvM1VIhg51640r6K2J5dO5G5pw7Qy640typcIh8buLXudCkmN+5o:9/IBveayjY2Ju5oSsZ40t9xuLXuJiW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697604133, "uuid": "7b3e91bc-d022-4322-b098-22ce2365e54d", "value": 727552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697604133, "uuid": "c9f6a789-28f1-436f-8531-8e9ee2f54839", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604133, "uuid": "5975d276-9b75-452c-9734-38cd8f297b54", "value": "85b7d14c272f7d0ad66a74ec947b7677", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f168d6c2-6dc5-11ee-8907-42010a9c0042", "comment": "Malware payload (RisePro)", "timestamp": 1697640742, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640742, "uuid": "6ed4404e-31cd-4a0d-92a6-9001587fd04d", "comment": "Malware payload (RisePro)", "value": "4b9c72d60ddb7011566307a4b9f2c5dd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RisePro", "colour": "#92F3D0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640742, "uuid": "b2b45492-0e46-41d1-9ed5-9c643a12ce4d", "comment": "Malware payload (RisePro)", "value": "29fdef389b801bbb549bf1ce5ea4225cef8c1ffd74d6231dc710ba184ec563c6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RisePro", "colour": "#92F3D0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640742, "uuid": "3cb7fb13-3a92-4929-b711-d8398e93f8a0", "comment": "Malware payload (RisePro)", "value": "f0d3930782a8c591de2c1ceea70a9756c1906254", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RisePro", "colour": "#92F3D0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640742, "uuid": "569da036-08d5-4a45-b62c-ed0541d5e5c4", "comment": "Malware payload (RisePro)", "value": "ad726c49eeae162caccd35d1c9031b1c636f71274246624ddc68ea0bd8bbbaa4dd19873d25eb4ff065cadd1910928a24", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RisePro", "colour": "#92F3D0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640742, "uuid": "1e9b8d9d-4b11-4d81-b82a-e4c19be21e13", "value": "T1D81633024E060E79DC790FB31D324F42513197182A5146DB0BEF5BB69A625ED8BF0EF9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640742, "uuid": "fe0564e3-9974-4fc5-87d0-c675434dca70", "value": "83a16448cb90e20899e2697682f235ad", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640742, "uuid": "86b4151d-29bb-41b9-8a94-8c39d22c5db2", "value": "98304:CAU1n9gn7Hlt/eOtRi2iNIQH8ZVntoN1OX+K/Sxgv94:CClUJ2+Hene8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697640742, "uuid": "a24cbfef-c659-4dbd-ad2b-e2ad694f6105", "value": 4408320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697640742, "uuid": "6761ba74-e5d4-4dfa-bb5c-c5a80484db27", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640742, "uuid": "198c139a-2bdd-4cab-9d80-273fc16ba2b3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99ba2772-6dca-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697642742, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642742, "uuid": "09727eb5-2cac-4999-9535-eb21c5ab984e", "comment": "Malware payload (AgentTesla)", "value": "b70cfb535adfdd53943808aaff55b6de", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642742, "uuid": "3e7cb8b1-b673-4c3a-8c98-9a673c316302", "comment": "Malware payload (AgentTesla)", "value": "2a4111db465353b58f41c57f15e5612fcd00ec87fa4e313e76fdfbda190b5378", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642742, "uuid": "6b546bb5-e74a-462b-b4bb-d7def8ab221a", "comment": "Malware payload (AgentTesla)", "value": "e19e77821694624c9aa8c4546e5ef41a830147ad", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642742, "uuid": "ff08070b-63b4-454b-a502-cdce8ff72261", "comment": "Malware payload (AgentTesla)", "value": "6c34ac73acb1c1f10cee048dde75bed486cdf2277a8438fe20869438d2c084334642cfa2761eab690a2a9a5670da6176", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642742, "uuid": "92609057-2949-4d04-b178-c40e2def35c3", "value": "T10894233D98F67F21DCF1633D0E4D065A9C0A3619A43A03B74A1F957CAA4DC756BC0C9A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642742, "uuid": "025f2025-4787-4bab-b6d6-7cd9b8aa8978", "value": "12288:hEeIlN0yU0sE4vO2xH0ZFIt3dwfYEqoodvuCk:aViE4bxUACfYjg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697642742, "uuid": "d836a7b8-8c89-41d7-925f-a776a798e3c6", "value": 433272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697642742, "uuid": "3623053a-6f6e-4f66-8b93-c47f7217fca7", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642742, "uuid": "fbfea9ed-a333-439e-83b8-246be3a45bb9", "value": "Purchase Contract.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0411ef0-6dac-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697629895, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697629895, "uuid": "339a92b1-59cd-4687-b5db-9464b78a7c2f", "comment": "Malware payload (AgentTesla)", "value": "770c77d202a5a39467985b044fbd743d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697629895, "uuid": "07711ddd-569e-4dbd-8054-d13a51dd6359", "comment": "Malware payload (AgentTesla)", "value": "2a66f675af6f98c6016c3e4020196f46978250f8dcbb9a786aacb79f314b274b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697629895, "uuid": "8e20a18d-040e-4fb7-a9ae-67a0d10ded75", "comment": "Malware payload (AgentTesla)", "value": "c4f8577136a8c714a5acfdfc377268634a22fe4f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697629895, "uuid": "88ff2eef-e371-4280-8f83-615774c5477a", "comment": "Malware payload (AgentTesla)", "value": "dc461bec328cda36b61cfc61a035ef1a690b7b61f49e34b80ab25d78adb44cb88fc7bbdff227f9dbc8186575afe2885f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697629895, "uuid": "62cf8f85-8732-4031-91ba-5601d3e93ff5", "value": "T1A4A423DC085D0F25A5A8DE303BB337FED683BF474A66EE826D4C890D798517181B3A16", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697629895, "uuid": "72a8b443-af8c-4399-a6a2-fd560dc74a3c", "value": "12288:I27p/lBbZQd2RDX9JTGZZzEeTWTT2g4SUKSUjMH/sMtPyR:I2ZXbZ/XXGZZzEeKP2g4aSUjMrs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697629895, "uuid": "a0581351-55ae-4dd7-8cf2-7c076143c4b3", "value": 484528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697629895, "uuid": "36e990ef-56a2-4d9a-8dda-85ebe57cf9fb", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697629895, "uuid": "90fd83f4-47b5-44de-9307-a4893a129b87", "value": "708e198608b5b463224c3fb77fcf708b845d0c7b5dbc6e9cab9e185c489be089.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c93e101-6d91-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697618131, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697618131, "uuid": "e845409b-3730-44f6-aa74-2b902f70e66d", "comment": "Malware payload (LummaStealer)", "value": "a437faf40610a21c311ed85dd34d9fc0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697618131, "uuid": "0aaeaba7-8bba-4051-8cc8-ed950afef9a6", "comment": "Malware payload (LummaStealer)", "value": "2ab22e849b4b0341d0618cbfa7f0207237b97d23e18026636bb6d25fecb059ee", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697618131, "uuid": "e8731d6e-9fd8-48e2-bce0-3a292549bb86", "comment": "Malware payload (LummaStealer)", "value": "184b608359ee2f07bdc6fb3a227ed622cbd5d6bf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697618131, "uuid": "d4f5c016-2f59-4e08-8983-0de553ca8949", "comment": "Malware payload (LummaStealer)", "value": "85674563987cea32ad1a35ce6a38ea16c218dcdcb298ec163dbd882f6ad751dbc89e1fb1b39526d7c24dd36835820c92", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697618131, "uuid": "29db7432-e3e3-4f2f-b62d-a516b7ec4729", "value": "T1B8052317E7D84073E8BA237094F616830B327CA25EB4973B33469D5909B27D4AA32777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697618131, "uuid": "5305d79b-1281-405d-b79a-a305e76dfc43", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697618131, "uuid": "08d418e2-83f9-43df-9740-0e399aebd32c", "value": "12288:+MrSy90tlLCFcGSXp5s0fvukIy+CM3qBUTg2pWhtXpuiZVk6r7ccqap6kYy:wykBCFpSZAkWCM3qB0gFW6/6kYy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697618131, "uuid": "fd8bd041-acaa-4367-b584-548a40e5bc31", "value": 859136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697618131, "uuid": "3c165767-bab2-4dee-a57c-6b11fab2fe61", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697618131, "uuid": "5e9e7c0a-34d4-4991-b96c-9733758d6386", "value": "a437faf40610a21c311ed85dd34d9fc0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fdcd18c9-6d76-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697606832, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606832, "uuid": "efcfc63a-9891-48bb-a921-80d958618d50", "comment": "Malware payload (Gafgyt)", "value": "d96eb08577ba953c7bb42140a798dbfc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606832, "uuid": "484b05ea-4664-4a87-875a-65f6c6cf80f7", "comment": "Malware payload (Gafgyt)", "value": "2afa79a30bea8cb8ee32bab6fb1ac30fbe21341a46210870d5c56612d64481bf", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606832, "uuid": "f0610fdf-f726-4490-bff4-093b2b920367", "comment": "Malware payload (Gafgyt)", "value": "009637f9710d036dc8dbd096ac478a492642927c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606832, "uuid": "7951d28a-54d6-4e1a-a04b-9ac8c83fb8ad", "comment": "Malware payload (Gafgyt)", "value": "211da3d9427a5ddb609752d39bc7c484e00ac5af29fbc3f9e5881b0c4d9fa546935915660326c9ab012b36ef928de976", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606832, "uuid": "41dce416-9e68-4b82-aa9f-90b4ce3f623c", "value": "T1EFD3C62E7A61ABFEE169963107F35F7083A625D227A09345F26CDB181F3128D5C8F790", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606832, "uuid": "da2b211d-5326-4002-911e-d5a3deb1d161", "value": "1536:DHfGlkuMau3GanIg2rK/c6U1J8iEHLfPti2dSImNEz7ugf7hoWlNDsdrj4hs29NA:Kx+/PtiJn8ugN9stXoVmCBgAYiCh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697606832, "uuid": "63c30735-4e7c-408e-b168-3d69035aadf3", "value": 140059, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697606832, "uuid": "61103568-fff7-49ff-a55c-48d5a4debcae", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606832, "uuid": "c607f874-892c-4b79-8646-a340101296b3", "value": "d96eb08577ba953c7bb42140a798dbfc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c119b50b-6da0-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697624769, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697624769, "uuid": "26ae5225-a595-4dcb-b1b8-b8ffa5908f7d", "comment": "Malware payload (Amadey)", "value": "0b8fcc5bdb6576bd6c03883d6b759b5f", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697624769, "uuid": "99d8c554-13d2-4a24-84dc-e0b0f628bde4", "comment": "Malware payload (Amadey)", "value": "2b1b106a8684252cb55a9d2005acad16326dafeba12eb6c37286e3cfb450c001", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697624769, "uuid": "ec94bb2e-ec83-44ea-896d-49eabdf949cd", "comment": "Malware payload (Amadey)", "value": "1a9b8e252dc1e98b177e8150f603ce28e6b33d6e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697624769, "uuid": "a0a7463b-e57b-46a7-8716-5c8e05382ac2", "comment": "Malware payload (Amadey)", "value": "b316a8afce10c789dba702056f164293a51bad2a8736ebf380d2d97fb12944245f794e9e9cb523c061af081224a9ed52", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697624769, "uuid": "352672e8-145d-4cd6-9c79-67e08d4e009c", "value": "T1FD352382DAE85573E9B1637028F213A31939BD724D346B6B2785EDCA4D732C4E13137A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697624769, "uuid": "5cefa25d-8e2d-4028-8d08-c003eb1b5075", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697624769, "uuid": "b3651eac-0f5a-4dc7-9e2d-1b9e1ea86c17", "value": "24576:DyuuoU/oK52wtrhXpdop4PabwHm1nPoGQSP7J1Cim:WBoKBl5dumaM8nQoF1r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697624769, "uuid": "e69112ba-262f-4eba-a9c9-bc0e173d3f84", "value": 1089024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697624769, "uuid": "cbb6100e-9c79-425f-811b-24583fa6bf22", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697624769, "uuid": "9884e0bd-79c8-4806-a887-ea9a292c7af3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fcc45104-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697596523, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596523, "uuid": "51c43961-9691-427d-961b-dd580f84f67a", "comment": "Malware payload", "value": "08af4c563b404a86d4aa811ee4ca7227", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596523, "uuid": "34cac979-6a11-4a88-a4de-416055d03623", "comment": "Malware payload", "value": "2b1dcccb8e852df3dc5fc4d054c3d83da36cf77c6fe258cb76d38e7aa71810a7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596523, "uuid": "d99a6120-542e-49f7-a29e-64e2c0194d41", "comment": "Malware payload", "value": "fe019c395fe74f5b65623f551731d3f898ff8ff4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596523, "uuid": "86d68668-1f41-45d7-a175-716d683e9b7c", "comment": "Malware payload", "value": "e7eaa5a4fc9796999c8ac06ff9f5e82359948982bc6fcadf8609b6e17830c7257280e3b627b8a889ce76b245ec58d348", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596523, "uuid": "89af9052-a268-4564-938c-7d086f40b333", "value": "T1AB94F11ADE69C195FF3AC331CD901B53298A3DD5ECB29C58266DFD88727B7318B04628", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596523, "uuid": "a79fe79a-bbf9-42a7-848f-417e6fc5dc3e", "value": "3072:dxCEXb/5SwyXznmuIlFyEpANP2tUH8Zk3ms9NNRZFfu3YkkxQaQ7X2:rX75SwyjnmuIlFpaP32OnRWKQaQ7X2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596523, "uuid": "5c1edb8a-118e-471b-981a-24e3b2a0ec1b", "value": 417792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596523, "uuid": "abe61893-a4d2-470e-8357-6a63dc9026ac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596523, "uuid": "020af7e4-d83a-4950-b538-e3521374fded", "value": "SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.25485.18170", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1fb95ad2-6dd6-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697647691, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647691, "uuid": "fafaebcc-7ac0-4ef3-be33-1958d7e21b98", "comment": "Malware payload", "value": "c5dacb642fc9c905f9c29e8c3666ecae", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647691, "uuid": "83e34998-c6a3-45be-9c4b-48cfe8c9d8fa", "comment": "Malware payload", "value": "2c33166a74ba155a80bb28dcb1fa905ff8cce2dd19464d5784e863478facade5", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647691, "uuid": "8b8c5eb5-aba9-4932-8917-5ec1da1cb813", "comment": "Malware payload", "value": "21c21c7aff42ded891f2c69bb03f5a7d65758ea9", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647691, "uuid": "82d25a36-d0e5-4d01-92b3-122766b76bdc", "comment": "Malware payload", "value": "0b031d854c2003ecedb9694f2a3a2fa599e1ba90f46dde847a4bac23291689d16f601ad7eb78ae3818ac8adee8b11ac0", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647691, "uuid": "4aee6020-d3cc-49da-a2cb-c477247e6def", "value": "T1C50633523BC6C03AD25E1637966B87B5993ABC651B30E0CBA3947E7C4B353C2E834356", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647691, "uuid": "4a6e86ab-565a-4f67-a6f6-a4e61fab46d0", "value": "98304:cpG1DCG1G1w7cwv9JAEJUvXF/rFmoyqcUQc1ShZ:zE+dvLAEilrFmoyqdFSL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697647691, "uuid": "72506964-15b1-48e2-a625-c77f2b37bbe8", "value": 3751936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697647691, "uuid": "0e6b50a5-35c8-4991-8e13-0b8f05fd783b", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647691, "uuid": "adcb340c-4183-4c22-8845-eda21e578c6f", "value": "destroy.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a3ff2f97-6daf-11ee-8907-42010a9c0042", "comment": "Malware payload (NetSupport)", "timestamp": 1697631163, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697631163, "uuid": "8408dad5-5047-45c2-8a2e-19a5d879f63a", "comment": "Malware payload (NetSupport)", "value": "3f015d4d66ad92314333571ae9f69851", "object_relation": "md5", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "SmartApeSG", "colour": "#C06213", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697631163, "uuid": "4ba0fc61-e6c7-4c7f-92b6-d530967ae369", "comment": "Malware payload (NetSupport)", "value": "2c5016e1ccd967bade3a598bc1abac40d9a7c6fbdc2cf4be844581bbe829811b", "object_relation": "sha256", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "SmartApeSG", "colour": "#C06213", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697631163, "uuid": "aa4f7ef8-4490-41f0-b8d7-dd551a2520b4", "comment": "Malware payload (NetSupport)", "value": "0c7e584a0b573d3d82621a9ce4695a205b97e0da", "object_relation": "sha1", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "SmartApeSG", "colour": "#C06213", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697631163, "uuid": "d195f045-18c8-4606-85e1-1877e2848a3f", "comment": "Malware payload (NetSupport)", "value": "a85300aea6afb72d122e5892b8d15ac453078ad29f0c13807750c4d29335f2f933bbfa23778b63587b85c461616be5e0", "object_relation": "sha3-384", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "SmartApeSG", "colour": "#C06213", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697631163, "uuid": "ed1d3ae3-4492-49be-b587-09e71705ed30", "value": "T174F533162693FBB6C0E1F67BE0ACA8154A6D747CE4F7B476592EA153E93E431D82F000", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697631163, "uuid": "cfd02bf0-aed2-4ef5-b038-a563051eddec", "value": "98304:t1eFXamhRFY89YYc9jh23redpmQRiXuYESBZFR02jZPl7A:reHxYoY59V0redpmQRiNfZN7A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697631163, "uuid": "8f14ad22-b38f-4a83-a7e7-165937e17ddb", "value": 3429434, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697631163, "uuid": "75b05399-a677-4ccf-9a8b-62a98f4cf040", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697631163, "uuid": "6521ce27-b85c-4c28-8eb6-646856c6b39a", "value": "p.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b12b8343-6d5d-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697595966, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595966, "uuid": "eef80fa3-7dc0-414e-849f-4ee7ddc72169", "comment": "Malware payload (LummaStealer)", "value": "d8b0eb4694b73e9804d3d97564c72c6a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595966, "uuid": "ed2c795c-fa40-412b-a127-0f457b80612e", "comment": "Malware payload (LummaStealer)", "value": "2d84a1f66918d3418d93b1cf3eaa59fabe19faa13603d55ae1fbb2de2ae8941e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595966, "uuid": "fa20601f-f1fd-4927-b3be-1e90b020deb0", "comment": "Malware payload (LummaStealer)", "value": "019b9836fd7cc1c5e4631df80c12137cd411d837", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595966, "uuid": "33a782f0-cb5e-4c58-b9e8-e105d5822fef", "comment": "Malware payload (LummaStealer)", "value": "72f567c4c9858f310073a655bee5eb51a65f056fdf12633632038935ab9fc08352a6f097f4f3f32380d71957c63093f8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595966, "uuid": "cb919802-ca42-4e27-a454-5e1b934f1501", "value": "T12D352313B7DC5022E8B277715DF726531531BDB359AC92A9238EA98F1CB39849C3133A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595966, "uuid": "4fe5c03e-8d47-4bed-b65b-302af3af8571", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595966, "uuid": "bb23f972-84c3-46d1-9177-f3e58c893f3f", "value": "24576:OyMeZ2GKjWfY7clRBP/lSoqHxYQqoOGiecj3Q6mEsG:djZ2GvDvF/k3dLOGE0V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697595966, "uuid": "46ecce1a-8b2d-4288-bf6d-fe9fc2c9dc54", "value": 1099264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697595966, "uuid": "eefa2754-a326-4e87-a3bd-cb2086d93613", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595966, "uuid": "7876f918-d6d9-440f-b197-16db41965bad", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b1d6652-6d80-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1697610774, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610774, "uuid": "c240a0c8-15c7-44cd-8a7c-45c5492e4404", "comment": "Malware payload (Formbook)", "value": "5d677cb9e664dc3e22db4209943d13ca", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610774, "uuid": "d1ae41cf-bbf3-4ee2-9f20-a8313579a3d8", "comment": "Malware payload (Formbook)", "value": "2d96660b99f5f21479136368acf1ca827eb99c49f01faa5d3dedf13f61fee819", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610774, "uuid": "cfbb5f28-81a0-408e-9198-587ac531ae4e", "comment": "Malware payload (Formbook)", "value": "ed81401a76fae7b0c06ba6779711a97a41f5c775", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610774, "uuid": "af66dd65-a113-4762-8d43-b352bcb49ff7", "comment": "Malware payload (Formbook)", "value": "35a0b8310c0f595adbaa20654c6482c36ad86d0904541b72020fefb9202138cc1ea0aeb0df16d73d8686b2de9ccbde32", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610774, "uuid": "eefab300-4669-46f1-9c97-c00fef761d33", "value": "T106E4126433A5DB2DD97E0FFA4021E700C3F6E906A92AD6994EC400DD4A77FA99418FD3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610774, "uuid": "8d3d4aa7-100a-43e8-8629-1732dcd3128f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610774, "uuid": "5cd7bae5-fde5-4253-8487-e43bda945261", "value": "12288:yzfqBOz9gtaObWgJ3+uefXFE8RKu0Guv0YfmvnnhJwlyajpP1OClCdK:yT6C9+ighPsXZEuzm3evnrwlpjpP1pEd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697610774, "uuid": "96c894b0-d930-411c-a21f-2550ac45ad92", "value": 667648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697610774, "uuid": "fab9237e-55c8-4039-a527-c6a3e633af86", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610774, "uuid": "9ed05e1e-0f0c-4afa-b9ab-247ed57bac15", "value": "2212093-3 DV_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5163e932-6e0c-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697670967, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697670967, "uuid": "31738266-5da6-4a27-a06d-dc853c1580e1", "comment": "Malware payload", "value": "b6e1f18d7cd37f7fc08d1ee81e57a471", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697670967, "uuid": "333a8121-54c7-4268-809b-bd7ea15ed013", "comment": "Malware payload", "value": "2eabafa28a5f2a7257c47d8d4c9b5264234b259b8a38cc7a738ae017fb91151a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697670967, "uuid": "f358096b-9ed3-46ab-ab52-8650d4d82659", "comment": "Malware payload", "value": "ace2a1eca2ed5c0ab540e0cfd27e10812ebbeb3d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697670967, "uuid": "bbe4bb8f-0705-42a9-b535-6f5bbe2cdd7a", "comment": "Malware payload", "value": "c80be6288c8db5bbadcff7b37886210fa1efbad34d3648ca083359e80fa9f05b4cbc9b84fa9353ee2be58b66e6aa1a64", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697670967, "uuid": "7cb75854-01b1-4626-a1c8-f781ac4a0bca", "value": "T15944C011BB90C836D4A32A315870C6912B77FCF2BA7485CB37983E2EAD712C15B69753", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697670967, "uuid": "fb0205b9-3c6d-4e80-8d33-9ead4bf3ebbf", "value": "5241d7444d4d8584697b8889b03f1a00", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697670967, "uuid": "3ee42c40-7f99-433e-b15c-d530bd5dce93", "value": "3072:qDBNxAzyzjnkG+W6FWGaLBOzRDd3Y4rGdLBoaf95v5j+zi0ZO:GYyzjkG+W6FWjLqRxHrGkaf9p56Wh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697670967, "uuid": "7fb60b3a-8b86-446e-85dc-afacc074634f", "value": 268800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697670967, "uuid": "b94d98e7-acf9-4efb-ab2a-ef125ba1d597", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697670967, "uuid": "7884e8fa-82af-4acc-9034-f6f136a38161", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b451c83-6dca-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1697642691, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642691, "uuid": "88842492-8279-4143-ae5b-19c3e4cf28d0", "comment": "Malware payload (Formbook)", "value": "8c707a0e4d49bb70f3ff64396b8f6893", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642691, "uuid": "cf7e4679-6984-4ed1-98d6-d7d9f8e6a800", "comment": "Malware payload (Formbook)", "value": "2ecbe8f0f1941d84d6b70e6cbf1150dbba39c95afffcc2c07e90308f44b904c7", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642691, "uuid": "bf9a9211-0256-45b3-ac7e-67360bd0911f", "comment": "Malware payload (Formbook)", "value": "1a52ec1c1ed10f24e0bf5c30ef5a685a6343d359", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642691, "uuid": "3ee8e744-bad7-41ca-b159-39c23eff3a91", "comment": "Malware payload (Formbook)", "value": "9d067665d8dfdf13c867e34f609718622d420599a77ac2893cca5359d9ad8268e9cf1b38a33f9846da634906f939380d", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642691, "uuid": "377427a3-2951-43e2-a86c-9a5443b25a8d", "value": "T181D4235826095A1DB03F9481C1895F8A3A5BEFF6A7906148FD858CD39532613ECE7C3F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642691, "uuid": "e6078a61-3239-4090-8b28-53956b5313bd", "value": "12288:XlCoD4Als0kq1xyeMt+LNBBUQ5WSvbwpCsHk/KC8cNHF+A8Jl6j:1C8l8+RBiQASzrgcNHHr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697642691, "uuid": "5a85acd7-6b5e-4e6e-8e38-625d3a6b5d6c", "value": 618549, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697642691, "uuid": "3471bd83-5c01-431a-bb1e-ba5cfbe02ea9", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642691, "uuid": "da04ef62-4487-4ef7-9548-e2c0698bdc22", "value": "PRICE REQUEST FOR PO KIPO000903 ( KIND122822 ).rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fabc9494-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697596519, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596519, "uuid": "556cf147-9206-4a2e-a748-1968834a3aa3", "comment": "Malware payload", "value": "a37b099646ed7fcf6ab3e3bc64114ad2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596519, "uuid": "8cf3aafc-3e74-4968-98c1-4fc357aa8c74", "comment": "Malware payload", "value": "2f542206688519003a19a39e51eba51d1f644489fd1e3fcb48ebbbd7062d5906", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596519, "uuid": "3622946a-ce6d-4f48-beda-c67e8bbd38f5", "comment": "Malware payload", "value": "5a3961849b7e802c36a0629e9cf108f88b987172", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596519, "uuid": "0314ca37-88c4-4405-a349-a54504a336a9", "comment": "Malware payload", "value": "d0642f36938439e6ac405ad46a70742b1d48b6777b4935af98b672272635c9146d456a4baa357d47658ad62d4ee308f5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596519, "uuid": "495e6027-b797-4450-9219-d01e2b8ab483", "value": "T18C251212B4C0C273C07A223548F28BA1971DB676176B66E3778E5FB56E0D2C296353CE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596519, "uuid": "9f23b5be-b07a-463b-a51b-5ba511031dfc", "value": "720f62ecaae027b5c3ec6686644322e9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596519, "uuid": "1b84d481-b34d-45fb-9ffd-e97dc7e8cb75", "value": "24576:YXQkTf4yJBV1Ls2wBPMnI8Y3rGLJAOs0s6zgo+kIKeiSXSlwcZk6uVMg:BkTgyJBV1Ls2wBII8YcU6XpWi6+wcZ1q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596519, "uuid": "8389e376-e7b8-451c-81f3-1ead356eb6e8", "value": 989184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596519, "uuid": "d3b2dbe6-d3d9-403d-920f-c481d1368c55", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596519, "uuid": "d8e09504-01f2-41ed-8f4c-dbac6d14ba03", "value": "SecuriteInfo.com.Trojan.MSIL.Injector.14998.29363", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "215d4a3d-6dd3-11ee-8907-42010a9c0042", "comment": "Malware payload (MarsStealer)", "timestamp": 1697646406, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646406, "uuid": "fc2f17d7-0b89-46cb-908a-632175d43201", "comment": "Malware payload (MarsStealer)", "value": "bac3ffc60c952bf5b15d8180aeadb6ed", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646406, "uuid": "d1c7ed89-4ac8-40c5-af97-edd54ecf3930", "comment": "Malware payload (MarsStealer)", "value": "2fc2dbfc4d287d1cc2fd6021c2b8285f96b8ae83710a7f6cd301ff53418422f4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646406, "uuid": "173cb3ad-53f4-4e5a-8c16-eefc1e694f99", "comment": "Malware payload (MarsStealer)", "value": "cacff02751144162fe7b26a99972a874d218b676", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646406, "uuid": "c7862901-419f-43ee-b522-105083923061", "comment": "Malware payload (MarsStealer)", "value": "eb9f1f46461d450f614a30f96ce73348bc475ba8ffe305acf3ffa11d812a7bdbf83bff40d9d79f551c6c78c87464f0c2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646406, "uuid": "2d2fbdb2-51a7-4cff-81d6-5012f3405e41", "value": "T1C144CF11BA90D432E56329306830C5A56B7BFCF2BA6545CB37843F2EAE312C19F65B53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646406, "uuid": "a27c40a0-3fdf-4f1c-8724-870121ef0b89", "value": "16611b6b96a67ea5066ae4525e5da85c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646406, "uuid": "7be228ef-ff59-4d26-ac89-b1442ebc9193", "value": "6144:QRLySj0GK6fpwwNMV+LPw7z9IbMHbEUO:HKK6qwNaywf4MHK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697646406, "uuid": "71b95c4f-8a43-4100-93b8-929639f7e369", "value": 268800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697646406, "uuid": "cf3988ea-0b74-49ee-9723-5f4721ccae16", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646406, "uuid": "802a2e52-62e4-463a-8b9f-d31fd5702d8b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1d5f5dc-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (PureCrypter)", "timestamp": 1697645386, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645386, "uuid": "9d3960b6-15aa-41c8-a80f-245b3ec8542f", "comment": "Malware payload (PureCrypter)", "value": "c1184fbc342efbee42a59ad0c35e96c7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645386, "uuid": "d0a95fc3-1328-43d9-b9d1-e745a428575e", "comment": "Malware payload (PureCrypter)", "value": "315779758662f03598c48b2bc81a34555e4a746fbe66e54623532d79fc2efb08", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645386, "uuid": "8b7a6248-cd0f-45a6-84c1-c20a57ace947", "comment": "Malware payload (PureCrypter)", "value": "deb487c4fde98cc57c732a5f88c33b0e4f3a95de", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645386, "uuid": "8b22ca8a-45f2-4eaa-8e5b-6c92e2a78a91", "comment": "Malware payload (PureCrypter)", "value": "e7c72445c59015c52dc80c42bdbcf3aa71ee41f788545319159a654ecfd0c9c5690869509c39ca05f93f78d6da2d03e6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645386, "uuid": "35362432-3ea2-44a8-b8bf-433ceef8c1cd", "value": "T1D94419956BE8C61BF2BF9BB1E47007144AB9F982F467E74E4CC934EA1D1330499113AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645386, "uuid": "bc13cbef-341b-4a17-92af-8d1c6106481b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645386, "uuid": "88825982-41ad-42de-942d-364ab2732bba", "value": "3072:W78dez1a4eFXPMfF6WNq2OfzHwW+J9rZHhz5Np59wuSPtTrGw9vNDYl+xrULBIzz:Fezw4eFXnm9rZHhz5NpgIIyib0QCxF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645386, "uuid": "3e9f58b7-ec45-4f58-bec4-bd7dff7ed621", "value": 278016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645386, "uuid": "0724206c-a80b-41c5-a99b-faf4c77b9f63", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645386, "uuid": "2e95257c-ebe8-4527-9c0b-81a8242c119f", "value": "WONDERA - PRODUCTS LIST_18082023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc23056a-6dce-11ee-8907-42010a9c0042", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697644625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644625, "uuid": "505a1db9-2cf4-404e-b990-fd0553b771f8", "comment": "Malware payload (SnakeKeylogger)", "value": "69110e7c026f12d745c9eb14457cf51e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644625, "uuid": "cfd2f208-1677-4a75-ba31-46b15b6a6f3b", "comment": "Malware payload (SnakeKeylogger)", "value": "31899311def16c86b9d15294fd9a2b765b4a574b79a28d70b0f3dd73b25d62f5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644625, "uuid": "bf80678e-bd0b-4289-b434-d7591c1fd0da", "comment": "Malware payload (SnakeKeylogger)", "value": "7dd89471735d1bfa3dd903e7ad92c29106dc4cce", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644625, "uuid": "a798a325-e497-4dfa-9e54-387c80e8f773", "comment": "Malware payload (SnakeKeylogger)", "value": "b62946570bda9a606fb53b5e62257f35b1af6118c86d151631266c90aa30b5830177848f184ee4239d0dd8e7a16a7ca4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644625, "uuid": "a33afb2e-75e7-4e61-8138-2070869e59aa", "value": "T120153A3D29BA263BC1B5C3A9CFE1C827B154986F3421ED6598C357A64346E4639C323F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644625, "uuid": "798cc9ee-d622-4c84-8b75-629134c7c168", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644625, "uuid": "f04ec131-f014-482a-811e-4b3620c61b35", "value": "12288:+b2V7zXvhzk2tGXG3yFyHNhr8LZNeqaFr+sfCEpqQxGgqROd:v7zXBvQKu2ZeZNZ0r+agROd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644625, "uuid": "0a409581-3897-467f-a50b-725b5fee5c17", "value": 924160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644625, "uuid": "3f0c16fd-f51a-47da-a8fb-d8ecb48757cd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644625, "uuid": "f5bb74e7-6278-49c5-abb1-538bdb778805", "value": "inquiry 281023 0090101091.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65e20bfa-6d85-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697613020, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613020, "uuid": "efdabd61-301a-478f-8dd4-8dedcb76b4e0", "comment": "Malware payload (Gafgyt)", "value": "6041b9e8626fddff8f66f0c688de8db5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613020, "uuid": "4271a1f7-5a0a-4362-8813-78daa8918fb9", "comment": "Malware payload (Gafgyt)", "value": "325a0af297de3708c90e44a669834ec8284f8ceca00f0a51f418c0ad234725af", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613020, "uuid": "e13eeb4d-2334-4768-98f1-dea1e6bc418e", "comment": "Malware payload (Gafgyt)", "value": "b790724838e5f3faaf5d442d97d2938bcac26348", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613020, "uuid": "65d7d6f3-9264-449f-a5b1-932747a4bc5f", "comment": "Malware payload (Gafgyt)", "value": "149e69a7c5785093ab398011c3a11862afaed3cc640816c5ad16c5bd1e80ca751125b3d0567f4965a68f2afb229fbe9f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613020, "uuid": "9cb91a72-6dd8-4a00-bb9f-61483f3e241e", "value": "T1C683294754A25FB7D04A6AB92DBB45B0075BAE510F0F1A9B716CB6B4033F8CDB40E724", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613020, "uuid": "d2580732-d339-44fe-a4ae-d8e73f3db9ab", "value": "1536:zq+nFLya2MnJdTjONX0UU4lK5p7bbvCOz7oCxN2oHUJa:e+wE7jH5lvC0oqN3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697613020, "uuid": "08a18003-e39b-4e02-8fb0-d0b3f16c090e", "value": 82844, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697613020, "uuid": "e8c8f140-043b-4394-ab03-80f15898cc41", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613020, "uuid": "cfa33056-e7cb-44f1-ae4c-6b544fc0dfd8", "value": "6041b9e8626fddff8f66f0c688de8db5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f9b7a77-6d83-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697612097, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612097, "uuid": "d304d044-6457-4fb0-8def-65d9a61269a5", "comment": "Malware payload (AgentTesla)", "value": "24581cdbc90082184625859b817bb848", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612097, "uuid": "d5a674e3-a198-4fb5-9037-0ec934edc430", "comment": "Malware payload (AgentTesla)", "value": "32812b32bcd108fe5d4322071ae981c09366c7e424e788db406d7f850b4d91fc", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612097, "uuid": "cc34622e-bba0-4597-b304-88d5a6d1ed04", "comment": "Malware payload (AgentTesla)", "value": "9f3d11b7bede7a3a294045ec04240e6618a1750e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612097, "uuid": "4bcf6e3c-7e5a-4d80-b443-b88b810b36b4", "comment": "Malware payload (AgentTesla)", "value": "76295057fcecb49dae3168bfef41d2a678a83b96dc3fe0a2e6765c5d949f243167d6bed91acf19b8516be7068f39f62a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612097, "uuid": "cd5a1d4d-7623-43b2-893e-701e536fb8bc", "value": "T187F4DF9C3150B6CFC86BC9328E682C64EA107CB7571BC253A45336ACAA5DA97CF055F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612097, "uuid": "f96c932e-1eea-4bac-8cdd-38071c9535aa", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612097, "uuid": "cde69716-3b41-4da6-9712-a8b55c1639c0", "value": "12288:AijY2+io9yyzdzfQdP+CEltOeAbuWsMYds48A5UglTAqDRJOQuZ863No+nSKoVyE:AYUfQZVAKbjS1d51cqDDA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697612097, "uuid": "bd8062af-e596-4b29-b6a4-be2139cc5d8f", "value": 754176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697612097, "uuid": "4634aa73-7a5a-40f8-b68d-fa5c15bfb959", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612097, "uuid": "874f7af4-9673-4eb9-80e1-9e454bee2d88", "value": "PEDIDO_D45KG.PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fa0631ae-6dce-11ee-8907-42010a9c0042", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697644622, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644622, "uuid": "82cb8e8e-079f-48a4-8045-7f056588874e", "comment": "Malware payload (SnakeKeylogger)", "value": "89c1879930e5b0c39baa5932ec3d829d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644622, "uuid": "1fe81ce5-8cbd-42b4-a328-d3c5fa45386b", "comment": "Malware payload (SnakeKeylogger)", "value": "32996e18720ed05ffe33a6e787680c248b05c9bdda265d9970043de9348bd248", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644622, "uuid": "4368ffb1-3e93-4e23-8f5a-cfb242dc71f1", "comment": "Malware payload (SnakeKeylogger)", "value": "9ea5c83f635e1cc35c4dc3b5a7d4974bba379076", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644622, "uuid": "cd62b6cf-b114-4d0c-9086-bbe36e52c004", "comment": "Malware payload (SnakeKeylogger)", "value": "a97135b2b78b0284d8cd2ca9e28a31514a8d484130d734704f2c1f49f73776bcfec7bad4ea249108fbc39f3f31749a40", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644622, "uuid": "f0799d76-8614-4f71-ae16-83db4beb6817", "value": "T12A94E052E2994305C22603B7DA628160D53B7E36E935D5382D8D398E47FFB8EC5227E3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644622, "uuid": "2ad6d3e6-88c7-4179-991f-514156aa2381", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644622, "uuid": "3b85d1f5-c892-449c-aa5e-4aad7c4b2dbc", "value": "6144:Vij45DzBIKD2SJMzodRpUZNFvzqsG3OHDWLNFwNYdk6ceh9X3P9u4oWNl:ZfD2S+j5VBSLNuQk6ceX5ll", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644622, "uuid": "929d6b4c-14ec-4080-97d9-373df85a8b88", "value": 408588, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644622, "uuid": "eaa2442a-d754-4573-9b89-b26d47cf5438", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644622, "uuid": "358fe2d7-014a-429e-9ece-7e55590d5709", "value": "89c1879930e5b0c39baa5932ec3d829d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a9b322f-6d75-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697606129, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606129, "uuid": "72740aaa-44bb-4484-8505-a99db3d9d5d5", "comment": "Malware payload (Amadey)", "value": "6127a67b2a7f2a699144b75e856e0745", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606129, "uuid": "7a9991dc-2102-4849-b30e-ec9fd438c75d", "comment": "Malware payload (Amadey)", "value": "331851528995da5cbcf726e0bacca9bd6c9282edc6274f141bb3a57b6d959834", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606129, "uuid": "3ca0bdf3-31d7-4608-958e-5f056bf9270f", "comment": "Malware payload (Amadey)", "value": "4e37895500f01f7985660cf9aa712b0f6c32b74c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606129, "uuid": "44263995-0f39-4316-be56-c7d207206b5f", "comment": "Malware payload (Amadey)", "value": "07ad79ccfcfbd443a0a5dd11e5693488d03a6271308a962de0fe0f214d76a694c158554ea4db426e0202d276d6219e76", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606129, "uuid": "beb19157-970d-488b-bf53-6396d618aa86", "value": "T17C3523627FFCA433D9B153701CF712531B367CE20AF906AA26D0A9571DB268894317AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606129, "uuid": "285cb08d-510d-41bb-8222-a25733ed0ffe", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606129, "uuid": "50cb4019-660c-4b0e-95f1-cb60f639217f", "value": "24576:QyRn/fA4K+i29z0zLddPJpmu/Zsilm1xh:XRnzK29AXd5JUxd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697606129, "uuid": "051e55e7-c0b4-4a94-98fa-49a0027d480c", "value": 1098240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697606129, "uuid": "be6e829c-430b-4d4a-a2a5-ca1921542fb2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606129, "uuid": "6095e6e5-619a-48b9-b621-a2c7f8e6de86", "value": "6127a67b2a7f2a699144b75e856e0745.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "80428fbb-6dcf-11ee-8907-42010a9c0042", "comment": "Malware payload (RiseProStealer)", "timestamp": 1697644847, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644847, "uuid": "9328b4dd-8e2e-482b-a036-b2ebbe31a785", "comment": "Malware payload (RiseProStealer)", "value": "aad347633b35ac9d9adf1472575f5e39", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644847, "uuid": "de0eab6d-5c49-44d3-9630-2623f9e6ac53", "comment": "Malware payload (RiseProStealer)", "value": "3337230aca7cf37e144531642e68b35c509c97bb18fbe44b4b51bf115b764bd2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644847, "uuid": "220d4c21-43a2-4842-b02e-7cdcba0ecfa2", "comment": "Malware payload (RiseProStealer)", "value": "e306f092e1ce688116d600ce060048560b9cda4b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644847, "uuid": "dbede604-7494-42f2-8a78-60e940c80eba", "comment": "Malware payload (RiseProStealer)", "value": "61ecca3a4d553331a2a41fe2edf0afca62faf790d3fd567bd4245e8c4d3b266994e5ba48de1bd816a05ab3a07eba75a8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644847, "uuid": "69163911-a620-421a-8c39-fa0087e57288", "value": "T1421633504EEE52F8F08A2A71C28BD64A23DCB37381546F56BEC41C0199EDFE8F15A857", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644847, "uuid": "7494632f-2038-453e-8f37-8727956bd4eb", "value": "b05e2410e92b97a4b739f3ded2bca4b2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644847, "uuid": "2f765ed2-71c0-4bfb-a2f4-3596cef2ad20", "value": "98304:gRkxaUFZNwayfeZHvinQCJu3tJPm8W/t+:gRkgUFYminQCJuNM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644847, "uuid": "06faaf3e-75c6-4a45-aff8-8fc8b02a105f", "value": 4095488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644847, "uuid": "fa05d6e0-76e9-4804-b67a-bb6562a0e559", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644847, "uuid": "1f7f03df-3f01-440d-bde1-bc60c7fbcde2", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9d374c15-6dca-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697642748, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642748, "uuid": "bbfc563b-ed6d-4649-b672-2e667ee14997", "comment": "Malware payload (AgentTesla)", "value": "95f4bab91eb981903888bdb5c83a9a9f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642748, "uuid": "978c1677-bb9f-4af1-bfa5-e18b053b89c2", "comment": "Malware payload (AgentTesla)", "value": "34142a0bcf95881a4fead99f07d0af14054cbce1ed9caf81a35e72b547e8ff9b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642748, "uuid": "def12206-584d-48af-bef3-b50b87dcd486", "comment": "Malware payload (AgentTesla)", "value": "cfc1a27a1395910679915ad90b5ef030bc57d736", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642748, "uuid": "e7b9302f-5e62-4e5c-ad48-2fb1f1396bc8", "comment": "Malware payload (AgentTesla)", "value": "c2be1afa6890426c84353ceebbef4db103345f6f1085524be6a555281ffc9039e839c4d6f267e1e6f4058278b5c269d5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642748, "uuid": "8edb32a6-3041-43f8-8f59-a6bd705dc911", "value": "T13AC4AD7471EB2BD5D336EBF5438A2C4883EAF176521EF91B2ED6C282701DE409F02665", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642748, "uuid": "16df56ed-9834-47cf-9b6e-ea8fc6230487", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642748, "uuid": "9c246b95-e7a4-4ae3-bdf1-5aac9dd0908e", "value": "12288:3ka5qKAiof31so4vOALH01FItxdwnYqqoY9vu34JM7w/:3ksCv2o4nLUACnY3i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697642748, "uuid": "036c04c4-f1ec-4b5b-9a52-40c621b7bfa7", "value": 545792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697642748, "uuid": "6b97805b-3413-4209-a0a0-e1bde2e56e80", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642748, "uuid": "ae163233-2bae-45c5-acb6-5dbf9bf39ce9", "value": "Purchase Contract.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a5f89e5-6d85-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697612974, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612974, "uuid": "5a15506b-e40d-4322-a5ff-f77a8b1c26ef", "comment": "Malware payload (Gafgyt)", "value": "b58ee6faf62948a7d59c2b7e21466822", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612974, "uuid": "1b333745-daca-44f2-be78-1723d30ce7c9", "comment": "Malware payload (Gafgyt)", "value": "34306b15d062b60dfb15fd37a3ab5b16bc309795d49d43a2d452177cb480888c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612974, "uuid": "deb51ebe-9542-443a-8eda-4e096e2e9e6e", "comment": "Malware payload (Gafgyt)", "value": "09d66651ab79d866e17e761f2c57c5b3da75b9c0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612974, "uuid": "051bad0f-4a23-414d-8be1-b4729a71f1f7", "comment": "Malware payload (Gafgyt)", "value": "60dc3b45aba8c6368dc47e2a705db5926e2d7d80308e613f5e17a1e94fd73271afa5b2932793d229a554ea1dd832fd2f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612974, "uuid": "ab4ef90d-90ee-41d1-84e2-79fdd6087983", "value": "T10DC3766A3E51BBBEE5A8873107F35F70C399299226A1D781E26CFA185F7128C1C5F350", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612974, "uuid": "56d4d805-af06-4e94-8394-a57990947147", "value": "1536:fVNy7Kwv/VhKnyVIYcd/NdlkpW7YQ/32rKAP9XO/uYe7ealGAD/0NO5e+vg8:K7NyDYe/uYePGg5I8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697612974, "uuid": "5d80b886-6a04-49db-a84d-5d56a6f45025", "value": 119167, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697612974, "uuid": "b995ff31-ad37-40a2-b3da-567758a46e75", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612974, "uuid": "5ae7579a-f977-4b6a-ade5-3cb7046f786d", "value": "b58ee6faf62948a7d59c2b7e21466822", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1535baf4-6d68-11ee-8907-42010a9c0042", "comment": "Malware payload (RemcosRAT)", "timestamp": 1697600429, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697600429, "uuid": "2d64f25a-b2ca-4827-8733-54283e98651c", "comment": "Malware payload (RemcosRAT)", "value": "d5a5d7ce1933ead3337222a338913584", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697600429, "uuid": "20fe4d7e-393f-4fd1-b67f-e949c4aab165", "comment": "Malware payload (RemcosRAT)", "value": "34c7377e5b187edf6d660e7df34b68b968940b6de1399c2f4a3e5675099139f4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697600429, "uuid": "ef92ced1-f7e1-4485-9b09-9288141de3ab", "comment": "Malware payload (RemcosRAT)", "value": "c9676ec271fd4460740ee6c8dc261af7cfd02327", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697600429, "uuid": "53b6aba5-7251-44d1-87e8-16e46d9d83f5", "comment": "Malware payload (RemcosRAT)", "value": "ee92a883657f58b81abde9535277c518ac7775fc49ea552cf9dd5b2450d9fb84fce8d9c610af7220606aa75b80e82957", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697600429, "uuid": "b56d368f-6777-4ac4-bb97-eb94af846050", "value": "T11E55B13D59B91227CC69C7B9CFE59827B000B86F7471AD6D98C667A60353A8734C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697600429, "uuid": "2650352b-363b-4831-b7f0-b3fc0ba60421", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697600429, "uuid": "14071bc1-e006-456c-bd96-b27849968114", "value": "12288:SPQr2VVv1fljMsU6y0m9w0hOgr3Aah3jiO02sVpM/fjx4wL4rhv08V+by:MVnNRU6HcOgr3AatOOWvwL49v0B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697600429, "uuid": "22921f0f-fb1c-4626-84ff-cc9897aa51ec", "value": 1338880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697600429, "uuid": "37bd222c-142b-4f5b-a082-877cad4fa2ef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697600429, "uuid": "5db70f91-8bd1-4b8e-8d40-e57514f62eaa", "value": "EGHU2323OCR.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c11a3823-6dd5-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697647533, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647533, "uuid": "2130a6bb-82a2-4a1b-bb4c-3484a073e300", "comment": "Malware payload (LummaStealer)", "value": "a5050402ceb0a865b0ae6d146af53779", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647533, "uuid": "e8d035bb-70fe-4783-ae82-71847de54976", "comment": "Malware payload (LummaStealer)", "value": "3505e27eaf2c4113fe1504da03873536e469aae8ca007e8bd077ffec24b7f252", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647533, "uuid": "05306d29-4a6f-4e2e-80b0-cd253b9b63cc", "comment": "Malware payload (LummaStealer)", "value": "8b6b6c94cf32334cec066f2c775e350e53ac9bb0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647533, "uuid": "a3b39516-2312-42c1-af1f-b0580b6b5bb3", "comment": "Malware payload (LummaStealer)", "value": "0628a4fa84130863172ee36b45817d08a7c86632813ce2316f89b578f64cf8f75dff5167f2a3898c83045648d5ebf2ed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647533, "uuid": "6d4519e4-ddbb-4768-922c-68b270b9ae68", "value": "T132252312BBC8C136E4B517715CF7038719357C566DB8829B5B408A9F1CB2B98B932B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647533, "uuid": "5d629dfd-2eb4-4cd1-80a9-2fde5aefd203", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647533, "uuid": "aa0db5c5-480e-4b06-a627-668ee37940be", "value": "24576:8yP+EPa0n0qkdo1VYs8NiAaOesn7IB+LaKxnPreQu:rPRaakqYxiAaOes7NaK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697647533, "uuid": "2e101138-45b7-4448-b95c-41310206fe1b", "value": 1001472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697647533, "uuid": "5ddfd7a7-1dc9-4f32-9679-bd71e0ac1989", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647533, "uuid": "6a579bea-82d0-4acb-8361-da2b194ec864", "value": "a5050402ceb0a865b0ae6d146af53779.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0db76476-6ddb-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697649809, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649809, "uuid": "d63c6650-cd18-4257-85e6-19357497a576", "comment": "Malware payload (AgentTesla)", "value": "89e7a2a15d1a8eaff2f2570f39532c1c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649809, "uuid": "897f6a3c-32c7-4ead-a20b-6593b76f523b", "comment": "Malware payload (AgentTesla)", "value": "356025114ed69404543712922762409938a37d54cabd294c661d844cc547fc52", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649809, "uuid": "03233859-993d-42d6-a291-b88e6e427f14", "comment": "Malware payload (AgentTesla)", "value": "7b4f8cac2ed84ebc8d98651a83bc3de8950ee42a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649809, "uuid": "b488a62a-b397-47cd-aca9-d2e4abbd2e5e", "comment": "Malware payload (AgentTesla)", "value": "693d2879c2217430845b2a8b14d107cdf9b93ed5edd4112c26f32b75be3df3f8d3621ff4154053025744fd8432e7643f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649809, "uuid": "11ac629f-f15e-4b62-a1d1-096a582fabef", "value": "T1B0357E3D1AB91227C169C3B5CFE1D823B0049DAF3051ADA668D37B666773A4674C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649809, "uuid": "cd4edf74-b27a-4df0-844e-1dededb7eb1a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649809, "uuid": "7c377164-0447-4f01-8479-1161295d324f", "value": "12288:isMAnkN0CJxECWxTM0Dw4A5Pu8+kCIeN9kNEXY/3SJ:dnkGCJxfWxTdE4f8+3nkNKK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697649809, "uuid": "ce5feff9-1cbe-45ce-8f26-10dc4a26638b", "value": 1095680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697649809, "uuid": "c2a93a76-47c9-49ea-bed9-ecf6a4360aef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649809, "uuid": "a054936f-e002-4f6e-8e37-14fa30908bfb", "value": "89e7a2a15d1a8eaff2f2570f39532c1c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f9acaa6d-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (Loki)", "timestamp": 1697645480, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645480, "uuid": "d77a4952-d3f2-4258-8e33-968328da6025", "comment": "Malware payload (Loki)", "value": "69d546b77e24d37ef25c57eba8b2a7e0", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645480, "uuid": "79e5b10d-7e29-4bb8-804c-3c024ca466b4", "comment": "Malware payload (Loki)", "value": "3665d429fa491a95b0a14e115e8aff0fa4051830775abbdce9a9b8ce85ba3c59", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645480, "uuid": "d725ba32-3289-4697-8815-1363335ef878", "comment": "Malware payload (Loki)", "value": "211d169b319fcc6c04106825ab59c3106d85388b", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645480, "uuid": "da3974f7-1ede-4009-9840-4a2adb0d0150", "comment": "Malware payload (Loki)", "value": "04dea6daf8c36ca7c5a9ac1ba5773cd98cd41c7fca577b85f69f90bbeea17cdfb11e7537049dd704e04d6b4d598a38b3", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645480, "uuid": "b3942760-e77a-4dee-8af9-38a29fcc5f68", "value": "T130537DF1DF46150A4D4B27E6EC418872C9BD816A5522013AFFDD738E920BA8C57BEB0D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645480, "uuid": "4c10d3a8-585b-4969-8439-aba0ac64080b", "value": "1536:fyic93YBIn4EMcDB6EGf4W4LHklhAGemqeAz:fyi83YBnEMcB6EHW4LHklh3eReAz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645480, "uuid": "23808acd-006c-49b3-b679-2ac988d96ddf", "value": 61877, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645480, "uuid": "32d7cdc5-86af-43cc-9259-fc477cae51b5", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645480, "uuid": "e8dcee9f-e2d4-465d-b09f-e6e9acb05482", "value": "Cerere Oferta de Pret UBB2310-18RO\u00b7pdf.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41521913-6d93-11ee-8907-42010a9c0042", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1697618971, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697618971, "uuid": "98b6b27e-400a-4aa2-9320-ae841718b4d1", "comment": "Malware payload (RaccoonStealer)", "value": "c15c368bac44af0c14a70b4b3d283de4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697618971, "uuid": "5c20b3d0-6b74-4acc-85a9-acf3c7b55074", "comment": "Malware payload (RaccoonStealer)", "value": "369df464e16f2be8d7e939b00170fd979981893ec321d5a651452db47e191222", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697618971, "uuid": "fa4e20fc-5fb8-4b5c-8b1c-c4d05eb223b3", "comment": "Malware payload (RaccoonStealer)", "value": "dc0db2b44799a69ea5e1043b4652276accf2bd2a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697618971, "uuid": "fb931e68-5a5e-42bf-b538-a572577c1640", "comment": "Malware payload (RaccoonStealer)", "value": "b471582c391e771115bf6649d0aad66ec1b288b32767a38e8fee347cda7e261822ba09e47c2c7ebc6d9dee8ca59ca127", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697618971, "uuid": "ab4eb069-a1fc-475d-a79b-f120e81fc1e8", "value": "T183E53351B684075DC1884271452B8731F633AC9828D8AFB12F977DEEB998CDB0A674CF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697618971, "uuid": "fa309964-db5d-47c2-8f65-f0a8f680f3e5", "value": "a7b93c85322555ce5149c255418da6de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697618971, "uuid": "10c56224-01e3-4baa-804b-4edbca93482d", "value": "49152:rKvjip8n8cd4734PuQzbNq9BMHAs/B7xWM1mq3Q3V7tKtY4QfyG7/FC2pe:KWp8dd4rxQtMmHRpUM1mQWVBKtY5yGjq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697618971, "uuid": "37343d9c-1d12-400d-8685-c5a653035464", "value": 3106744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697618971, "uuid": "45899444-afc0-46b5-bdca-8b6226fbe130", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697618971, "uuid": "80e464e2-4577-477d-8013-2e4c2c21d80e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b2f6435-6dd6-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697647898, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647898, "uuid": "beea0f1e-1159-4138-af3c-462dd7e0a8bf", "comment": "Malware payload", "value": "11a07aaf227e8201e41ca00f1daaab02", "object_relation": "md5", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "shtml", "colour": "#C89450", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647898, "uuid": "2fe43953-b24d-4f65-af7a-90f8e08a5fbc", "comment": "Malware payload", "value": "373c0acdc07661a35159142c34910a2e7020ec27edc7e5385903e561e4a8a70a", "object_relation": "sha256", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "shtml", "colour": "#C89450", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647898, "uuid": "156d16e4-5d12-49eb-9848-2e358efbccb7", "comment": "Malware payload", "value": "423eafd725159d53645cc253e141e100d745506d", "object_relation": "sha1", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "shtml", "colour": "#C89450", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647898, "uuid": "ab0f041b-6f40-42fc-af17-bb46c58ef02a", "comment": "Malware payload", "value": "19e45abf180e7884e75312fe98ae0a8e156d63d52343ed6fecbd5819f7d2e637b4c08075542c2c504ea0f29275054026", "object_relation": "sha3-384", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "shtml", "colour": "#C89450", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647898, "uuid": "ab61576f-a081-4ef2-b97e-5789739d8575", "value": "T10053801B7D4B855E0A20902D2237D154ED810A92360F9F68B47CEE6F5BE16D3F8AD1F8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647898, "uuid": "8c1a8bd5-5524-4dc3-92ed-67e398ec608e", "value": "768:Oo3+rgvKSbPAv9b4kcyHfjuItE8dXoVAvHzCC9THAYovifjSTGSOAq7b58:+UNyHi2cAHUeQq7b58", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697647898, "uuid": "2372d222-3d95-4dff-a577-67ae401ea7fb", "value": 62536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697647898, "uuid": "961f63e9-8edd-40e7-9c1f-5e4caeffef0b", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647898, "uuid": "f1ea0f67-0b9e-47e5-9f8b-4f859c075aae", "value": "Paymentswift161023.shtml", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "684473a1-6d65-11ee-8907-42010a9c0042", "comment": "Malware payload (IRATA)", "timestamp": 1697599280, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697599280, "uuid": "58744f50-098f-4e72-943c-e645c7e1c65e", "comment": "Malware payload (IRATA)", "value": "bdae330fdb84037c9f942e1daae0bd35", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697599280, "uuid": "dff443e1-6c30-4a74-a6d3-49b87da2f94c", "comment": "Malware payload (IRATA)", "value": "375ea6f1414af28c9b91d6657ea18394995f0f3b35e935c895bb0dbdfe3f6a4a", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697599280, "uuid": "87f23345-217d-45e0-ba00-8876d79b17dd", "comment": "Malware payload (IRATA)", "value": "0d2f89781298a759e99ab22f4d31f40a52b5283b", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697599280, "uuid": "b2ec0405-54c5-4a9c-aa04-e23657dcf6b3", "comment": "Malware payload (IRATA)", "value": "3abda0fbc4ff49fd5843f2c302f3b8d50e821c122dc95dafb4eb761c13c0da0cf391818ef391f86a6261ea6633c25f46", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697599280, "uuid": "ef0e1050-4c00-4053-8fdd-78a45a8a20bf", "value": "T190A533EBE776C415C2DFAB710766529118BF2D944E13A98BBD90332CD6B27F86708087", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697599280, "uuid": "6ff040d8-0d43-48bc-a100-92b4dd595a14", "value": "49152:AEVrexrF01i6lxLfdq8to3iPX9b8FePz5d3okT/CP9FFy8vLmK:A4rehFIi65q862tsilhT/CPLk0Lx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697599280, "uuid": "15274868-320c-4e6e-8d87-fa0b74a428c2", "value": 2239707, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697599280, "uuid": "e407cba0-5d12-4f42-a04d-0e45688fb5f4", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697599280, "uuid": "c38554e7-b701-4c16-ab8d-7485b5337f2b", "value": "saham.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1256f0d-6dd6-11ee-8907-42010a9c0042", "comment": "Malware payload (IRATA)", "timestamp": 1697648016, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648016, "uuid": "4a22c2de-92f8-4110-beec-80d75e9b64da", "comment": "Malware payload (IRATA)", "value": "168e4c688eaa40170558b9a566dd4d18", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648016, "uuid": "b07efa97-cf72-4973-b739-8943ec174c20", "comment": "Malware payload (IRATA)", "value": "38747004dbfc099701d03c3f1ee3e995783a33440bae2c95c8f734681988edac", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648016, "uuid": "c4b9f209-003d-4a14-9d09-99d94c16dc02", "comment": "Malware payload (IRATA)", "value": "c4437f6f91d8eeb57c856013d993d6ac019d33ab", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648016, "uuid": "7c325cb3-4315-4859-879c-0365722dec08", "comment": "Malware payload (IRATA)", "value": "1efafe9a37b700d6be08c38c9d927ed11ba619930a58279bd4435db28dbb6c332dc1bc5dd29f006b85c85b64a0c576e6", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648016, "uuid": "18e26be0-212e-49e7-abf2-54091abb48c3", "value": "T14F36DFD7F399686BC4F39372817613A5515B4C228F83AFC76D28763C28BB5C41E49AC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648016, "uuid": "e6982d6b-8c50-4bdd-9dbd-b8833e108096", "value": "98304:JPF7Sgt+88jegeuSgLCrgnnMVGuY25X9N3Rz0NdCa:JPZ4eqtMVGubTqND", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697648016, "uuid": "f2bae4ac-b014-46df-a1ec-b511edb11770", "value": 4947009, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697648016, "uuid": "d6ceaab3-a310-4c35-a056-dc5a39054e55", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648016, "uuid": "39f1cca4-8fe8-4a9e-87a4-db7b87ec88ad", "value": "KissLande.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0bcdec39-6d86-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697613298, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613298, "uuid": "b422dfad-c630-4f94-a6cd-7edf914a87ff", "comment": "Malware payload (Amadey)", "value": "d70e3ee6839a3d05931a12c3397bf464", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613298, "uuid": "3078ae25-710d-4857-aa37-2ba1740c8c14", "comment": "Malware payload (Amadey)", "value": "38754b705fa71cd3c0868a4a41105693bbb48017da92c1b5bb580f52e3960f91", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613298, "uuid": "264f9a75-b6bf-4d5f-8e75-943b986750cd", "comment": "Malware payload (Amadey)", "value": "61b5294c95cc7b4249f315e4f5ea5204e1f2959b", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613298, "uuid": "ea929f5c-87e6-4c42-8dac-901ad0a712ff", "comment": "Malware payload (Amadey)", "value": "ca02e2acd3b574a6284fa0b500c79aa709915e7b5333b0674849fd3d27651112442a23b75a811949192c2413a47bb701", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613298, "uuid": "bdc42b16-62cb-4643-920e-c4e38718a15d", "value": "T1E6352303AAD98563D9B137705CFA42C32D763D92CC7847AA3741AD8E4C632E4A43677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613298, "uuid": "f3a4b572-5d0a-4ae2-bd46-f412290c978d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613298, "uuid": "84ba1344-2569-4832-ba34-cd29b76ead9f", "value": "24576:OyIN58kpr2wNRfoVUlAUP2TnieQ+Rz8lKBDWF6FyCU:dINSKTfNyK2b6+z8IBI/C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697613298, "uuid": "42e7cc4c-2e52-4fd1-90c2-77d6392cd005", "value": 1099264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697613298, "uuid": "7b76c4e6-a0f0-4ec9-9b08-fae3954d0ce0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613298, "uuid": "c949e76b-1a67-46b9-ab9e-70c92471a016", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26570cd7-6d80-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697610766, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610766, "uuid": "0f789b3b-c59e-41b2-8b9e-ee4c90004145", "comment": "Malware payload (AgentTesla)", "value": "93f56023bb5705b74cd6de6bdd4d03e1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610766, "uuid": "e865b0aa-a8f0-4526-b67b-d61816d74fa7", "comment": "Malware payload (AgentTesla)", "value": "3919ad1d9e40d234f221440b20a11e1ee317824c4209238c81c83c9299de5762", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610766, "uuid": "53ac3083-78d4-45e8-abcd-edac58fbd2e3", "comment": "Malware payload (AgentTesla)", "value": "55074bccbf58836b397d1d0a2cf5c5904547782f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610766, "uuid": "972d3d89-2024-4fdd-9c1a-d67c3367b619", "comment": "Malware payload (AgentTesla)", "value": "c8a6ba00eda4bcbdbe2d733857388c54fd71cb0ff86ffeb5a15d780374e2b3b93763c939aeac0171131dd207f5ee7e0d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610766, "uuid": "895a7dc2-b8c8-4a7a-a911-c6dcf94c2010", "value": "T17EE41224226BCB1ED0F91BF68022F314CBFD7816A429D61D1ED604CD5AB7F988524FA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610766, "uuid": "092c184d-c00a-48ce-a710-c20d5ff3faee", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610766, "uuid": "3fa94cc5-bf42-46c9-abf1-c5b6272d6cbe", "value": "12288:vzfqBN+vkoWGUX0xu04/VQ7YUixO0edmn+HlPMTqMuIe30H:vT69o74s49YjiWJMuIe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697610766, "uuid": "eec71fbb-6b3e-4c04-8adc-a2a0e9956200", "value": 684032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697610766, "uuid": "c0cdecf9-57d4-4333-9857-8d7e2a08d9d3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610766, "uuid": "0a158877-6751-42b6-bc05-3cf12202d0c5", "value": "Purchase_Order,xlsx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "233fe83e-6dcf-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697644691, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644691, "uuid": "2f32b300-a0fa-4e75-b6ef-330bb4a60e52", "comment": "Malware payload (AgentTesla)", "value": "a5b7a0830d3315719fbf454a1aa42db2", "object_relation": "md5", "Tag": [ { "name": "0bj3ctivity", "colour": "#C6102D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644691, "uuid": "cb0d9630-552d-4083-a9df-3c7af8dd58f7", "comment": "Malware payload (AgentTesla)", "value": "391df00c7408a96b6f171c3665fb615c66daa3825087c6632b5d286d07b6b591", "object_relation": "sha256", "Tag": [ { "name": "0bj3ctivity", "colour": "#C6102D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644691, "uuid": "a5b39591-ec28-4e96-a7b2-4f106885e51f", "comment": "Malware payload (AgentTesla)", "value": "751b726114babe448036403cd1916f01864bcf72", "object_relation": "sha1", "Tag": [ { "name": "0bj3ctivity", "colour": "#C6102D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644691, "uuid": "22eac069-119a-4590-82e6-abd1991666ef", "comment": "Malware payload (AgentTesla)", "value": "bd52beacc4c1abbd40a127caaefc898e2a627ebe0f964ebca2d22f8994607ddd77b056c418640e4e8b514d4c1c07db36", "object_relation": "sha3-384", "Tag": [ { "name": "0bj3ctivity", "colour": "#C6102D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644691, "uuid": "9c71d4a0-c4ec-4c35-b312-da7dbc2873da", "value": "T16883A2F28362EECA9F3B1D84D03825846C5814EF761491EDFDC2A6E04BF9264AD758F1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644691, "uuid": "3925a2b6-1552-493e-be2a-921462b14e6c", "value": "1536:YDuBO/yW21ZFefZjIBGIlJh/FIdbk6gl2sSUW0QbEYFbZMGYbebcNlyBB:YyBO/t21jy+lrdIdbk6gl2sSUW0QbbF/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644691, "uuid": "3a16ada0-c293-4c5d-b50d-c05ca62014ea", "value": 88064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644691, "uuid": "6a802e00-21a5-44b6-ae2f-b5d67c23e790", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644691, "uuid": "eb6ed53f-a005-4d23-ba9e-4aa93520c7a5", "value": "193.42.33_1.91", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0e9337b-6d70-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697604126, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604126, "uuid": "965b572e-2cd8-4070-9871-e6170c6b4838", "comment": "Malware payload (RedLineStealer)", "value": "62914a3d73d59716bd8dbbbd947f6a02", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604126, "uuid": "058dc2fd-d8ab-4405-a964-d66d7d348956", "comment": "Malware payload (RedLineStealer)", "value": "392b896d41dade222537785cbb3b58da8fd08f09d24c0e39b3706a18cdf18a7d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604126, "uuid": "f19f9fa4-1a6f-4e21-9d5d-fd9c5c7d3fb6", "comment": "Malware payload (RedLineStealer)", "value": "64b7071bd1dffe8a3ff0fd0e859c510869f20b7c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604126, "uuid": "e2c10290-ee97-4fef-9f04-695fe816d271", "comment": "Malware payload (RedLineStealer)", "value": "27abf46a87bd12a1cd8271b827ca3ffa3584944df8d340d726c31d322ca89b038f91a6428f5d150d22079a5696e051af", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604126, "uuid": "9d4a3a1b-4dab-4185-bc03-a90be92a713f", "value": "T1FF743AC0338865CDCC8F8AF1512177748A70D452A257BB4B7C8BAEF73C5AB58AD451E2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604126, "uuid": "12762568-8098-4cd2-a007-72d1bcea6ab2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604126, "uuid": "6d9eccb4-8182-4d8f-933f-260645e109ea", "value": "6144:V6U+fq9+K8QyQP4jQXHXA/sEoOiboN1a3Ti:eqoQ74mLOiba", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697604126, "uuid": "5c9c2401-2696-4ca6-b125-fadac5b84dc9", "value": 349184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697604126, "uuid": "96e7d586-5786-43db-856c-cfff33a5c62d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604126, "uuid": "32f65303-eb64-49c4-9030-76ac5cb26ed4", "value": "62914a3d73d59716bd8dbbbd947f6a02", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "172376fe-6dc1-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697638657, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638657, "uuid": "7e178807-55c4-4e74-9e8d-b6dd9288cb7f", "comment": "Malware payload (LummaStealer)", "value": "2e18706979711659b03e6985e9beeb20", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638657, "uuid": "020150d1-a7e5-4b49-b8c3-1f895fae525d", "comment": "Malware payload (LummaStealer)", "value": "3a1c3178c43c4fe5468ed77d69bb62d928d4ec0648fda6e4fad3e9d231a1d241", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638657, "uuid": "fd6f67a3-8883-45b9-be9d-bb30e4855572", "comment": "Malware payload (LummaStealer)", "value": "44d2acbe097fbe9eb12371379dc307254c9dc6c1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638657, "uuid": "b75eb0d4-70cc-4c5f-9a0e-122f100f125d", "comment": "Malware payload (LummaStealer)", "value": "711b970d067c9439502dd611eed61e359bb683b2a7018188307c65cfe1dc177017819b98a7015b7bfa14ed4140dec480", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638657, "uuid": "d1eda9de-4ec4-44d5-aad0-f94f9dcce55e", "value": "T15D252361ABDC8432D8F657B018F317C3193A7D96D9B4E66B3341DA9D48B1AA4E03133B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638657, "uuid": "6b198444-daa8-4dd3-ae6b-7afb78f1cbd4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638657, "uuid": "3e97da0b-95e9-4c26-95a1-db8058405546", "value": "12288:PMrMy90Y5iX6u+5+1Us61VbwYi0A1u1ab0RhJZRMEtXXyKxJts4wqcAWndrPZrSQ:LyEX61NN5G1u1aboJVrKqcA6drPb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697638657, "uuid": "33d779b7-b827-4a9d-8fad-cd947d6f64a0", "value": 993792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697638657, "uuid": "586cb65b-a8b4-4881-bdbd-4bfc779e9311", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638657, "uuid": "be78fb60-2f37-4487-994b-ffbcffbd36d8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fac792c4-6db5-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697633885, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697633885, "uuid": "4b37510c-3e2b-4c03-9a47-3557c9a0784d", "comment": "Malware payload", "value": "16007c9e7e826857c5651790b4f6fd40", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697633885, "uuid": "d7280109-5a4b-4375-ac58-f801633cfaed", "comment": "Malware payload", "value": "3a3cbe0b1c0ede4633c5ea81096aef7daa1f7e78fcdc60061d7ee160be3e65e0", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697633885, "uuid": "f313f1b7-2ba3-4935-974d-de929bcbe131", "comment": "Malware payload", "value": "5877128e05bd04b6c3f12b073bc0464a96649d69", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697633885, "uuid": "f5ef8d53-f721-4ebb-8d04-f3a547776bad", "comment": "Malware payload", "value": "2f2be19d151bb0c74948cc6e33c34dd13c224ab39c04243eb1de49014b17e4d82fb8b56abdc25938bc2f085c0a1b8e70", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697633885, "uuid": "c71d2d0d-af32-4942-b57b-3f9ac63340e0", "value": "T1E041620F7017E7C1E1231B33294FD33AA4B897260F9252A3C568C0D9593A89E0E13D9E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697633885, "uuid": "57e068b2-8742-4cc2-8892-8dcf31cb9fce", "value": "48:0t+Q2qFQrIaE7kAZWsv73cXCRinquXkLNc9JDuNAeyQ1:Wh2qFsIzIAZhuMe7re/1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697633885, "uuid": "dd8601c1-9b73-4d4e-8a50-e86ffe549987", "value": 1878, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697633885, "uuid": "d3e5ca54-f8b6-47f9-ab2b-f4f4047d204c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697633885, "uuid": "3f4bbbc2-1210-4cf2-802d-d057d929bbb5", "value": "PDF.2300000390409003902.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6322651d-6d95-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697619887, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697619887, "uuid": "782cc5d9-6057-498e-8a32-4328a02627c0", "comment": "Malware payload (Smoke Loader)", "value": "f43a310ecaa49b1cb39cfc8671a4eb82", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697619887, "uuid": "8e451d98-c4a4-40dd-bf53-744010a44b41", "comment": "Malware payload (Smoke Loader)", "value": "3b7e76a597382a194137293fdc587ea0154b1eb70d0666765cf9cd3377516367", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697619887, "uuid": "384b6e38-d560-4467-9fc8-cf8016adc381", "comment": "Malware payload (Smoke Loader)", "value": "ca2725bbe9925131a7cb533b0f608c5d860c6b9c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697619887, "uuid": "cd207f71-3901-4bfe-931e-3db3641fea4c", "comment": "Malware payload (Smoke Loader)", "value": "6c6e2c9c68bbf52431ebdbe2cc009f4fa1fe373346db2ead92f63a31eb51b874a1ec5cc2be0818859eef3bca5b6e0b92", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697619887, "uuid": "7db956dd-76ae-47dd-9a88-a7067949c294", "value": "T1D23523027FC86423D1B527B014F316D35B3AFCA69E7847662742E8C62CB36D1E13676A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697619887, "uuid": "9badde0c-704c-4661-a9db-ecb7e71f419e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697619887, "uuid": "a6e2e012-9266-4193-afd6-655611b26fc0", "value": "24576:YyI4RPnYGZXCeUDP5sEdmQLnjNW4fauoqK:fwG+T55EKNF3F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697619887, "uuid": "2c6090e3-412c-40da-92c5-d64cbedbd79b", "value": 1098752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697619887, "uuid": "af726b22-72b3-40bd-b1cd-9d133627b224", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697619887, "uuid": "d24743ba-c347-4d98-83cc-40fa4617bacc", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1167facd-6d7d-11ee-8907-42010a9c0042", "comment": "Malware payload (RemcosRAT)", "timestamp": 1697609442, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697609442, "uuid": "7c6259f4-1478-46ab-8b28-1954ba46a243", "comment": "Malware payload (RemcosRAT)", "value": "9ecf791f3b738ea13a76e99ee0be7d61", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697609442, "uuid": "2db96b20-2833-4b17-9e24-f57b08d6e2a8", "comment": "Malware payload (RemcosRAT)", "value": "3bdd69de010f0f5eab2291127a6645fb8ed19f279276a6e7bf1122cf1937d61c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697609442, "uuid": "dda7e885-0f26-4ef2-afa6-70cd78d25eef", "comment": "Malware payload (RemcosRAT)", "value": "c6b384968acb3f7185f33a15015d887a4003df61", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697609442, "uuid": "8a1f0596-f7d7-4e24-b134-bb6fcf3410a3", "comment": "Malware payload (RemcosRAT)", "value": "f76afb3fbcfbb48b8c86a568528b1133cca23a57f8561391a6afd9b826e523b492133dabb6eb6e7662cd11b83c79e30c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697609442, "uuid": "092f9b0d-50c4-4bdf-a3a6-0e3c474cdeb0", "value": "T18EE4F1CB063F93BDD8BA197AC8C45D406766D97889D2268B7C02E1264D19ECFD4C39BC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697609442, "uuid": "6258b1f5-0901-4f98-b2d3-7b9194681b05", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697609442, "uuid": "5621f64a-d9eb-49f2-bf69-e2cb3161a5e8", "value": "12288:HEyEq+UwjUDcXhZYH0VQeHXUyLLHI+BLWkKm+V2VYrOiqoB:kWAjU9HHeHfN3KBV2Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697609442, "uuid": "6e5e26ca-df06-463d-b696-f0a4e4a34836", "value": 706048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697609442, "uuid": "3f51d964-1220-4652-9ea8-7f56e1e58f83", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697609442, "uuid": "779a0c1a-62fd-46ca-8c0b-f1abca4c2f05", "value": "INVOICE-0986556789000.bat.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc2b540f-6d56-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697593086, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697593086, "uuid": "9dd02213-9cbb-4ccc-97cb-d8e46ecd579f", "comment": "Malware payload (Amadey)", "value": "6dd9c71e8584ce7e508b741f734d46d9", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697593086, "uuid": "528d9028-8e17-490b-a2bc-e4a258fb6427", "comment": "Malware payload (Amadey)", "value": "3beba0fcd974f5165e5f7a9bd489dd5e5df8a79279d988b2831628b562369bac", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697593086, "uuid": "7f143ff6-e9a8-4377-b58b-b6ec372b6b8f", "comment": "Malware payload (Amadey)", "value": "72d7e5ea9a9808e05d89651d8ac591a6f0ea7ba8", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697593086, "uuid": "7153068f-d77c-4863-94c3-86fa531dfad4", "comment": "Malware payload (Amadey)", "value": "86e580e18a5b39c011794667b874f5580a7d6de986bd64484995e7604a38ea15572663b00ee6f7cc4da3c5d1e439b7d6", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697593086, "uuid": "9bd0e6bf-efbc-4d8d-8a0f-bd50b9cb3735", "value": "T1EA352313A6D8D472C9F467B48EF503830A757C6244B483AB7661FE0A1C723C9B476B6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697593086, "uuid": "f8998ad5-d2e4-4353-9a33-70f3384b0305", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697593086, "uuid": "892c6079-e1a6-44c8-91c8-1f63452ac549", "value": "12288:5MrHy90llU7pQfi+RAncUEgWspy533tE/Rv427JE6QLjy4gy1Js8I3sezKPqyp2k:+ytmfi+0EBH5qw6p4P1y/sTnpJC/2GG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697593086, "uuid": "c9978443-9873-47e2-bb6c-fd0e2bb8388e", "value": 1094656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697593086, "uuid": "efd5b5a5-0548-4a9d-9972-6f2d60983423", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697593086, "uuid": "a28bb689-77f1-420e-b351-f2fb9aa87fb9", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a30f9fc1-6dba-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697635886, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635886, "uuid": "fc8b808d-62a5-4663-a092-a30b4be4011a", "comment": "Malware payload (AgentTesla)", "value": "dc363b6052868aab9a332c698e1e8adb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635886, "uuid": "ece79cce-81d9-4ba6-af04-bb11f8833819", "comment": "Malware payload (AgentTesla)", "value": "3cea21e1e6e745af75da939a45f464f609caa208f65b43861c82d8df55b311c2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635886, "uuid": "d34ce142-8bef-4f74-b5dc-c0d533e537e3", "comment": "Malware payload (AgentTesla)", "value": "02bc8553ddc733c4664480d468eab5c5e7cb9cc9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635886, "uuid": "bb3ac283-d2cc-433c-8aa4-56dd2fb7285c", "comment": "Malware payload (AgentTesla)", "value": "71e28398e4d336e99c64ab92a2495309288c0b0fd1307056befab52f85e2843a5d4bf819570619abf4f631db449575b1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635886, "uuid": "60b571bd-f93d-4b90-a5a4-de2ac5558492", "value": "T19753262D938F41A9CF520237AB1A1E5442FDBB7EB38552B1346C533533EE82DA1252BD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635886, "uuid": "2997d52a-5d2f-4e3b-b8e8-4343efec2915", "value": "768:HwAbZSibMX9gRWjxWauHUnA3m5sBQZmuzCcziGnHGy3EFxnw6AAReuj3EeZb:HwAlRGRuHUsm5s0rHbX3EFxnWunZb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697635886, "uuid": "e84187fb-c962-4109-81b2-5778b7fa3889", "value": 62413, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697635886, "uuid": "b0550c99-2bc8-41db-b6d1-17fa69ff137c", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635886, "uuid": "c4d6c159-283b-4600-9bbd-53aaace022f6", "value": "bulkXOrder.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff2d3cfc-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (zgRAT)", "timestamp": 1697645489, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645489, "uuid": "082f7439-bcf0-4661-9c23-d3dfdc6e049c", "comment": "Malware payload (zgRAT)", "value": "d858b27c0eafa81b350acc9b742dc03b", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645489, "uuid": "86053853-b857-436a-a03a-e6b9a75a3fb6", "comment": "Malware payload (zgRAT)", "value": "3d288bff4446588ea120d875f639dc35435f061dd8dec13577e3325ce9c032b6", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645489, "uuid": "dddcffc4-aa8c-49e6-a4ad-02c316a92b76", "comment": "Malware payload (zgRAT)", "value": "c97a784b5785f14325b41da98c90f237905bba46", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645489, "uuid": "c9c13c5b-d479-4eaa-8a8a-5dbbdbd41031", "comment": "Malware payload (zgRAT)", "value": "3f3211b9f97b67b40556ad58acb229d44e3fe904f3616fc695ea70f8c32ca7c6b59388d2cf5f91e91a82c5a98f01c20c", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645489, "uuid": "ec672303-dddf-4d09-80e9-6faf4ffeb74c", "value": "T15B540E6425EFA04CB1737F631FDDBEE54E5FF7712A5A61AE3004031A8A52E40CDA5A32", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645489, "uuid": "ab9fb1e4-6d1d-4845-8c89-b2594587babc", "value": "3072:PXwXaek9Q8fL1Wy2uArbflyPXWTgMujPphPcpt63mGuMbFCtWEjetilv23DbvzsY:PgXa3zs2t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645489, "uuid": "a5ec2b3a-73e9-4a21-a7b9-3dd123c431b8", "value": 291956, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645489, "uuid": "888c7182-e828-496f-ba56-2117b4e0f398", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645489, "uuid": "ab4537af-a4c3-4ba0-977c-4b8371b86c35", "value": "cotizaci\u00f2n.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e916a06f-6da7-11ee-8907-42010a9c0042", "comment": "Malware payload (YellowCockatoo)", "timestamp": 1697627843, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697627843, "uuid": "18e7b319-d7d1-4e23-9cf4-8d807d8209c5", "comment": "Malware payload (YellowCockatoo)", "value": "5356c8b0859bf37f541efc6bcb2739ee", "object_relation": "md5", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697627843, "uuid": "b92a9ebf-c45f-437f-b900-ef69e17b7665", "comment": "Malware payload (YellowCockatoo)", "value": "3e619506023c7eab4515300acee7818e2e38267d9b53eca10cc16adf3010d915", "object_relation": "sha256", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697627843, "uuid": "5ad44cad-d6f3-46d1-b494-d125349edc62", "comment": "Malware payload (YellowCockatoo)", "value": "58596de447f06802d9d34952a14dc7e00c1aea6b", "object_relation": "sha1", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697627843, "uuid": "c5479cd1-c125-4c99-b1d9-f4f3dff2739d", "comment": "Malware payload (YellowCockatoo)", "value": "ca3473dcb95e32edcaf2763ed59ced761800d798d4221248b2fadfdc5b4a670d15d63fce8eac74ec47b455e33171f69b", "object_relation": "sha3-384", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697627843, "uuid": "df5d4d4f-6c50-4486-a704-3b33778a2e18", "value": "T1670601C4DB9D7367E292A94977C3562886B99F3D2134083AF1AFD984C0C231A9F607DD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697627843, "uuid": "a8df0710-5f8e-4a8c-b87b-571f0d6853c9", "value": "24576:Fagj27dHJSbnDfLYPGIG1jZsKSBEiOSoqbmFMP/PTreQU:Fa3peDfLYPGIajZ5iOS5bmWPHeQU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697627843, "uuid": "0daa19d2-ac98-4e5c-9633-9a0280c2b559", "value": 3763139, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697627843, "uuid": "e86d5b5f-b7e9-4164-85c8-0e12c13bcc97", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697627843, "uuid": "5ca6205c-0504-45d9-965c-e47f993658a7", "value": "installer-build 2.exe.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76122bb2-6dba-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1697635810, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635810, "uuid": "d8670c1e-08ec-4fed-ae63-b14dc92e9bbe", "comment": "Malware payload (Stealc)", "value": "d54bfbd18c4cc853111fb3f3782be15f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635810, "uuid": "0fe43391-097e-4f49-8ff6-b5236bb5e562", "comment": "Malware payload (Stealc)", "value": "3f3f671021a0029d6a83071f9f04ac3990e26ea8b07a42a76f3400b7d2c24198", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635810, "uuid": "92b4160a-b2dd-4faf-b85d-14ae0294709f", "comment": "Malware payload (Stealc)", "value": "951ca30ff95c986f0f4f5ac38a84e2855a874511", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635810, "uuid": "6f072d11-d517-4cea-9c93-fda3373af41f", "comment": "Malware payload (Stealc)", "value": "866051f8b2b70444d9e93916697a8c77a4265c3bde001b8d1bb2840e83103481753de4933ab60411639a2a50fb5de629", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635810, "uuid": "3c797c00-4347-46b3-a585-e3dbef1592cf", "value": "T1412523576BE89133E8B6177068F743C32736BCA089B491262B616DBF18727C0953673B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635810, "uuid": "18165465-4925-47ea-9d46-eda860a7a2cd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635810, "uuid": "6b751b82-9f27-494a-b3b1-94e10a92e19e", "value": "24576:jyX3b7krvcqxaoJtab1bUQTqqVwU0aHEyN686ik:2H/krvvNJta9UANw3GEyRT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697635810, "uuid": "c221cb0b-19fe-48bc-9a04-1b74ea69adf2", "value": 997376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697635810, "uuid": "821ef8b9-3b48-48cf-bb6f-802e66982fbe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635810, "uuid": "f1876ec1-7759-4c6a-bf90-9d0c082e272d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5ed3384-6d62-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697598148, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598148, "uuid": "9f0fe823-7581-4b2c-9b25-b604a3a3813a", "comment": "Malware payload (Gafgyt)", "value": "4a6ab473dd0f0ba8dd2531ce3a48d8dc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598148, "uuid": "41695d25-17c6-4274-a666-fa6a2400724b", "comment": "Malware payload (Gafgyt)", "value": "3fadec27064a62b395ac2ee9bc1237a167e285893fd2ba3c44e2c97427ea9301", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598148, "uuid": "5214cd5c-8712-45bc-9c51-ac6e5e7edb64", "comment": "Malware payload (Gafgyt)", "value": "5a692fca0a0924fdcf4484fe6300f978c754a0a2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598148, "uuid": "f2d177c8-b610-4277-b1c2-de2ed15afbc3", "comment": "Malware payload (Gafgyt)", "value": "93948ba9188809bebd924f0d9b933bbdd1beb76365d9461a1a4874ca60a990249955efb413d95e36a48b1b7a36240251", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598148, "uuid": "308cdf2b-7930-4337-a4e1-cc1d6c906572", "value": "T1D5B318377B270E63C0CA147112D70732AAB5C6D938FA5397B9E06DAC2F16A843916FD4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598148, "uuid": "33d13606-8bb5-48a2-bbc6-1477c3e96e01", "value": "1536:BXYQBTSNM5+ZtzOftEjWphmdddddTFOrJfIVmYj1EPZjDbfKasj:B7TSN8+DOfvphwQ6VmK1EPZHbfvsj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697598148, "uuid": "5893440e-6c74-482a-82fc-27c632975953", "value": 108147, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697598148, "uuid": "d67b1be6-21cb-4728-9aa9-43680779ae55", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598148, "uuid": "45dc5252-0b6b-44ac-99c7-394944c568eb", "value": "4a6ab473dd0f0ba8dd2531ce3a48d8dc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78cfd0f6-6db3-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697632808, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697632808, "uuid": "1dda3c75-64ce-4988-ac3d-7cad62622764", "comment": "Malware payload (RedLineStealer)", "value": "ac2586a59db586a8a4c08be2566ebd79", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697632808, "uuid": "03700bd6-5c2a-4124-acef-c4b9fd59cb0d", "comment": "Malware payload (RedLineStealer)", "value": "4040499e8eccbfbb5adcbf94ae9de18ba0cff7df77acb29980a9dc90da988b43", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697632808, "uuid": "aa991cb1-762e-4246-accf-a7060bb95a0c", "comment": "Malware payload (RedLineStealer)", "value": "66945cc15be93c19452855075130cdd5420413ac", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697632808, "uuid": "5b2c9667-9084-4579-949b-a091b42df66b", "comment": "Malware payload (RedLineStealer)", "value": "379a4064bca1f11397c369283ba819c2f71ff5e707c4ec97d525347fafec87bf7dc5b0c02402640d3eca262257400572", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697632808, "uuid": "ef52c28b-3026-4341-8559-b5174fe6d8f3", "value": "T10C252302BFD48472E9B413B02DFB03971B33BDA14C34AA5B37565C9E49F2658A97132B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697632808, "uuid": "19172822-2bbd-4375-adf7-636e42f8a407", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697632808, "uuid": "79d8b377-29fc-4cf4-80aa-e4b5cf9f8a67", "value": "24576:IyqFc2liCxdHnsUmxEsZdfQsDfFX/mkpHrsSsrlS+4b:PqFxwCxdHrgEsvoY9ukpLsJrlq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697632808, "uuid": "bc345a64-8e6c-4288-a340-acb9efb6af68", "value": 1002496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697632808, "uuid": "1d6a1b47-4871-48fb-8bba-8ea287bfefe2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697632808, "uuid": "f144b0ed-a191-4f39-b06c-f0891f9d73f2", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd9f1ed0-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload (IRATA)", "timestamp": 1697596443, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596443, "uuid": "d6c7d9ad-2268-48d2-9c9f-3dab563a39aa", "comment": "Malware payload (IRATA)", "value": "6b4a0b7e60b2c9d968dabd0af8f184a9", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596443, "uuid": "bffda129-fe27-4a93-b3cc-ac907dae24ce", "comment": "Malware payload (IRATA)", "value": "411bd54a04b5763abf970f0d53c681722647f013d7e35df7d27599375d38b62a", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596443, "uuid": "d1c12bd9-f60d-409f-99ac-b2e12a25d2e3", "comment": "Malware payload (IRATA)", "value": "cc47e592cf5d1c39cea16a7d6f5c73d4fb227538", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596443, "uuid": "eacfc828-6ecf-45c5-938d-561c82938f1f", "comment": "Malware payload (IRATA)", "value": "d667601317b7eb1943dc4192b773007512c66ae029e0832939c636f98d9db815b3d5875eb3f2dbe35788234cd70ec9d9", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596443, "uuid": "5af342f7-c63f-463c-bc76-9c846d6444a9", "value": "T1E2D52293F362B81BCDF2D37221A12635503A4D659B83B785691837FE68FBDE84B841C4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596443, "uuid": "6300ab6c-1d3d-49af-81f8-0e11fddcd12e", "value": "49152:1/6EtnkCBF0vqLqo0JzeiBzrj0JA8obkl2ITyYJxUWOV9NGdgCph+EX/vU:t6K5ByvqLnkeiBeRuklVTFHxQGdgEE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596443, "uuid": "226c7c84-0dad-4df4-bc18-445ae9f9038e", "value": 2834562, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596443, "uuid": "12df32d6-1838-4149-a8b2-82d4ea60227c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596443, "uuid": "d47e6533-d627-47d3-ad6e-b5642085aa0d", "value": "app.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96198879-6d84-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697612671, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612671, "uuid": "3dc83fd9-268b-4889-8650-dc2c68e6f4eb", "comment": "Malware payload (AgentTesla)", "value": "e25e15eb096d884c88cce0f4e079d2de", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612671, "uuid": "9d754d06-b82d-473b-ab95-f9a827d3e45f", "comment": "Malware payload (AgentTesla)", "value": "41ba24841b5058d02d56f6e4bd187bd7c9f6ece97f38c682a27bfc26748e4c5f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612671, "uuid": "e30070b2-89a2-48d6-ba0c-280bc04f2d89", "comment": "Malware payload (AgentTesla)", "value": "e482ac1f5e6bc7bced49c3f35460b13fb486f38d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612671, "uuid": "e6a23601-1c6a-48b2-a0cf-c31ac4c79e02", "comment": "Malware payload (AgentTesla)", "value": "4c026a7862f99cbba00763aba3721aed429f9fd2aea127dcb611dc1b34fc8f6126fe45ed9cc6cf4f71972c67dc1b3e65", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612671, "uuid": "86913ce3-acb6-4733-bd69-248034a151be", "value": "T171E423047B59CBA9E76A6FFC198011441770E0366B62EB3E4EC622EDD969F07704AF43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612671, "uuid": "7887f6df-3b97-4033-9788-33b09254dda6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612671, "uuid": "c56122a3-d678-4d6d-96bd-9c3cdf9b9456", "value": "12288:CADJ92Iz6WKkyDjW6jFxrEW4gDdpJiq20V4O63BfLH8TwYWGXM:h/b6NjfVdvRWh3BfLc7XM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697612671, "uuid": "cbc32af0-a447-4bc1-90ec-43afa41d96c6", "value": 673792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697612671, "uuid": "8497142a-d741-4341-90b2-6b4b0ef0de26", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612671, "uuid": "849e1f30-7ca3-4d2b-82d8-9efe499f2436", "value": "e25e15eb096d884c88cce0f4e079d2de", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "32946316-6dc2-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697639133, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639133, "uuid": "c4cd71a1-6f98-4021-8b29-a192fd7d13b7", "comment": "Malware payload (LummaStealer)", "value": "a5bde891d8967b730e74bc007ac50ea0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639133, "uuid": "d38ae70c-a2c4-45d2-85f7-2d9e30c8db77", "comment": "Malware payload (LummaStealer)", "value": "430505833332bd7ba1eefed3b062ada63f8bd4a3878cab26f2156900969f9a98", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639133, "uuid": "d9dcfc58-bbcb-4b28-94d3-5f80831bf833", "comment": "Malware payload (LummaStealer)", "value": "fb2dfd703dfabec0e0a2164ab2c36c255ba1c0a0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639133, "uuid": "74c3e375-ceff-4c1f-862f-5e9f48b43750", "comment": "Malware payload (LummaStealer)", "value": "503382efb2019bd8be575bf6cc4ea7822470313d9642f070737d847813242e1f809e2530c8c980920bab0ee6f0dfcd6e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639133, "uuid": "f9a44860-b086-4e10-a0a7-d19bd57e3317", "value": "T1E65523926BCD8133EC6223700EFB5AE31B317D906971C2575BD5A8AE0D72681AD72337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639133, "uuid": "56035aa1-0906-4023-bc29-6d7fa3f298a9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639133, "uuid": "89bc1190-a84a-4990-a088-08a246f7be07", "value": "24576:6yuyJfCRZO8v7jKwi6QW4owYcKyGqCzb65rTUCpSZmy3RkAxLy+IOB:BuyJCZJjpPwYucb69TUC0Yp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697639133, "uuid": "e7cffc05-cb3e-468e-85e9-123a0a8c5eeb", "value": 1338880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697639133, "uuid": "053b1658-5f1b-4690-aa10-d7bceadd8d53", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639133, "uuid": "df0f1ff4-bf45-4b1c-b137-af05b1266455", "value": "a5bde891d8967b730e74bc007ac50ea0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e652155-6df0-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697658910, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697658910, "uuid": "8f6989fb-9c52-44fe-aa97-d2509017bb9b", "comment": "Malware payload (AgentTesla)", "value": "9f4a0b1ab90f52b39a2fcfad4edcd7b2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697658910, "uuid": "05dab90f-0bd7-4dd2-a64d-7cc9846edf5f", "comment": "Malware payload (AgentTesla)", "value": "4316bebd7893238fab61d5cc2a4bdca1d65ad8f631347c949485b0c3a3b1353b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697658910, "uuid": "e1e1583a-f3bf-4ef8-94aa-ddbaa72025ca", "comment": "Malware payload (AgentTesla)", "value": "65028576a06f812470bed3f4150376376b453f80", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697658910, "uuid": "a8bc4b75-ae88-4250-90aa-01dcf1e65f1e", "comment": "Malware payload (AgentTesla)", "value": "e24ea281c515359eb18af540952f3dd61362d77b497991f46ce30c82ccd02cf1f832d577ba9f19d1022cd49a7365a5b1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697658910, "uuid": "e63bc359-3ad8-4b3f-99c3-4c255121f552", "value": "T169D4012923B86F1BE6B907FA8074545013F4196E2530F2EC5ED2A0DE2DB1F14DB42E9B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697658910, "uuid": "ce6abc68-fce2-4626-9272-dfeec77a4dd1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697658910, "uuid": "2f14c765-2437-4262-9163-2446f3f2c768", "value": "12288:/uX9K2ZWS6fGmkaR2WzUZtBSpuxSjTyvN8pHQ2w9gr:/utHWX+hm2cytBSowjTYyQ2m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697658910, "uuid": "5e30744d-9625-43ff-b4bd-e96a3befd6e1", "value": 645632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697658910, "uuid": "bc35d12a-fadf-4578-aedf-aa768cd81427", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697658910, "uuid": "27a38d27-82fe-4de8-98db-1f36a2743d00", "value": "NEW PO.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8739d72e-6dba-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697635839, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635839, "uuid": "5b5abb0e-6581-4e34-ae42-97e99d840418", "comment": "Malware payload (AgentTesla)", "value": "72f4a573e31a2357922cb538aa648019", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635839, "uuid": "89d35112-07f1-4581-b913-7770572aa73c", "comment": "Malware payload (AgentTesla)", "value": "440a08d828533e66f8e753ddeb96cbf38941efeff40dde48bbb70e0257a3ab4a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635839, "uuid": "25e58fc0-cc3f-49cb-a8dd-8b34cf02d131", "comment": "Malware payload (AgentTesla)", "value": "59c9c735a731e3607ecc50b3cb66a402a9fad073", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635839, "uuid": "cadb9db9-41f1-42cd-a2e5-5ecd25cef2da", "comment": "Malware payload (AgentTesla)", "value": "09b0030790439d430d52cdbb8b34169d09aa73275beed896404482473b78dcbe2a132aeb61efc85983439dead40a2216", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635839, "uuid": "a974563d-9087-471a-92f5-1e9b7e601732", "value": "T1E774E022F65A9DB1C3516FBEC7CEA502175AB109ED83E75E7C8D1397060B3A0CC81E66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635839, "uuid": "3e315321-479d-4948-bfdf-ae1b8d96a7ba", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635839, "uuid": "d9f694ed-d91c-424f-8390-a5a7e3ae5fc8", "value": "6144:GmeFXK+H5SgnzhNzG2S/yqhg2R+hAgShVtELEnz+yvsZfYg/6HcQBE2ycpgY:gPHUgO/ydh8tELExvmAgC8QBE2ycpg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697635839, "uuid": "93d8b579-0a6d-4564-a854-b8e695818292", "value": 370176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697635839, "uuid": "059fa31d-50d0-475a-9882-1717056a79ac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635839, "uuid": "a0e70fc2-1331-477b-b1dd-e797bba00c50", "value": "PO 0000342.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94ec7a60-6d70-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697604079, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604079, "uuid": "81e16024-dc02-42e3-a8b4-bf598be7de2a", "comment": "Malware payload (Mirai)", "value": "7738a75ddcd40dd06c78a5f1d75adecb", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604079, "uuid": "99e0fc76-1702-430c-83ab-51a668e2b4fa", "comment": "Malware payload (Mirai)", "value": "4505e0cd7b10a3900ed17ceb980443533a3acaf03af572979c9f976cb2ca020f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604079, "uuid": "0ca08303-103f-42fd-9747-00008e7a9c65", "comment": "Malware payload (Mirai)", "value": "a8eca06c4a75c2d7816ee063d11055f473098959", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604079, "uuid": "c93c3104-4983-4494-b079-324af1d11e6f", "comment": "Malware payload (Mirai)", "value": "941835f5c6c283687408f917259ba2b6136279af80b84c4fed97d83920447752df24fd17463619e5edf756cb2f5d1476", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604079, "uuid": "ea8e7d1a-c3e8-4cf5-beea-b995767df9f3", "value": "T10EA2D020690A9F71D191683FFEBDCFC218B70AA9F4F272B124428B58B5AD10D50F434E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604079, "uuid": "4cfd96ea-a5c4-44fa-befd-f8bb9b570fd7", "value": "384:0F/uxcqdFkTB08WMleXFMKb8/kEehSY9pbYlBCJ/cyHhymdGUop5hKO:sWxcGUB0HGMb8/kRZ7bYlAJ/cyHs3Uo1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697604079, "uuid": "bc943684-aedf-4f49-b48d-0b47b5ab5e84", "value": 22124, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697604079, "uuid": "07d2d8e3-c774-4418-a63b-9e4492ecbd5b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604079, "uuid": "77f16bb3-2db6-42d8-88f1-9577de7406ad", "value": "7738a75ddcd40dd06c78a5f1d75adecb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd6d4553-6d62-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697598134, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598134, "uuid": "a5d54a68-26a6-4fe3-b8d6-906d17818f7f", "comment": "Malware payload (Gafgyt)", "value": "ae9bca6b163deb4675496cfd7e06141d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598134, "uuid": "d2ae9b72-48d6-44e6-8451-104062b932b7", "comment": "Malware payload (Gafgyt)", "value": "45448892dcf8380a7539e4c468c03172bf30c99c75692b9196596d8e0293a15f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598134, "uuid": "44574071-0975-4d22-a5c2-afd19f799a3d", "comment": "Malware payload (Gafgyt)", "value": "6f153b8d739f0c81f45688e5da06045f8f2cddc0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598134, "uuid": "1c83a066-287e-4e6b-a079-32e21b23ced8", "comment": "Malware payload (Gafgyt)", "value": "1d5827fc1c3709d4e5c8f61d4802f96c2e5698166efbfb1bdee78d8df60c8f26c3397e972ed988bfd6e5fc3590b65f0d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598134, "uuid": "f4802d95-ba99-4889-a8af-393d4e4b67ac", "value": "T177A31A63F800DFB2F40AD67604D74B25B630FBE60E931662735739A6AE361D52823F85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598134, "uuid": "6a02965a-d282-4f9b-ad4a-d0024dc36950", "value": "3072:kJ2mwR9tBfibxhVrrr9yj+UJ3wTlmK10PZHbf3Fj:kO7tBfibxZyjfJ3wTlmK10PZHbf3Fj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697598134, "uuid": "d68162af-55d8-4d4e-b254-a9fe15c341ff", "value": 101648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697598134, "uuid": "917026a1-aeb1-48f1-bb8b-5bf21f024145", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598134, "uuid": "5aa1a27f-18b4-4eb6-9ba4-c7f770134b4b", "value": "ae9bca6b163deb4675496cfd7e06141d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd6dc75f-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697596524, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596524, "uuid": "1ba184ff-5f3a-46b9-bce7-e23ed3cef447", "comment": "Malware payload", "value": "e9b9d63911594d6c1598bf01cc833849", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596524, "uuid": "58769503-fa98-4fb4-b8a5-161c2941ffde", "comment": "Malware payload", "value": "45fc481e0460f0da7a84690bc846890326fb3d8b847d7ac7adff5015802c9ac5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596524, "uuid": "868caf63-004f-48e4-b8af-0334432ebc37", "comment": "Malware payload", "value": "e457aa503c63f3f139cf93cabf25585b133014e0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596524, "uuid": "a93584db-e7dc-46cc-b29e-37de313498f0", "comment": "Malware payload", "value": "b3ec50cf72d4c22e947b9b7c0198ab45fa1eb87a91258fc2b0c34ed5ea4532d3c92c4e942b52c7a93b6cd08bab0e7f61", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596524, "uuid": "8aec8a01-a86d-4329-be68-cf7e554b015b", "value": "T1B1C46C76F6D08533C2736E78DD5B92A8A8367E913D29584A3BE81D4C9F387823435393", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596524, "uuid": "81566223-e8cf-41f6-8488-515fcea63004", "value": "6144:01DUP4LFgxc2CI3GIR28q+4IeNqLv/jPPPjnLX/AbypE1Eqolj:GUQLFgxsgpgIeNcLPP3Ab8E1B+j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596524, "uuid": "2ea2808a-1f50-43df-a524-16def135a05f", "value": 569856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596524, "uuid": "3e27fe7d-f1f7-4f7a-8c69-f09761f14d74", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596524, "uuid": "20c2bc80-07a0-40b2-8971-58666a0e307b", "value": "SecuriteInfo.com.Win32.Delf-OTM.2843.18030", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54e8b70d-6dd2-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697646063, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646063, "uuid": "d42319bc-5bf2-4ea1-9fd7-02a7530c1658", "comment": "Malware payload", "value": "bcf91be0d8ff593ab085fcd7f14bbc3b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646063, "uuid": "73d922a9-fcd1-42b7-b3ae-e6c83f2b07b7", "comment": "Malware payload", "value": "469981acf9f08fe587adf5bf98ec0a68628bd55fb1041a2e348bfc5e7d12d33d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646063, "uuid": "98202d66-7924-453f-9ce0-a6df41c37759", "comment": "Malware payload", "value": "11c0a0d1bcb6cdc60fe8570b505e1fb9566396f2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646063, "uuid": "e7bf4042-4046-4f49-86b5-42b4b57c7929", "comment": "Malware payload", "value": "ff9c5b8f61e730dbf0e8fc3a678b1df526e5eebfbe0662d3a2119c029a80f90443159a1cdee5f415a662dcc3aff1630f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646063, "uuid": "c2ee8785-6adb-46d0-a7ce-2bfe9ad356a2", "value": "T129559D71B402D037E1A101F5A67E9BA611A9BA3017AB08D7B7C05E7D94F1DC36236F2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646063, "uuid": "f4c0818f-aa6e-47d5-abf7-36e6597b107d", "value": "d0a056364cb56fcba1362a2948fd000d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646063, "uuid": "626c0a58-624d-4544-8d73-f9c1e0df6357", "value": "24576:R6kGQinz+EqbUuGe/Ncfy8YtKu28CNSsbQJWdBaFkxLfylTeBGlZaCx8tmrc9jc:f3qqEJUQFWCjbQJW3aFkxL6lTTlZaCxn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697646063, "uuid": "22e49428-3a03-4ebc-a5f8-eb797e364e7c", "value": 1343488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697646063, "uuid": "26d85a8a-91ab-48b1-8a84-e580fabe91ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646063, "uuid": "d38ab134-d774-498a-b189-a948ee20c506", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f42970e-6dd9-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697649033, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649033, "uuid": "a8cbcce6-012a-4991-8fea-66843af6555b", "comment": "Malware payload (RedLineStealer)", "value": "b4f33eb3a002cc7fa1a8255cb720d6f5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649033, "uuid": "19f01b5f-e965-482d-8c2e-65ec3945271f", "comment": "Malware payload (RedLineStealer)", "value": "470978003fa355597b4ae99a3859c5416606126c1caf664a992d0705d1976eaa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649033, "uuid": "719cab2d-2efd-4dd4-9ffa-6579ed0f18d5", "comment": "Malware payload (RedLineStealer)", "value": "62c9053dab647db4f8bba618381e635c313a32ed", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649033, "uuid": "b6ea8c9a-12d2-46ba-b6a3-4aa58e2f4333", "comment": "Malware payload (RedLineStealer)", "value": "1a18a7663004b48dec221054f238ed6f33a0dee31130efc211ea643198317a8a7f1a774d354b20400fb800dbfa8c263f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649033, "uuid": "3e994fb1-610d-453e-be4e-be591e074f13", "value": "T14FF42352A6F88032D9B26B701CF712830F3ABCA19DB4835F2B05595E5D736C198B1B7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649033, "uuid": "58dceb3d-ecec-4322-b8de-ae9078672ce8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649033, "uuid": "9953c945-0e79-4d8b-91a4-0a3b937252f1", "value": "12288:IMrPy90Oq2TQd16e+H455ouY9J7CrVwE8M1FGfsWuNZK3K0yrfPfYBRLeAb:XyHq2T0b05ber+EjGfsl3rfPgLLee", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697649033, "uuid": "9eb4be7f-4a61-4ced-85a2-ab22496c15e4", "value": 755712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697649033, "uuid": "bd13f39e-7374-40b7-a8c5-e9e3b144f9e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649033, "uuid": "ff19398f-db97-42dd-a959-f61f435de661", "value": "b4f33eb3a002cc7fa1a8255cb720d6f5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36fca752-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697645153, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645153, "uuid": "5ab7a9a4-7ada-4a02-9321-ad10969a9c95", "comment": "Malware payload (LummaStealer)", "value": "c2fe59d13e81fc6e275ff9e8e3c51bf4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645153, "uuid": "a2bc9846-01e3-4aab-8c90-e5f252f6b7af", "comment": "Malware payload (LummaStealer)", "value": "47450287dbb0833027118daa007d1e6fedbd1778480a3089e141692d7d6f8707", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645153, "uuid": "d56794a1-101e-4589-8940-6e40373d7950", "comment": "Malware payload (LummaStealer)", "value": "21f19600597defac8b5759058c29b234f9a6e189", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645153, "uuid": "c99059e1-0a22-427b-aef4-5d3487026284", "comment": "Malware payload (LummaStealer)", "value": "5e16cb285aae59b0063632d89d1153a6ec1e246f3166d8520a6ba45ab8a86842a0f8179bbeaed1f48373a65c672ad43f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645153, "uuid": "18f051ed-4a53-45a5-8728-07c8ca2410b2", "value": "T1F4152312ABDC597BD8B213B004F713D71D34BCB6987C632B2347A84958B2698A43677F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645153, "uuid": "056c69a8-0aa8-4a85-9877-8ee944458a1d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645153, "uuid": "fc986b2a-d9d8-4ef4-aa3a-e00a139991b9", "value": "24576:byu6xSX69qRidr/IX8NYtongabx5kbGBR8Jv:Oo6oRitIXHEgajk6BR8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645153, "uuid": "cb50f2d6-e604-4fea-9bc9-9d81b21aa562", "value": 894464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645153, "uuid": "29561f5e-996c-413e-ae66-a7d366074196", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645153, "uuid": "1cfd57ef-307d-4a11-a1bc-77bf975ca6d6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50fd57ef-6dd2-11ee-8907-42010a9c0042", "comment": "Malware payload (RisePro)", "timestamp": 1697646056, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646056, "uuid": "1046ed51-97ef-4a8b-a67c-e0179f8c0950", "comment": "Malware payload (RisePro)", "value": "bda20611aa423d70259401ad0c2f62a3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RisePro", "colour": "#92F3D0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646056, "uuid": "1b5816db-9c55-4ee5-b6a7-622ef7660717", "comment": "Malware payload (RisePro)", "value": "47c26c978e619a104692f7d60a9684cc8ad55d11ebefeeffb97be314c9576fe2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RisePro", "colour": "#92F3D0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646056, "uuid": "558473a7-2ebc-4316-99e9-1d18f1daa8ab", "comment": "Malware payload (RisePro)", "value": "721a516f134a99cf96a440719bce00b38e9bf3b9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RisePro", "colour": "#92F3D0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646056, "uuid": "51637afc-c421-4a7e-a0b5-5ca8f19a26d4", "comment": "Malware payload (RisePro)", "value": "9828a921a4440dabaa6c60007be9add9389a75f672045f343122211161537f4713dc710e71a85817861dde907efc0dc9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RisePro", "colour": "#92F3D0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646056, "uuid": "8c8cb13f-22b3-4540-98d3-2672b9a6a701", "value": "T1C3559E71B502C037E1A101B5A67E5BA612ADBA3017AB08D7B7C06E7D94F1DC36236F27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646056, "uuid": "d3bcbea8-92fb-4d7c-a9f3-8346086aa2ac", "value": "b625b0422748e8ddd8a2e69ebe413b45", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646056, "uuid": "1b63b82f-71b8-4b8d-a506-237cdd775e20", "value": "24576:pX/PGdRrw/fJJE/tFxwZ00sH7jctXIcesb6p2s91hBHk4TCJE5BGcvUNxw:Uxw/hcSMKIcb6p2+1hBE4TF2cvUNxw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697646056, "uuid": "7610a9a1-3e0a-4b67-832d-e12d97f36d41", "value": 1303040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697646056, "uuid": "096f6a42-0122-4a6c-a372-78c0a0b009ac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646056, "uuid": "df7465d7-8a0b-458e-ac8c-e7a9bb84ce21", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd12ebc7-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697596523, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596523, "uuid": "cae51530-2c9d-4102-9655-f63f11153947", "comment": "Malware payload (LummaStealer)", "value": "3898e8f6d05c30ca66f1d420aba1b30d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596523, "uuid": "5e5c24dd-11c9-49dd-9d3c-1af65d2b7be9", "comment": "Malware payload (LummaStealer)", "value": "47caf3a173c4238b264e6e7d08b5d72c26dcae352c70702ed5de4e573196ed23", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596523, "uuid": "d8cad4fb-8b4e-4545-b42b-3e98a034f6d5", "comment": "Malware payload (LummaStealer)", "value": "edbc94afcd3d7220c6b2f17d580950b9dae3e1ca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596523, "uuid": "f8065bcb-68b8-40ea-823d-59ca92ba0f99", "comment": "Malware payload (LummaStealer)", "value": "7de559ea3a9d082fa6875fb97b593c85ef443a20c3436cb2580d91f6f68f3b7134e652d780da3c0a5fe20d7ff6cebbd9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596523, "uuid": "948a9cf2-1942-46ff-835b-722f595ee8a4", "value": "T154E39E0175C0C0B2E572193506B0EFB15E7DF9300F546EABB39856BA5E34AC08B6AD6F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596523, "uuid": "b29a09c6-c508-4943-91c2-3c671d8eeeb3", "value": "89b4938a013d6b8954f68c2ef1293c62", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596523, "uuid": "e12f8a19-5629-4f42-99cc-e6a51b5b4ea8", "value": "3072:IWXJsU12HlWCnUewNzrQuUUpBt2973rC9wmaUtjt3LDDPoJ:bJsICnU9Q8kUt9PoJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596523, "uuid": "587b6c2d-4924-46a9-9aef-3b7f960d4eaf", "value": 151552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596523, "uuid": "85ebd90e-a3f5-4e3d-a125-0ef1a23a91df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596523, "uuid": "e8a26420-472b-4160-b0ac-e00566efef15", "value": "3898E8F6D05C30CA66F1D420ABA1B30D.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a28ccb1-6dd6-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697647789, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647789, "uuid": "fe5c0963-b86e-4eb2-9d92-55506dac22fb", "comment": "Malware payload", "value": "22f1b04972d405f88b5e099e14db28d8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647789, "uuid": "bf7c21ad-e622-47af-9e4c-4c6cfb0e80dd", "comment": "Malware payload", "value": "48499313b2e9501cdfbd77a94fe5cd661a9ec3dc1227736988fd73ff987fd06a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647789, "uuid": "f00c5149-d400-40bf-82b3-04c8e7a81058", "comment": "Malware payload", "value": "8455abdb074b6a7497d5eb4d0e9de4d9ff49dcc4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647789, "uuid": "39392bda-3ad5-411b-87ae-4a4fe038a374", "comment": "Malware payload", "value": "7860d3442a27d6f7f4e752f2d363ecac078f27b9415c9c6274bf73bf5f22ad5150e6a7ac716b5c3f41cb1bfdaca142c9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647789, "uuid": "bc06b144-7898-40eb-a4a0-7c6eceebd3f0", "value": "T133559E71B542C037E1A101B5A67E5BA612ADBA3017AB08D7B7C02E7D94F1DC36236F27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647789, "uuid": "f9dbf693-d661-46bc-91c8-146deb9bbdb7", "value": "b625b0422748e8ddd8a2e69ebe413b45", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647789, "uuid": "b83eaf63-753e-44bf-885b-44ebff0f7b8a", "value": "24576:/f/x3GREuffZSCmQ1QwZ00sH7jc9Xbcesb6p2s91h1w+MTCJE9BOcvUNxw:sWufhH9Mabcb6p2+1h1hMTlScvUNxw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697647789, "uuid": "3585f7dc-29d5-4640-bff4-24fb6bb60d70", "value": 1303040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697647789, "uuid": "e022736b-865c-4d1c-abf2-0d1b32d3525e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647789, "uuid": "5e490ba1-be8e-4c06-bb4b-5071f4850b13", "value": "22f1b04972d405f88b5e099e14db28d8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ebd230b3-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (WSHRAT)", "timestamp": 1697645457, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645457, "uuid": "839e63a0-82e6-49ef-8add-c36a50885bae", "comment": "Malware payload (WSHRAT)", "value": "e811c4c9c880e3fae8bfb0cd7be6a4f6", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645457, "uuid": "818ab2e6-ee32-4f34-93c3-27d09026ef97", "comment": "Malware payload (WSHRAT)", "value": "4a41e0418949914320454262970d1c878a37b2c01b48a7e92047f536771bf6f9", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645457, "uuid": "fa27e21a-8c3b-461c-91ea-6cbc33869e48", "comment": "Malware payload (WSHRAT)", "value": "b329fe66df345f51d229f5b76069a1f1263a1c2b", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645457, "uuid": "38ea38d1-b926-4245-82e5-a4c1ce616e08", "comment": "Malware payload (WSHRAT)", "value": "ab0160c0bfcecd2e0984ceb5260766c33a9648a581f7e7dc79af72ae98e7d653b802e2351507be2d2885d056024ff3a3", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645457, "uuid": "aeac0b10-f665-4818-a89c-e4a542f08fee", "value": "T182F1951DB60070F02AD9BF3615A314017FE776B96E32717D85AA9A3C60726E41F2D8B3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645457, "uuid": "3bd4c14c-78ae-4b47-982e-93e3a59ea54e", "value": "48:6IDkWkpUJeT2nfw9LOABJCvs2LNL75q+tCqB5q04CXSR:8wm0JciBc0lo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645457, "uuid": "f2f5c8c4-a695-4234-b7d3-129d5968e511", "value": 7963, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645457, "uuid": "ee3d77f2-04c5-422c-bb49-97b3804c6734", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645457, "uuid": "c1d6298d-e15e-41c3-b2a4-08015c2f37cf", "value": "Ref-231017AF-Payment-Details.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "13a55727-6d68-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697600426, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697600426, "uuid": "8e167d67-9023-4702-9cee-fd926533a9fc", "comment": "Malware payload (Amadey)", "value": "365f6fd205ba4292c4588ccfbd281e60", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697600426, "uuid": "7ee78780-21c8-4fa1-a112-f800784d199a", "comment": "Malware payload (Amadey)", "value": "4b08f4e4ae8873673faeb69ee3ac92876c4ef446e8580c85e7fad2e9fb86c704", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697600426, "uuid": "7c7bf2c7-8091-45dc-924d-fb813e905531", "comment": "Malware payload (Amadey)", "value": "938e90742d247880daf8982e0745199225faa47f", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697600426, "uuid": "3b209345-87ce-43d4-a7a7-cdb7d509dc22", "comment": "Malware payload (Amadey)", "value": "2f3e567086afe693d77ac98250f8e8cd497d380939343e0f4f2cc6e0c39b400dd691b021d464e0842a4dd62da073f5e6", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697600426, "uuid": "d3be5b33-ee3e-4503-b161-5ea3911729bd", "value": "T19144BF0174D1C432D872A53709E4EBBA5A3EB8300BA55AEF67E41F7E4F313D09631A69", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697600426, "uuid": "e0c1c786-38d1-4f1a-b350-488a0311c8d0", "value": "e6c8a6ac2c39bf589d2a9a54b0ca583e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697600426, "uuid": "1fdcf566-71f0-4724-b3ee-e500860fa674", "value": "6144:sppmpvgbdhH6XZeSCatnXGNWqAOHXuGoXRW:sIgbdhaAzUXRW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697600426, "uuid": "b546cf11-2ebc-4d5f-a673-cfc5edbe412d", "value": 258048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697600426, "uuid": "e64a72d1-81ed-40b9-9c14-5b58c8c3ca66", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697600426, "uuid": "ce89680d-80dd-4a62-a10e-8aeb68387808", "value": "365f6fd205ba4292c4588ccfbd281e60.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c41ffe9-6d70-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697604092, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604092, "uuid": "852c8bbc-2ae1-4bd5-8c20-115223c04dc6", "comment": "Malware payload (Mirai)", "value": "3191f2373a08841150bdc92bb54312b2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604092, "uuid": "466ee81d-969f-43fd-a0c2-f3c96ffe88ee", "comment": "Malware payload (Mirai)", "value": "4b569791431238e1c8a20cf86323a9ef3de2c976c9fb819902a5a1ac04103fa9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604092, "uuid": "fafd320e-f5e9-4b33-a541-fb2a7308c610", "comment": "Malware payload (Mirai)", "value": "022138f88ad86a85268b1d4b661f0c5bf1fbf7af", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604092, "uuid": "f59510aa-7ffd-4339-a153-1def34e3c49e", "comment": "Malware payload (Mirai)", "value": "8386e24e18afab1bcaa4b18ed5bf4debe3709f2322e54b457351b77d62b8005db5b46a2aefd0d9baf3f708933db13771", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604092, "uuid": "2c4dd240-7f2c-441f-994e-f6fc7b56ca6f", "value": "T1D8B2E0A8E44CEEBDC4E767325CE8C383B3A91F9E374BC9E6A18AC70155112175DC9AC4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604092, "uuid": "eecb8a00-d7ea-44a9-ab9c-e0bafa24f7ed", "value": "384:fgJw33+kf10fd8FHhnLlXsXIdYVtR/UTXut/Blk6hKBLbLqqrV+j3mqsduJKZxpD:fKwn+G0F85XsX6YwXG/BjhmbWq03jwxV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697604092, "uuid": "aa2b23e9-25df-4a3e-8132-8f03a47724d5", "value": 23912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697604092, "uuid": "06d4d396-52c3-40b5-b8a5-393d52de5271", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604092, "uuid": "0f38aa33-b6fd-4770-85ba-418312c9b8d5", "value": "3191f2373a08841150bdc92bb54312b2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5c7c6452-6d85-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697613004, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613004, "uuid": "ecfb67df-5deb-4a66-b4d4-39e29afe0827", "comment": "Malware payload (Gafgyt)", "value": "ab9f4061557e4a68b1d36d0371e2f575", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613004, "uuid": "aa98f72f-7715-4022-a136-a2f69f173407", "comment": "Malware payload (Gafgyt)", "value": "4b94e33955dda29912f452b033914b03c13aedba560a6f22e73527cb13a682ff", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613004, "uuid": "b1c6d66e-cd38-470b-9606-37a5f781f6c5", "comment": "Malware payload (Gafgyt)", "value": "11ee08c5cb2100f566ab0ac639ec33137ea34f6f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613004, "uuid": "aabc6ff5-6d48-40f1-ace8-63f9ca6d0882", "comment": "Malware payload (Gafgyt)", "value": "7db6d533fc78c00617fbcaf0697483fe75ae9f44ab471615f2dfce4fa83378ef2383a7c06bc8b272f83676a41a0e83cc", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613004, "uuid": "a1965c38-c635-48e1-a750-0e76ee9e3b38", "value": "T1FB93D704ED505737C2D23BFAF79A42CE77361F986B97334196283AF41BE5B981A39120", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613004, "uuid": "7b9d9a72-6837-4fa8-8700-134488e1dfe4", "value": "1536:Lhi/CHwbRuW1i4sB9xQMOvA9dHB1WoAgqWhQbayHio1U9gRWgP3XUFQuaExH/++n:PwbRuW1i4sB9xQMOvA9dHB1WoAgqWhQs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697613004, "uuid": "be09b440-3a2c-4919-be4d-d5b9a0ec0b6d", "value": 95129, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697613004, "uuid": "061d797e-59ca-4456-801b-bc6c061b2c19", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613004, "uuid": "bc9ca8d1-4f76-423f-87e7-611bde325b26", "value": "ab9f4061557e4a68b1d36d0371e2f575", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd8c6f20-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (zgRAT)", "timestamp": 1697645486, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645486, "uuid": "dedbecba-91d1-4842-bf58-002260ab4ef5", "comment": "Malware payload (zgRAT)", "value": "4df306d379920ec587ebd0c86c2467b1", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645486, "uuid": "f88f9354-e13d-486f-bd1d-47a7629b47d9", "comment": "Malware payload (zgRAT)", "value": "4bfc2adbc891dd1a8b5fe2a3a051854933199ba0ff3521d7d0b6275c8bb24685", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645486, "uuid": "b8e273dc-bf79-4d99-9099-53c82c5f2a7d", "comment": "Malware payload (zgRAT)", "value": "9b5c0f3aed6e3b8b7699554b4bd3eb7ca420fe9e", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645486, "uuid": "905db89c-caf8-4ea2-9d47-6b3b30aea570", "comment": "Malware payload (zgRAT)", "value": "02ef274146c35639fcd714f8b321dde9b8a8d9eb3f33168b12f776a5a700626a88026361035442f066346c53e4950bd5", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645486, "uuid": "8fa646ea-6479-4808-af48-fd2a08735457", "value": "T1FD45D79038DF7008B6B27F571BDD7EE84E6FBB931A5A60AE3444570AE653D908DD0A30", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645486, "uuid": "6b8dcb1c-a697-42c2-875d-1e72712694e0", "value": "3072:t9zwqwu0zhgggggpKgggggqWHLgggggayLggggg0gkgggggu7Lu5gggggNYPTRLR:0VWHDyK6O00twcJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645486, "uuid": "30e18a55-f04d-47a6-91e3-28bc1fb6783b", "value": 1173332, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645486, "uuid": "042ee6d6-8d1b-4c05-b7c9-d2abf7cd1d53", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645486, "uuid": "b199f67a-7816-4916-a456-2972d9ede11c", "value": "Invoice 234-23.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eddcaf95-6dbf-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697638159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638159, "uuid": "b643a8be-9eae-4348-b1dc-5dd658d78452", "comment": "Malware payload (Mirai)", "value": "1d6c50ebd281e1c94180e53c8478a376", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638159, "uuid": "e80a78f4-6c5f-4393-b7b5-344b4e139bf8", "comment": "Malware payload (Mirai)", "value": "4d4c5308c362bf721cf4dd5df37c6bbe8697775e1f526acfab95572d65d02f60", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638159, "uuid": "6c61262e-a7a9-4557-93c7-566628234d27", "comment": "Malware payload (Mirai)", "value": "1ddbb01d81997bf0a87b19a573da091fa97d04a3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638159, "uuid": "67035d6c-e450-47d2-b36c-e066bb8c5bf5", "comment": "Malware payload (Mirai)", "value": "2b260334258df9e1ba484254558250665d672846d0ef2ccbeadbb362a81820677a3300da9540fc21912d5cfedb9cdb85", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638159, "uuid": "923bb938-06f9-4dac-a8a0-6851503c742c", "value": "T14F73AD33D1686DA8D0664B75B9988E309B23A28416933EF6D794CB784013EECF509FF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638159, "uuid": "d15bac5e-f7c7-4be9-83bd-f4c349ce0c40", "value": "1536:9aD/MEGvbwt+i7EhH+ln8C/0rrnmF5lrKkNGIkFgCJl2c:9OkdzeEhe90rjklOkQFgLc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697638159, "uuid": "3fc72f6d-2795-4d8e-a986-06cc827d9696", "value": 75888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697638159, "uuid": "5f19da64-984b-42bd-9153-f1111610cf52", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638159, "uuid": "2f3e5fac-cb10-40ee-b6d4-be07aad921af", "value": "1d6c50ebd281e1c94180e53c8478a376", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8d4fe6a-6dbf-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697638150, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638150, "uuid": "fbaf70db-e929-4e77-a200-2dace48ed147", "comment": "Malware payload (Mirai)", "value": "9385d4c2617f4cb0f9b16de8469630ea", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638150, "uuid": "34ca8adf-7edb-4556-8599-940626633766", "comment": "Malware payload (Mirai)", "value": "4dcf074c065f358cd8e187ecc88fc76d9c1a9c3f4401cbe3cdabd842cd6beeff", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638150, "uuid": "c1316af5-38f2-4905-aa28-874b765b5d05", "comment": "Malware payload (Mirai)", "value": "fac5e0c77a9c887667b801ed1c317fee6a364acb", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638150, "uuid": "ce4f80cc-2a5d-4a91-801a-a244dfcbb7de", "comment": "Malware payload (Mirai)", "value": "97d4010596163c3ad217a3c57c376abd5d2c23b82f8cbcaa49ad013d997aea6bd8a762d35c0761c64911a6237de6e910", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638150, "uuid": "2768440b-1686-420f-81ff-4153a82ea564", "value": "T17B53E781BC41A629C7D11777FD9F559E3700A3C9E1E932178C240BA07A8F94B0D5BF9A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638150, "uuid": "ce987876-20dd-409f-ad6f-c4f2921328b6", "value": "1536:GogI5uRJ7lshCKotdsVKQ9d5y33eZtQqQotS:GogI5uRJCQsXPy3w3S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697638150, "uuid": "cadf6fc9-54a9-4553-9503-ba5b7eddf4d0", "value": 62900, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697638150, "uuid": "e7c0457c-f8c4-48be-a2a3-bb76051643eb", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638150, "uuid": "eb135486-546d-4578-a378-061d9c74cf20", "value": "9385d4c2617f4cb0f9b16de8469630ea", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6152a611-6d85-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697613012, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613012, "uuid": "58528b61-041d-4f19-90d9-51725a746369", "comment": "Malware payload (Gafgyt)", "value": "889ec6edf705a5542c06ceb40a2173cc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613012, "uuid": "28aa1180-69d7-4f25-a084-6fee87654757", "comment": "Malware payload (Gafgyt)", "value": "4fae80d6092205ab4684e4c442d3072cc77c09ff63895bf1f002ab84bc386f13", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613012, "uuid": "571e15a3-b2ca-4f12-bef8-e491eda959db", "comment": "Malware payload (Gafgyt)", "value": "ba1941d55101c35b76a9bd0949ecb2f386450dc1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613012, "uuid": "a7458e8b-9794-4f16-ac45-4a7d4a0b1431", "comment": "Malware payload (Gafgyt)", "value": "e6c3ee6cdfc7ff7c930b1dd6bd8ef560e850a8cfe7152e9a3858576e57228ed79cdb75f82aeea51a5c237af669c225c2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613012, "uuid": "0956415b-a70a-4561-ae6b-6cf6fd13453a", "value": "T16AC3945A6761CEB7E84ECE3B0699460110CD9D4A02DD6F2FB2B0F61CE7AB88E45D3D44", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613012, "uuid": "2b6349bd-e7b1-4643-9fff-6532254a912c", "value": "1536:GeSIeTAnhJDae/NfeKOpyzLZ3UX1y6wo7I/LrXj+vg8:G0PfeKOp4LrKqLrT8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697613012, "uuid": "c95e64ab-22f0-4b8b-82d1-9b09b6ad9ae7", "value": 119167, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697613012, "uuid": "99fe3036-5045-45c1-894d-39df5e522936", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613012, "uuid": "9e29d34a-531d-4790-ae5d-32a9921ed06d", "value": "889ec6edf705a5542c06ceb40a2173cc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "311f6261-6d4d-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697588879, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697588879, "uuid": "6d7694d3-833c-4b95-9ea3-1fb16ac7c9a1", "comment": "Malware payload (RedLineStealer)", "value": "0c912bb1da2bd74391f846a3485ddcfe", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697588879, "uuid": "7b5186f4-1be8-4e50-bc46-ab8ab4bef6f7", "comment": "Malware payload (RedLineStealer)", "value": "4fea5ca472fbf656a65ee3eaa1953885c980e08b137e1e3190c0d7ce09b87bc0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697588879, "uuid": "c4d787e6-64df-4673-8328-cb4ebe53e85f", "comment": "Malware payload (RedLineStealer)", "value": "a30fc5be8d3536a2867caea1364ebc741037cb94", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697588879, "uuid": "2fc4f3ef-fe5a-4425-b705-aa460e1f46b3", "comment": "Malware payload (RedLineStealer)", "value": "85722a8f89dc5139614f339e8ba2012467b966a11e39fe512fe6704787b3f223e3a043ad34126e737228e4e634fa6e48", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697588879, "uuid": "adc39286-f187-4c9f-bd4a-c53c2e6ce94d", "value": "T1733522026BF88537D8B6237018F613D30E3ABCA1996957BF2754E90E4CB25C5E83537A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697588879, "uuid": "a06dc4ee-e71a-4629-8271-fcb75f1a0fed", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697588879, "uuid": "92baef6f-f8e5-4247-afcf-cc2fde67ddc3", "value": "24576:oyYX+/sV7V5ogXM6G+4AKuUaI8VUmSw+q1++aWrRCeoZPoi0:vR/g7V5oIz4fu/IiL7Q+aECHPo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697588879, "uuid": "c8f6d083-cd98-4a22-9a86-21b0e34810a0", "value": 1089024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697588879, "uuid": "5498591d-2f6a-4b15-92bf-2e008608a2cc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697588879, "uuid": "13f9f184-a228-4522-9901-b450329bdf2b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6c188111-6d5c-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697595421, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595421, "uuid": "695ff429-b953-4085-897f-661efc6e1413", "comment": "Malware payload (Gafgyt)", "value": "502fb79f72b502c0cb7098298c8c0a4d", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595421, "uuid": "c7867db7-f61f-49a7-bff3-787848ecd6a7", "comment": "Malware payload (Gafgyt)", "value": "50413deb10eb53336e0fecc63c8cf503c1e47710b88da0ac6f7ac5d315220a6c", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595421, "uuid": "38061be4-0b11-4bea-ab5b-c5a31a89a3ad", "comment": "Malware payload (Gafgyt)", "value": "d9d1040b5121fe77ae92ce34cd7024c980b51401", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595421, "uuid": "3a6a3d05-801a-4655-94e8-311a7c794038", "comment": "Malware payload (Gafgyt)", "value": "d02bf04e089bc1fe37f5d15ab65e4b44041c1748f680049804d8c1f29e0b891db0b0b54ffb80904f79867ac58afa19d6", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595421, "uuid": "cee0f542-46c2-4a5e-b0ce-36064a6e33e1", "value": "T16B831A42E646C6B3C4830AB2029B9B560932FABB0E675E55F36C7CF4AF128C57117F91", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595421, "uuid": "4fe25a49-26dc-4fe7-8d19-f3105e4c4ae8", "value": "1536:3TO77SPJWVjRWHN8f9gfW+M/MXxLBRYmJxKx5hbddddd160tmYHc0r6jmVfKXd:y77SPJWVjRWHiyOF/MhLbY+c5hnvtmUq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697595421, "uuid": "16c3fee4-efb8-4843-a924-fb554d12e43d", "value": 85756, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697595421, "uuid": "16c6361a-1920-4e9e-b095-48c58555fae4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595421, "uuid": "74c8e041-e826-4a60-9e9e-b98d502428b6", "value": "Ayedz.i686", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e95cd72-6d58-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697593788, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697593788, "uuid": "d47bc7d2-e734-4968-9a18-d946cf7287a9", "comment": "Malware payload (RedLineStealer)", "value": "f883b43159100d1dc632dcd76b7d3ac8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697593788, "uuid": "ab2d2d8e-31a1-4693-921f-1c823332796c", "comment": "Malware payload (RedLineStealer)", "value": "5074252eaa07aaab0be49e3241a36640db6277e95677df81689b82a7dd2be213", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697593788, "uuid": "310d6820-6371-4fee-acbd-bd82069973d5", "comment": "Malware payload (RedLineStealer)", "value": "941427e17ca869fe86b780ea8c5fa1491efb4f54", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697593788, "uuid": "2944f33f-0266-4d55-9652-e2caf9a94528", "comment": "Malware payload (RedLineStealer)", "value": "ac73a13ea2c9b2b88e78aef01971f241eff155223bbf730ae9b0a351fc2d6767ab941f03190ccf28b97b9154f4bbc803", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697593788, "uuid": "59c483db-ae01-4046-9d40-fa0f31336f38", "value": "T1A235235677D86873D9B5233068F603C70E3ABDB18D7887766386E89E0C736C4A935326", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697593788, "uuid": "b74dedbf-fe71-4c12-89e2-1e8b30f405ca", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697593788, "uuid": "4787c17e-7376-4c64-8892-66cd1ea68136", "value": "24576:2yyfQYRP2Kmm58di/Php1PGJ7fRRlEugKiCe1fGp:Fyf7tmm58QXhPuJ7HlEpTn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697593788, "uuid": "c2110c9e-c2d2-434d-8329-c0b534063f45", "value": 1100800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697593788, "uuid": "1d7f7efd-d4cc-4970-94eb-efb1b5b1c185", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697593788, "uuid": "16b87761-69f9-4a33-b924-5e518960e6b7", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9d90619e-6dcc-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697643607, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643607, "uuid": "336b03ce-55bb-422f-914d-7d02a7693269", "comment": "Malware payload (AgentTesla)", "value": "818339aad80be9aa34815e106ff353e0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643607, "uuid": "dbb071a2-cb80-41ac-b5a2-7cec6e9d06c7", "comment": "Malware payload (AgentTesla)", "value": "510bf93c760fb6b85d94cfa05ebe1dc6def17c7ea9a58cd1c607ebb83944e749", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643607, "uuid": "f40bbdc0-35e8-415d-87c1-d6686c1d3565", "comment": "Malware payload (AgentTesla)", "value": "39c31fbef2b736cb00dd2606ebe09954fc5c88f1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643607, "uuid": "22222b31-da13-4f20-a32e-1fef6bd5301f", "comment": "Malware payload (AgentTesla)", "value": "6eca1a6728bdc4a2183aeaee67ec129aa57ccdd6c104c3041f466ab23d3d9871f858b42aba3491615a40856da79904e0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643607, "uuid": "07db3a0a-ae77-423d-b7b4-8eb8ce0fc584", "value": "T12094233D98F67F21DCF1633D0E4D065A9C0A361AA43A03B74A1F957CAA4DC756BC0C9A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643607, "uuid": "3a7bfad2-ea59-4bb9-acd3-408e097f2435", "value": "12288:bEeIlN0yU0sE4vO2xH0ZFIt3dwfYEqoodvuCT:4ViE4bxUACfYjf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697643607, "uuid": "00dcac55-4000-49de-9506-b953edaa01fc", "value": 433282, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697643607, "uuid": "d9a5bcf7-b7e3-40d7-a3c4-e228e6e1f42d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643607, "uuid": "7eda2f30-1978-4daa-aea2-505a190db149", "value": "Shipping bill document.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e78b22fb-6d55-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697592621, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697592621, "uuid": "fa37c04a-8d2b-4659-ae88-9af7fcd9cdbc", "comment": "Malware payload (Amadey)", "value": "7ebf23d3aacfc036456c8e84123772b9", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697592621, "uuid": "fd6e4bfc-4b0a-4e83-88f6-769fdd9f7a1c", "comment": "Malware payload (Amadey)", "value": "513f455f4fbbe3d9d6255b6bbadeb25e819c2b34e1f21f128b4e15899586ef8a", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697592621, "uuid": "ccc3d288-6ee6-46f5-92bc-43982f390232", "comment": "Malware payload (Amadey)", "value": "e9f897cf8927484b4bb972be85eb3e4b269837fa", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697592621, "uuid": "4932c615-2425-4e45-972f-ed780a03ba6f", "comment": "Malware payload (Amadey)", "value": "48ed5986413c85e761e1cc468e91adaf5e76b79500717c5b43e6b42f352eddf70c33a198c273a2fa1817e794703c8667", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697592621, "uuid": "7b788b47-7eef-4e45-91c7-d8c5d0ebfd5c", "value": "T15634AF1174E1C472D9B2253209E4EBB95A3EB9300B559AEF63E40FBE4F703C1D631A5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697592621, "uuid": "69bcdcb0-6148-44e2-a18a-b5ef0e78e8b2", "value": "e6c8a6ac2c39bf589d2a9a54b0ca583e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697592621, "uuid": "16d44cdc-0ecb-4481-9b0e-ff70f8588b23", "value": "6144:gZpvJM6xg/yxqTtC9BfI8a94AOXGN8EnlTOqi:gvH2/yxqJOGOD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697592621, "uuid": "bf39c22f-72a7-4872-ba14-27ad672bfd0b", "value": 252928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697592621, "uuid": "4a5b2e4b-d953-4c9c-8dc8-f80461d291b3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697592621, "uuid": "8ef68cc4-5f11-4840-9832-b54f28370ff1", "value": "7ebf23d3aacfc036456c8e84123772b9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "63c80d9c-6d9e-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1697623754, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623754, "uuid": "02ca4f4b-9cf1-4d55-9ac1-83e833ea9952", "comment": "Malware payload (Formbook)", "value": "0519d5dde1cf72d9b2abd68a55f8424d", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623754, "uuid": "e6952609-a141-4056-b6f0-a6189ff0c5bc", "comment": "Malware payload (Formbook)", "value": "516881166b68e4875316ea79ef2a2bf688b94b050e45f59788ea5e025e1b77a8", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623754, "uuid": "8c49b43f-afa9-42ef-9c4b-946571824fd3", "comment": "Malware payload (Formbook)", "value": "97ad2c80419e55063b18891c49c08d8b7cb7d30f", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623754, "uuid": "0d66895a-be6f-4131-8f3c-c8b79d6909a8", "comment": "Malware payload (Formbook)", "value": "2376a1f35331179a2ae169060cfae11b8f88216692eeb6b2027127c4e871e2500e8b3bd217b6180428a5251874f36638", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623754, "uuid": "c35a8aef-6bb5-4c81-8775-64063f9865c5", "value": "T13E65F0039804DAC3C05D83F8BD1329E90E0D7F2AE8D579DB14967F9B3A31AA7095E16D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623754, "uuid": "5ac598d3-176a-44a7-ace0-38dbafe0b2cd", "value": "24576:BWQmmav30xsxZy/w6VC+6bvdXXXXXXXXXXXXUXXXXXXXXXXXXXXXXQLfiZyUw6Vk:QQmmQ30G7H6V760g6V26OpDXJyPa9R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697623754, "uuid": "0860c5d8-4bf9-46b1-b964-05a478738944", "value": 1492992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697623754, "uuid": "604f503b-7da3-479e-b62e-d80886df1942", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623754, "uuid": "58356d85-37de-4cbd-a5d4-01e40133d715", "value": "PO 1632_1.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0cf8606d-6dd5-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697647230, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647230, "uuid": "09349110-88fc-4e86-8f9a-7758d0a76a81", "comment": "Malware payload (Smoke Loader)", "value": "863d08c1f16678dc701e362690643339", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647230, "uuid": "5d3f5069-c86b-4490-a9b0-6a9228a8b708", "comment": "Malware payload (Smoke Loader)", "value": "5173400e6755a128f01092547910e44520c80f3cd20177a17a4847352177b603", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647230, "uuid": "b5c5a6b5-2087-4ce6-af98-063705808b9a", "comment": "Malware payload (Smoke Loader)", "value": "2ac1e0c51dda271edcace457f1d9755ae0767546", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647230, "uuid": "04fb2ec3-e8e1-4179-a586-a92d07b9a7e2", "comment": "Malware payload (Smoke Loader)", "value": "c1fd1c9f42f39c8e81f6967c46223563ff40cdb3b68f9be09c211adef15aeb19587f6cc31358bd819c79b59dbaa94ebc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647230, "uuid": "2a592918-a834-4ac7-81f2-3c6d863686fe", "value": "T1AC34BF0176F1C473D572153509E0EBB95A7EB8700AA29EBF67D60F7E4F302C1D621A62", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647230, "uuid": "7bf28975-aa1a-4cfe-af03-2c0d92feef2b", "value": "4f0cdfd3e1be2bc790b5aa9061b7d52c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647230, "uuid": "d7687315-1c22-4068-9c41-07ae4928d04d", "value": "6144:bEm9X4FIRd5DzznuBosiDKl51eAOALi0LWaTi:QyIKd5DPyeAiy7Ti", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697647230, "uuid": "045f84ea-166e-4bc5-b831-9b8214111de7", "value": 235520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697647230, "uuid": "f4b5429b-3e41-48d8-b558-35b322db4dfe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647230, "uuid": "515374cc-e1cc-47c6-b11c-754029be4941", "value": "863d08c1f16678dc701e362690643339.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a565ce0-6db8-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697634985, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697634985, "uuid": "8ae3f060-c58b-48df-9d7a-ceecf028b813", "comment": "Malware payload (RedLineStealer)", "value": "93b6ce834c66c23dbdb4c7718f8c97a1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697634985, "uuid": "359098f4-e768-401a-8d29-a2ab8522ff0e", "comment": "Malware payload (RedLineStealer)", "value": "5179a087288dd993e7bab0fe9e196f26bb4e396102791ce6b0ef0895585e798e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697634985, "uuid": "1c68dd70-1961-48ae-940a-a45715b40f17", "comment": "Malware payload (RedLineStealer)", "value": "1fad24560a6f3b68492e9ea544c57d77ee3ee828", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697634985, "uuid": "368ebfbb-09a8-4722-89f9-7863fba31e3e", "comment": "Malware payload (RedLineStealer)", "value": "0b2af868339df80529fb3f2c742196eef58685f2df061ff606fda41822d02355c542c840e21fdc0e8d01ea963256b764", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697634985, "uuid": "7dbdbd5d-fb2b-4f80-898b-00a339f6a704", "value": "T1782523326AD86137C9710B3008F713930A39FD615D34836A0756BD6E5DB2A90B4B9FBB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697634985, "uuid": "0d14d94d-de5a-41f4-99bf-4d04476ffaf4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697634985, "uuid": "027c2cf0-6c19-4f6a-82c9-0d7afcf4104f", "value": "24576:kyls5uRAyb1b486jmYGj9FvgabJzWyOCgqFCiyageZrB:zLRDb/zY6vga1WyOCpCiy5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697634985, "uuid": "500b7c9c-a058-477c-b541-4b58bb68ae49", "value": 1000448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697634985, "uuid": "a73dafbc-2e7a-40b5-8a5a-b2bfe36e96b2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697634985, "uuid": "17ed546f-1ec6-4ee7-be9d-e034dca2e8e4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "723c6f5e-6d9e-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697623778, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623778, "uuid": "d10de4b9-cbf7-4849-b8b6-df7a32285fa4", "comment": "Malware payload (AgentTesla)", "value": "58685b572e0ae38fc2c00eba68ecfcbf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623778, "uuid": "c09291dd-6095-4b27-a49a-9b4dfee2c368", "comment": "Malware payload (AgentTesla)", "value": "524af6310d4068cdb793dd932254a2da42ef8d83754d3a31d330aa41d21c39c5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623778, "uuid": "df712ba9-47ae-4ed2-a44b-ddcf716b3f2c", "comment": "Malware payload (AgentTesla)", "value": "d502aa125c55b1471972adc5bc534a4b30a0db47", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623778, "uuid": "04cb500f-4612-4de7-b0dd-ad778c4d3116", "comment": "Malware payload (AgentTesla)", "value": "cb68e5c0c3bced009ac93344fecc3b20baa7cc344358b25452da3a542b27d5255c73931e04d4ab5e91cdb180f9d3f2a1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623778, "uuid": "0d26375c-ceee-43ba-9b16-2573b4dd0ccc", "value": "T1E0257F3D29B9263BC1B5C3A9CFE1C827F154986F3521ED6598D393A64342E4639C323E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623778, "uuid": "c77290db-9867-4443-8019-06b970e3021c", "value": "12288:QAqhbFmPtbFcWglB3TcZVofvNuIO4W2zvnnUSgaGANa:NqfmPJwL3oVofvYIO4Fn4ana", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697623778, "uuid": "299b9811-bba0-4248-a36c-e729c0922f65", "value": 1029120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697623778, "uuid": "eca4742e-54ed-4447-8beb-3de7321801d9", "value": "application/x-tar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623778, "uuid": "1ce5f367-98b9-4283-8f1a-b8177e0f2bba", "value": "Track#1ZFV29616840783936a.tar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "776f3814-6d5c-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697595440, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595440, "uuid": "79b843cb-515e-42fc-81b2-1d9f4ddbb184", "comment": "Malware payload (Gafgyt)", "value": "a150320d3473d0e7a37ae0d339d62e87", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595440, "uuid": "b1673fbc-ee2c-42fa-a5c9-52f72bba038c", "comment": "Malware payload (Gafgyt)", "value": "5373b36689db3720c8497d0594ffb83e81a9f39fd2821035ace07b491b05ce28", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595440, "uuid": "2b01c067-1fcb-486c-b7b9-0bccca196b3d", "comment": "Malware payload (Gafgyt)", "value": "c0faf906c543d2dcceda612815dc28cd6f231cad", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595440, "uuid": "b58f1e46-5dcc-4c8f-b933-f82cef4f2b2f", "comment": "Malware payload (Gafgyt)", "value": "5c9e558b61edacbbac5cdf357f169b375b65d704acd5165bee412460ad307d634cd021d485db3bc9a33a944a0b7a9133", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595440, "uuid": "f9ab71d2-fbf9-4376-8e34-f13a012fed9e", "value": "T1C2831842BB40CAB3C48305B6129F9B110A33F9FB1E57AE55F36D6CF09E15585B222F98", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595440, "uuid": "f77c5f2e-0681-4ff6-92b9-37d7d2fcce0c", "value": "1536:tSQP74RoUSUM9HqjjAX4w5jvl7MHdJfuu6YK0mm5hEddddd1bdQl5+mYHc0r6jmy:tSQTYoUSUM9HqjjAXdjvZM9duTC5hUb2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697595440, "uuid": "db232bd0-d1ab-40d6-b492-825c8e8049f6", "value": 85756, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697595440, "uuid": "fb763391-a423-43c5-83a7-df0ae1ae24e6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595440, "uuid": "eedfe983-7e93-4176-b8db-acfd09043f09", "value": "Ayedz.i586", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0abdb5d4-6dac-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1697629617, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697629617, "uuid": "4f62642b-e200-4a62-bcad-5bdc287a4349", "comment": "Malware payload (Stealc)", "value": "0b00844bfe952ba691ef108d6ddd56c6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697629617, "uuid": "56e070be-74b4-410b-b03b-e5c3d02bc985", "comment": "Malware payload (Stealc)", "value": "5406d6e08cabee38ebc37b2c1003e43d6bc2420eb304191ac84ab1fe32e5c0cb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697629617, "uuid": "6b6e3dd4-5dab-4a28-bd5c-69a1701e65ae", "comment": "Malware payload (Stealc)", "value": "a24a29cc0bd7cf3df08aba567f2b38ae4187d4cf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697629617, "uuid": "be8275b6-bc4f-4f8a-814d-35da93218ef8", "comment": "Malware payload (Stealc)", "value": "2cd4da3a6fe8ab7182b67ce0fa1d1dbb413ee5bb36614ec0be4eb1e24a64aa8f9f81867c4c1eea6be34aeda65b179790", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697629617, "uuid": "c8e34c5f-4187-460d-99d5-5e228dfc5859", "value": "T10E252352B7CC9066D876537029F213D70636BCD25C7893AB2B83A96B59733C0B972327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697629617, "uuid": "0f2b8456-73c8-401f-9ed7-8f2ca605b906", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697629617, "uuid": "c6214a24-ae59-4645-8f10-7ad4fe6e0704", "value": "24576:fydNSbeQztReaJSyirz92P0LqjJDOrLlGb:qdMxztReaJMd2PPleY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697629617, "uuid": "9a213d4b-4c0e-4887-ab4c-58f0f29d5b7d", "value": 1001984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697629617, "uuid": "784484ad-a816-4a88-986d-5ae0e01aa3a8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697629617, "uuid": "1eca7a99-bb6c-4304-b6b0-7289a5931a2b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0072aeb1-6dd1-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1697645491, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645491, "uuid": "42889c9b-b55e-42e0-b832-d49dd8b9dbb0", "comment": "Malware payload (GuLoader)", "value": "f757100ab776130f86a093bc1d36fb4e", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645491, "uuid": "7ed4b318-f869-4f9a-9c86-067feda99988", "comment": "Malware payload (GuLoader)", "value": "558b84082b1204f95b425193cea601f47c706d57b3f97d9a148d4cf2565127c2", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645491, "uuid": "35b522b0-40b7-4343-934f-f3d641475296", "comment": "Malware payload (GuLoader)", "value": "772b0d6d5850bb6fc30915f55b0c63a4db22fdc7", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645491, "uuid": "430c5196-e76a-45a2-9278-12bcfb72e2a9", "comment": "Malware payload (GuLoader)", "value": "4e2ad499954dcc59cff317c5d5947072406dece29cfb6f9cddda5c5f2d58f2c3ac7e0c9ba6494bd652c753fd7ae84677", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645491, "uuid": "aa8ac177-285b-4a1b-becd-e08d8c9444d8", "value": "T1BA537EA1DE4515164D4B3BEAEC418872C5BC817D9517003ABFED238E9207A9CA7BE70A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645491, "uuid": "23f49cee-6c84-4c61-8a8e-a2ce0d4361d4", "value": "1536:9IBSH3yFyNY/4cRByFgdsI/iEkx83Ul4AGHmqomwF:9IBw3yFn/4cByFyaEx3Ul43HRVwF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645491, "uuid": "68b440bb-340d-4917-8883-e9b287d8c752", "value": 61819, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645491, "uuid": "b456ce1d-8309-47b3-9e4d-384e3fc54dad", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645491, "uuid": "84d8e07d-6e9c-4705-a226-05855b89e312", "value": "CA 902_23.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5e89b76-6d7f-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697610631, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610631, "uuid": "e1000b58-c964-4b44-b894-c5326cc57146", "comment": "Malware payload (LummaStealer)", "value": "3597a3ed6cee3a94d7bcf543ae4582ed", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610631, "uuid": "48f20f20-14bd-475e-9532-de747d290818", "comment": "Malware payload (LummaStealer)", "value": "55b72f2de01c1dd7b1df41b2b4ae2d4ac5d69b104aadbeac4b90d41621406ceb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610631, "uuid": "52aede44-8ad5-42b0-bb31-704de8bf6081", "comment": "Malware payload (LummaStealer)", "value": "e9308eff8e2111c9f9096a611324e88e78fc3ea8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610631, "uuid": "f9df4afb-cf88-4579-a660-ef750e99f5cf", "comment": "Malware payload (LummaStealer)", "value": "4d364baba04f3df9d1af0eb832171e97cc9090c65703ff22866fec5a95efa18c1a0b1f630b79d0f2842852d18b256cf3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610631, "uuid": "aee643e1-8325-479a-9051-c6ac973c3260", "value": "T1BD449E01B4D1C472D872153209E4EBBE5A3EB9210BA59AEF57D41FBE4F303C19631BA6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610631, "uuid": "dd6ddfe3-605b-4d93-9830-445218dac014", "value": "e6c8a6ac2c39bf589d2a9a54b0ca583e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610631, "uuid": "946c19c6-b90e-49f9-b2f4-16e6b1d3ca0b", "value": "6144:xuUqIdACOhXhJYofEKzq7OWqAO566FsrzOFC:xe8ACOhxtzfaOFC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697610631, "uuid": "47da6f94-98f7-4cae-85b8-22d3529a73e5", "value": 257024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697610631, "uuid": "1a473f64-136c-47c7-a8d6-9b2b0f6cf7bf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610631, "uuid": "a96c4ade-ebc1-49a8-a391-e5fcdc28e66c", "value": "3597a3ed6cee3a94d7bcf543ae4582ed.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50f5e709-6dc4-11ee-8907-42010a9c0042", "comment": "Malware payload (RemcosRAT)", "timestamp": 1697640043, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640043, "uuid": "6edc466e-cca8-49f9-b153-f4763e7d5bf6", "comment": "Malware payload (RemcosRAT)", "value": "3b25472a5f6d419fe5b94945c3694850", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640043, "uuid": "3c6b8f01-db6e-46f9-986f-7268d3cf3328", "comment": "Malware payload (RemcosRAT)", "value": "579436ed344fb30bf3a831868b541e55c61c4289275821d2f14c4bc71afc930b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640043, "uuid": "05ba43e8-1479-4a5e-ab75-dc7ea64de225", "comment": "Malware payload (RemcosRAT)", "value": "6f7736bd75b60d3b2a057bd23f2e6e83de4a648e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640043, "uuid": "b8cd21b4-9065-4f93-9313-1c32e1014236", "comment": "Malware payload (RemcosRAT)", "value": "5d8cabcf61cc4dc12dbe997b5579acd8e1c2bab63d5de1635e6b51a711c1bdfadd7721df2e61af851e749ce2b02dcc5a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640043, "uuid": "43ef56bf-710b-4d79-9d8f-a44399854d79", "value": "T1F3F40121A75E8E63C4E131F39C7FB6464EE69D013F50B2AA062836D8F43F68BC1D6645", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640043, "uuid": "de37ede9-200a-44fb-8f9a-fd53c426dd67", "value": "f4639a0b3116c2cfc71144b88a929cfd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640043, "uuid": "ba4a7045-8caa-4ebd-9b7d-b9f8a61e0d4b", "value": "24576:BfLzcnx3nMC9IeElOENY5v6vLs66oYg85B5:NkIeBEN5vo5g05", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697640043, "uuid": "baea11ed-5fb7-4b8b-a1f8-b207cf0c60d1", "value": 789342, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697640043, "uuid": "d324fd5d-665f-4e6a-8ef6-3c3f053b8e40", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640043, "uuid": "89c1b3f1-546f-4553-b861-59f150dce9b5", "value": "rooming list.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "680f939f-6d9e-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697623761, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623761, "uuid": "642d4228-b9a2-41af-9916-eb9f17329cad", "comment": "Malware payload (AgentTesla)", "value": "1ed96e5e9184d73c554c43aaca691e14", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623761, "uuid": "3d0c0336-2dfd-4537-8b41-5cd2c1e3398d", "comment": "Malware payload (AgentTesla)", "value": "594bca97764ebc34032781ebdb633eee3ea31e2ed721ca765ce5827e6a17dcf9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623761, "uuid": "62a85840-6546-4fc8-bbeb-ba65fffe8b2d", "comment": "Malware payload (AgentTesla)", "value": "420f257f5a6beeb29ddbc08a36ee8beb5e404cce", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623761, "uuid": "9a432ffa-6c86-476d-ae79-d708c7b202dc", "comment": "Malware payload (AgentTesla)", "value": "91a2529ba6a3fa7fb73bdc00929d322f01dc9ab507f465b6abdedafb448574413d7c3e079987089a0ce5ce3ca1155f7f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623761, "uuid": "87310474-ec81-4ef5-8441-2745dc3e564b", "value": "T140E42318FBAE53BEE0798BF4A4B8895807B0E5B33803D9641DDD35FD8526F091441BA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623761, "uuid": "589147df-fb9a-4517-8973-e09b9210ab1a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623761, "uuid": "60e04f04-183c-47c3-90bd-cfd74b12cec0", "value": "12288:fDDJ92Ir0fP0Rl2+RRCsMknl7DREgdr+yKEVvN/xgAmbs:r/jbRzRw/2TEcKyP/xgAb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697623761, "uuid": "f549994a-4fc6-4f14-a8bd-93c6b71f5c1b", "value": 661504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697623761, "uuid": "dd441cf6-b6d5-49c4-beb1-7e80009ce2f7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623761, "uuid": "14e6d83d-7f45-4fb7-9727-a006501d442f", "value": "Purchase Order No.1364.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e763547-6dcf-11ee-8907-42010a9c0042", "comment": "Malware payload (Loki)", "timestamp": 1697644763, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644763, "uuid": "2bc9cb6b-5c7a-4f39-82f3-a53cf14e60e9", "comment": "Malware payload (Loki)", "value": "ffb83ba7b0f6045a7bdb490dfa006fd6", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644763, "uuid": "caeb6473-8bae-433e-83db-480ccf5998a5", "comment": "Malware payload (Loki)", "value": "5986fda10c3ab71a4a519682da34fa5b29df54da0620f30d77d24fd36a72cf12", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644763, "uuid": "1eaf950f-d88e-46fc-92ae-5324a0df0348", "comment": "Malware payload (Loki)", "value": "a1bd01d04dd999a983be9d9cf59c815086f4fd1f", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644763, "uuid": "b4f941d5-ba04-4920-8781-1b083a4b7674", "comment": "Malware payload (Loki)", "value": "b229ed67123cc6a1f7f451877b775eba127b3f4c86bc6a8f13ec82743053cdba24798ec6fb541131c187697e393b9352", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644763, "uuid": "18a87298-3f0f-429a-8412-f6b67f2a5f89", "value": "T1065502039944DAC3C05983F8BC1339E5090D7E36B8E9B9D724867B9B3631FA74A5E25C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644763, "uuid": "b5fcf803-2cfe-4bd6-a798-326d77ecee9e", "value": "24576:QWQmmav30xBd+6bvdXXXXXXXXXXXXUXXXXXXXXXXXXXXXX8HzOZyFw6Vc+6bvdXA:lQmmQ30XI6QV6VJ6V2KjX7eyvKcy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644763, "uuid": "2df877d9-adbf-4a37-b5d7-6716d79ec91e", "value": 1297408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644763, "uuid": "67a1f7c4-ffdd-49b7-b79f-9824059188f2", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644763, "uuid": "c60bb26c-b381-4c73-9b09-67326c2eeee1", "value": "Request for Quotation.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "51e84e9a-6dcf-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697644769, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644769, "uuid": "7380c2ab-054b-45e9-9efa-bdc302936108", "comment": "Malware payload", "value": "858bdd40febca7841f7da620ead3f4f1", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644769, "uuid": "ee5bdd67-5710-47f5-ab0b-2a87a43fb192", "comment": "Malware payload", "value": "5a025699bc510a4ad9c23718e7ad845899c17dc4a061569941b8e36a61791196", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644769, "uuid": "4360c77b-e9f9-401d-b8df-41371c7d04f1", "comment": "Malware payload", "value": "b4a6b76efe58447117e026293797a77ea2a335c3", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644769, "uuid": "fc309d40-5238-4e7f-b3da-0c2e498de752", "comment": "Malware payload", "value": "8dee90063879c5f425e2fd3e69e2640b0cd7255e49eeb99786975255a11c588502e06d0fad2edd4c51286ffa24716099", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644769, "uuid": "dd5655e2-3988-410d-91bc-af1282dc019e", "value": "T151756B55F041C62FC7AC253208AAA3FD37B83C466E858643725DB32E3EBBB44CA56745", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644769, "uuid": "87478b91-b143-45ec-a937-74e5e3395a4b", "value": "24576:v8mDgDbXc7dq8bNhisb6wJk+5jqeFFFmVIwIvlteqFnlTIOI+lm4KUWlpdIiIrld:6zcb5b6Ob54yxodq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644769, "uuid": "484ca679-0598-4490-acba-9c2984d90123", "value": 1688576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644769, "uuid": "d71d93e8-e00f-480d-8e8f-055e9ecbc577", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644769, "uuid": "427fa09e-bf28-40f2-a614-57823d6e6b98", "value": "Copy of VAT3_Return_P051548844S sept 23.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f9750423-6dc4-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1697640326, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640326, "uuid": "74227bbc-42f6-4f13-a324-e84e5da36263", "comment": "Malware payload (Formbook)", "value": "d7bde041b821e3b3e6e3a71846cee9ef", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640326, "uuid": "c633933c-a5de-4b0a-88a8-4381d9e84a84", "comment": "Malware payload (Formbook)", "value": "5a7df187972e8ac7ffd69cfd57e9ec4490a36b915cb8beaeee8cceac12ab76c8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640326, "uuid": "b87b4804-69bf-4592-9707-ae23adfdfc61", "comment": "Malware payload (Formbook)", "value": "0868c522a21aa1392272959a98fffebb8204be90", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640326, "uuid": "e22b6c1b-ce51-4956-9ddd-a68b08d09629", "comment": "Malware payload (Formbook)", "value": "e9eee7a197256cac8a0b5c343ba14b772334127167064b0b4b62d4212bbb877582d97616d9e0a3dc51ea4a613cca23bf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640326, "uuid": "f817c592-bd33-4bee-b948-4000b5717f32", "value": "T103740260F2A5C083EDB75931541F9D3154F22D7EC5E5A20E83C9771D9AE3B8280AF3A6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640326, "uuid": "0e79dab8-d247-4e61-8b9a-969f36f02943", "value": "f4639a0b3116c2cfc71144b88a929cfd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640326, "uuid": "55cf89fa-5e45-47ed-b966-56fc1d33bb8b", "value": "6144:RfL+oqnzcACJXXBqiAu5BFi2QBlrogjVUe3bgoso0+zTtiNbtAfvUk7RwFdVJRMz:RfLQwACl0Dr2QBlroYXLgosRSYN5+mFG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697640326, "uuid": "94cac85c-d108-4753-b116-79d9e934ade6", "value": 369002, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697640326, "uuid": "1efc98c3-ff03-41bf-95fa-e3f3ec5ffa93", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640326, "uuid": "244e9a29-e5b7-47fe-b1f2-0bad00d17eeb", "value": "audiodgse.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac19ee84-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (Loki)", "timestamp": 1697645350, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645350, "uuid": "d0bb2141-442d-44ca-be0f-0473cafdfab6", "comment": "Malware payload (Loki)", "value": "62a0c7f33de91139180ec1bc63cd86ff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645350, "uuid": "515bd021-ad2a-436d-baa3-9ba51b0ad258", "comment": "Malware payload (Loki)", "value": "5ac35651c67948f0c594cb1149457eb942d3420996c78af8b8db89494e9f7c92", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645350, "uuid": "02258c64-184c-4292-b2ea-662cc18b98db", "comment": "Malware payload (Loki)", "value": "630fcf53ce7d379cf45f3df4194b84ebb975911d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645350, "uuid": "e7915f55-338d-4ca8-be49-3dcd5a19099a", "comment": "Malware payload (Loki)", "value": "9a61be0af703bb9044a74c130f5c4bf4688dec43447963714e03daff25363c51936fbe5f4bd301c59057f117f04b5287", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645350, "uuid": "f22b73ff-5a50-4657-b2c9-0bd535d0ef22", "value": "T13954CE0099AC8278DBCED7BD596C60A6C13230329D9EEFD8CD42909C647F5EE45C4F6A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645350, "uuid": "554be19d-a360-4369-bbb6-4d18fa16d82c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645350, "uuid": "77f282cd-c113-4071-a27e-d8305b8dafb2", "value": "6144:/O/8S3oywm7o8H8w/E2+DLTnDrzvY2Om0BNv+BVJW7auBDSqon3VpQBj:W/8S3Cm7PH892+PbDrhOmCN6uxYVps", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645350, "uuid": "9562a549-cbe5-4252-8bc0-e32a89064013", "value": 300544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645350, "uuid": "e0dc8500-1571-4d61-9d2e-7b416f11275d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645350, "uuid": "8bc1087a-433a-497c-bc45-b179ca9c0d52", "value": "sipari\u015f_46224199.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68e8869d-6d9e-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697623762, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623762, "uuid": "0d03e9a9-f069-4457-be1c-c695f718f20f", "comment": "Malware payload (AgentTesla)", "value": "ee2e4db9e97ce4a531262cf402c8d110", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623762, "uuid": "e1b49603-c78b-4a27-9beb-28fc9aa445f3", "comment": "Malware payload (AgentTesla)", "value": "5aea80106a60e62b69911fec2e4150b64ecd37bb72617496029d095e54894ee0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623762, "uuid": "f8416a07-26ec-4f11-893e-f2b1877843c3", "comment": "Malware payload (AgentTesla)", "value": "9c0d74b608748e0f1471562b5f2e14b0d1bbe72d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623762, "uuid": "17acde6d-c484-4bc5-8ee0-616f05a389e9", "comment": "Malware payload (AgentTesla)", "value": "3475e984a85448fe26d80df70199774131e85e152c1dd72be3ff09ffa1bced58e91872ffb50be953d9e6589817a8e0eb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623762, "uuid": "ea89cd55-8a48-4e4b-9e50-091dd92cd0ac", "value": "T152D433C97AB94CED3973BC03551A4914C0688BD4236CCF6BBEEC645E4828E57C943D7A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623762, "uuid": "348dbe42-88cc-4cb9-85c1-3f051c8879db", "value": "12288:yquQ/I68dAXGNFgbsVRzIZZG/jw7vpYbaJZqHrBnWftTSWMlqyHcc+:yqw68dnF3R5/EpjJZWBWlS+yHch", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697623762, "uuid": "8d4c6b89-95ff-4a90-9eef-176b1eaafd92", "value": 629453, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697623762, "uuid": "118fd1d7-c15e-41aa-ac6b-4a06754113de", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623762, "uuid": "ab5ef329-355d-4b01-9e85-ec29ec279c47", "value": "Purchase Order No.1364.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef31d471-6dce-11ee-8907-42010a9c0042", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697644603, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644603, "uuid": "33953824-af90-453a-986f-3caf3fc3a5ec", "comment": "Malware payload (SnakeKeylogger)", "value": "a61754746b52b33f7535dbf287e27276", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644603, "uuid": "a2946e30-db0f-4c5d-8157-27397bcacd2a", "comment": "Malware payload (SnakeKeylogger)", "value": "5af368f158382f62f886bc08d7eddc7c3b947ef6658535a05c5cab24e50cecde", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644603, "uuid": "1b408714-e143-4379-a922-dee9854d974b", "comment": "Malware payload (SnakeKeylogger)", "value": "9525f35d9e894349f4ecbade7905752aaec0cc8d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644603, "uuid": "1a63d237-5646-49fa-b0a9-ea230790619b", "comment": "Malware payload (SnakeKeylogger)", "value": "ffacc1ea3d0e6e941c7979ba8a2a6ba17fcd3d6a3786da9dc357d9def32d4b29730d7a7cc7fc29a6e8e7e36527d0c451", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644603, "uuid": "6de2acb7-92d9-41a7-b513-1dba3247de31", "value": "T1A584F1A8E7A6D720D21305BBC3A0EA61C33D6E31C671A5F6BD22354E5BFF51CC809980", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644603, "uuid": "e7b6f8f1-c491-4ed8-84ae-302be686a73e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644603, "uuid": "5e369af5-b1f5-4057-8623-b8b64c190525", "value": "6144:RckOazRkzyPtvhW+m9VgbiNFeYOtYYE2Odtyqd72fOsA:WkOaz/Ptk+GVgwZlYrOiqoo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644603, "uuid": "e85b4006-0d64-4442-8111-0342aff536bf", "value": 376320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644603, "uuid": "7e7129d3-b7a7-4539-bfe6-26f91e8848f3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644603, "uuid": "c48e2b90-6d98-4c97-b337-e73e31f636ac", "value": "payment confirmation.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb9cb169-6dbf-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697638155, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638155, "uuid": "29e2bd0a-c137-4867-a8a1-31594b450e68", "comment": "Malware payload (Mirai)", "value": "f86035c8f68a5ed5216fed3557cfe2d3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638155, "uuid": "eeda39b7-c14d-4d71-bac3-b4bfda97d3dc", "comment": "Malware payload (Mirai)", "value": "5b18e6f6b784b0fafa4b9514afb97b0080641d87d2e8e5b4b197da1470e30bc3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638155, "uuid": "e47b87fe-ec9f-44c2-91e4-f012fee42dc3", "comment": "Malware payload (Mirai)", "value": "73e3483f1dfa34c8276c3c03e532c27eced09c0c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638155, "uuid": "8df6d60a-9291-4830-b37b-065545b58521", "comment": "Malware payload (Mirai)", "value": "90214256296a213a3c251d1d6181fe6ec92f40f93bd968287f03b9159ad795eb4f8147ccc1d3dc3cea3a862a333f7997", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638155, "uuid": "11c845f1-2a1c-4f2d-a27e-fac9473d8331", "value": "T163832A9AF400DEBCF88BD6BA41664D0EB930A39016920F377767FE933C23095D956D89", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638155, "uuid": "8dd5162a-a630-4893-a20c-28af9c26f26f", "value": "1536:qLf0+QM5PHyVwi7f2JUiEy+DlOo7mL3Gfh8FG8fmLPR4oFGBOKEDbF+ym+j:qLaV5fc+DMRSJ8FAGocBBum+j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697638155, "uuid": "769b858d-eb38-4f20-b414-8e5ad0c351c6", "value": 84044, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697638155, "uuid": "6e6bcf10-d80b-49cd-be2c-400e6d5104d1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638155, "uuid": "45186eb7-b1f8-4b64-840c-604bdbd7757c", "value": "f86035c8f68a5ed5216fed3557cfe2d3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "812099b5-6dee-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697658163, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697658163, "uuid": "194470df-5f9f-48ab-a399-3fb402f325e7", "comment": "Malware payload (Amadey)", "value": "bb635adee06c8ff2a314f6edb47d45f3", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697658163, "uuid": "687b89be-949e-4cb6-b011-91977db162a3", "comment": "Malware payload (Amadey)", "value": "5b2c28ad2dc32ebcc258e97e9b23f7474d9f024fb4dfb351961f6ab4d001e763", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697658163, "uuid": "a86841ea-a0a4-4085-988f-f354c4e68028", "comment": "Malware payload (Amadey)", "value": "ec1e6800c3865ba096862fb9aaf26ebc6e4857af", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697658163, "uuid": "1c51415d-87a2-491b-bda6-623325ef22c8", "comment": "Malware payload (Amadey)", "value": "23ff173d4973a498c435b868d4c1c70fe76d3554772ae529affe3dcb0de8462cfb6eee9804670ed3f1a8b8c31e7b11fb", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697658163, "uuid": "ab4c01de-e7eb-4eaa-8c9b-d9c048aa45ff", "value": "T18E44C0107A90D872E06619355931C2652F7BFCA2E9A441CF37D83E3E6E716D0AF69B03", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697658163, "uuid": "caa4bc9f-33f2-46ee-b6bf-2dcbd29f233b", "value": "5241d7444d4d8584697b8889b03f1a00", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697658163, "uuid": "958fa5ca-88f3-45ae-bb0c-b332c077c461", "value": "3072:CDBNaezyrjUmG+W6dWXLBaGNcaxMkQGA5utSIuQgDlbORJ:O5yrjXG+W6dWV9BxV85ESIuO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697658163, "uuid": "15b8aae2-fac4-423d-91aa-285c91598460", "value": 268800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697658163, "uuid": "d61e728e-99d4-4d03-bb11-ef2d7572a99b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697658163, "uuid": "d65a1289-65f0-4645-8178-23094a444ad8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f53639e7-6da3-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697626145, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697626145, "uuid": "05d61cfd-245d-4d49-a940-b0942534e39c", "comment": "Malware payload (RedLineStealer)", "value": "707a74ed4f8776584da9a69c524be1e2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697626145, "uuid": "280e256d-68fc-4f41-93b2-38113bbe2a48", "comment": "Malware payload (RedLineStealer)", "value": "5c0be3fbd27079f4ea3a13d0e4e736f92a1879167e480ee9d339cab0858c2925", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697626145, "uuid": "84856e1f-b11d-4865-a021-79c1c57f0784", "comment": "Malware payload (RedLineStealer)", "value": "afd11e0ce2c5ed41370f9ca8b2008cd67e0bdf00", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697626145, "uuid": "d96ceffd-ed3c-45ef-83f9-51e8cd7a3a7d", "comment": "Malware payload (RedLineStealer)", "value": "1e49ec1a70e88e4a15084b17b41487483b12ff81cf830b2329d737d7a6974fc40713ff4bb0d12b634f0b09f772024fde", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697626145, "uuid": "64fc5216-9e0b-42d1-ab7e-d6b89620101c", "value": "T1563523137BEC5072D5B53B785CFB02E3063EBCA44D78876B1295F4692C72294A93236B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697626145, "uuid": "4644500a-73ac-4f6b-98b3-570dbd41e828", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697626145, "uuid": "09a7d9f1-1e79-49c8-9a75-314cd3201147", "value": "24576:zyxddPYuDlusJWwyNEPfBZLQVatiTTDN22i4:Gxn1lN86f7/QK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697626145, "uuid": "ccef1f36-867a-48cb-a24e-5ecec72278af", "value": 1088000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697626145, "uuid": "419065cf-e3fd-4e56-98c0-c75439fe00f1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697626145, "uuid": "05c0f6f1-bbac-4d3e-ac73-c6c789e022ef", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34dffef6-6db7-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697634412, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697634412, "uuid": "797d8a6c-4f7f-45c4-b88a-56994d432eb4", "comment": "Malware payload (AgentTesla)", "value": "c52e4719286e31fe7944a70754caac82", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697634412, "uuid": "65856b95-894b-448d-af41-598902eb0223", "comment": "Malware payload (AgentTesla)", "value": "5c485141f97385046d2a64a4a93c1ad50682cd97e3e5cbe1b3f6e9e0472efd56", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697634412, "uuid": "3ce2291d-b426-4d60-84c2-fb018caf0386", "comment": "Malware payload (AgentTesla)", "value": "05fa1f37a1aab4281d78c452a3971b0f3982e8f3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697634412, "uuid": "24635842-eb8b-4879-b84b-6846103f6e60", "comment": "Malware payload (AgentTesla)", "value": "0bf7884d560ce155d03a1357dad7eac529414b8a4f7a3b1867ad7da4f7fd42ec8ac0ef64550569158519595a5f3884e9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697634412, "uuid": "c96b6ce2-cde1-4e38-935b-9c2db79afbc7", "value": "T1C2257E3D19BD2237C1A9C6B9CFE5C827F000D96F3461AD6598D7A7A64342A8735C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697634412, "uuid": "718013e5-39ca-4b1e-865f-e8838b6f1365", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697634412, "uuid": "05a832b5-c4a7-42d5-a661-5775cc4caabc", "value": "12288:1Lg9cRPFxWwjeNHVXrnSavQzlwJIHQyz:VZYHtYzSIH/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697634412, "uuid": "aeafc990-c943-40fd-9bd0-84690067fc30", "value": 991232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697634412, "uuid": "27d4f860-7c5a-48d0-a176-6ba6226648f0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697634412, "uuid": "3889e652-a916-42e4-8baf-9f187ec712dc", "value": "Payment Advice - Advice Ref.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "040bffa3-6d73-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1697605125, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697605125, "uuid": "ec85f18c-f53b-4582-a0e8-4171442472ad", "comment": "Malware payload (Stealc)", "value": "09ea5e18945b8594b8b4bef6442dbd82", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697605125, "uuid": "7b6d75f6-1afb-42f6-9b14-8eb47a7cf2cb", "comment": "Malware payload (Stealc)", "value": "5c59841edd31cb7ce5967cc2aef09f6de73534939b9e2f8370d515ac2d2035be", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697605125, "uuid": "fd1d1992-3538-47f7-825d-dc61c7946e70", "comment": "Malware payload (Stealc)", "value": "140a63d53d5c42a60a36b2fae65780cd180f376b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697605125, "uuid": "8f351cc7-80c1-43f9-8029-c850d08c66a1", "comment": "Malware payload (Stealc)", "value": "49ead3ee27989031c777b471c72bda326c340f893219e68bfe57d395ed9c9377cd96b6e74391216fd55167d9fb34d555", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697605125, "uuid": "5325af52-b697-46b7-8725-0b6782fffedc", "value": "T15E352343BEFC9663D1F0777028F202530739BCA29E78835A5696D9490C72689B97273F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697605125, "uuid": "cd981685-dd92-454f-a340-58a6c88a420b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697605125, "uuid": "882e99ea-7eae-46f0-a743-cde7ce7542b3", "value": "24576:FyZiEMtzKf9SgQc45OtFFDP92GqKIxm5QEPO7xltYLwa:gZiEMdKfVQceOtFFT95nIcQ/7JYLw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697605125, "uuid": "fb4be1af-7caf-454d-a670-aaf1a6fbfb19", "value": 1090560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697605125, "uuid": "90955955-8980-458d-9530-cdc7d1331204", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697605125, "uuid": "d9a35715-e18c-4544-bac4-2dfd51932995", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2e3dc28-6dce-11ee-8907-42010a9c0042", "comment": "Malware payload (MysticStealer)", "timestamp": 1697644583, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644583, "uuid": "6ab7a1a3-1876-487a-9b7e-a24c9e9cd9a7", "comment": "Malware payload (MysticStealer)", "value": "53e28e07671d832a65fbfe3aa38b6678", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644583, "uuid": "131ec961-63fb-4c7a-b3c9-94b16ddb9261", "comment": "Malware payload (MysticStealer)", "value": "5c59db3277aefb761d4b814aaf5f5acd1fd1a0ea154dc565c78b082a3df4566e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644583, "uuid": "c5a5af80-5eb6-46f9-a87d-8e60e7baba4d", "comment": "Malware payload (MysticStealer)", "value": "6f9ea0ed8109030511c2c09c848f66bd0d16d1e1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644583, "uuid": "4ac41e4f-1fdf-47ab-a0b8-739bd7db7011", "comment": "Malware payload (MysticStealer)", "value": "55a6d2d04b59b3e41c277741950bf5f7467fe1c9343c421a6b90c9eb10183f040d8d72668efe706ce4f76ec7b83c760e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644583, "uuid": "6b7dd1b9-decf-45cb-8efe-71b0ba109674", "value": "T188049D05B0DD40B2D57A18750AF0E377EEBEB9944AD90DAF4BD00BBE5B3143CD22196A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644583, "uuid": "5da4fc66-6ee6-4301-9e21-bb11fb4ffe5a", "value": "120fcd59b8cf88c88d1af5610e72d569", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644583, "uuid": "735aea36-647e-4d40-9e86-b24b9e4cd559", "value": "3072:BOwQEZ+SICh1EN04g715bCQzghy4jgbg5P37Pgx4qzeB52LgS2XSPxfFa2s:HZ+9q7/XOPDgx4WeB0g2s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644583, "uuid": "c13e00e7-e8b9-4605-9db9-5027d03f2919", "value": 184320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644583, "uuid": "32c909b4-9d96-420a-9577-91d7a597a1b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644583, "uuid": "eea85c65-42f6-4b00-8e98-c28ab1b134be", "value": "53e28e07671d832a65fbfe3aa38b6678.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82495883-6db0-11ee-8907-42010a9c0042", "comment": "Malware payload (MarsStealer)", "timestamp": 1697631536, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697631536, "uuid": "5cac1788-18fa-41ca-9322-f53ae91f7f91", "comment": "Malware payload (MarsStealer)", "value": "4709d1f87c98d49d4f74a675096af37a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697631536, "uuid": "b8c29e60-b148-43ab-9322-f315c2c5bd7c", "comment": "Malware payload (MarsStealer)", "value": "5c9f475e2deff3068e5cb1a952eabba68b5466680905d6f95828d2aabbc5a49d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697631536, "uuid": "b4a88bc2-3133-4150-b364-769831481516", "comment": "Malware payload (MarsStealer)", "value": "29ff6becf31a183e6add2b2228545a4ee8f6252e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697631536, "uuid": "0cf1de18-fe2e-4008-bc1a-6e3fc634d34e", "comment": "Malware payload (MarsStealer)", "value": "22ff19a25e6d2a040832d5c88c0ee886fff13f0f38ff39512823d837d9f21446ae6f68d3c9c89b7f23311f100f44005b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697631536, "uuid": "f5abf73d-e582-447f-98db-e0809cefbaac", "value": "T12754CF117A90C436D5A31A354930C5A62E37BCB3AA7585CF33983F2F9D722D09B69B43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697631536, "uuid": "fa40fa58-694b-459d-a5bb-e1bba8070334", "value": "4647e9bbfc75a02b7ad71a1fccad49ff", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697631536, "uuid": "50dbcbc6-70ec-4689-8c85-eab4e75f6596", "value": "3072:qpBNd0DfyIVAdwGXsw7YUriGzk8dWE1SqWekDGUEpu8kV:AX0DyIVXGXsw7YUPz1oE1SPXGUO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697631536, "uuid": "42512423-65dc-4660-be2d-c95ce68b1580", "value": 279040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697631536, "uuid": "2da270d0-62de-44ea-bb51-ff7fee56096d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697631536, "uuid": "b2c6738a-b874-4b42-b28c-8a8ac4460acc", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fadcdf90-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (Loki)", "timestamp": 1697645482, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645482, "uuid": "3dc9a241-ea31-42e8-b927-ce52cc7e9047", "comment": "Malware payload (Loki)", "value": "01117228166416fecf944d45cda18b3b", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645482, "uuid": "80b364a1-94e9-461d-8902-c9f1c8ed4a41", "comment": "Malware payload (Loki)", "value": "5e16377d6bfebfc8e21ce8e4bd777d3c71771f8acd1561b3437d6d9031757b6b", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645482, "uuid": "6dcd2f42-19b6-45e5-afe2-ba084119cb7d", "comment": "Malware payload (Loki)", "value": "0289373760ed3702fd768d78c94cb655939b69b6", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645482, "uuid": "630c7833-846c-4116-ad8e-23ad9e309d6c", "comment": "Malware payload (Loki)", "value": "4823d6013fc397c3e93c16d7ab3f0d04325421dc0de4019dbad0209f5458a1997fd3b5a4c1443dc0d319d0debe488954", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645482, "uuid": "c0c67a92-2454-493a-875f-69387479d5f5", "value": "T186538DF1DF41151A4D0B27EADC418872C97C817A55260139FFEC639EA20BA9C97BE70E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645482, "uuid": "285fcd0a-5027-4ec2-aafc-740ecbc6df4e", "value": "1536:p82IZ38hA/Ev4cbUJZwhcPEdXcDvzcotlWAGVmq+uRKG:p82o38hTv4hJZwhsfDzcotlW3VR+uRr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645482, "uuid": "c398cf6a-874f-4b32-92c0-d1dcabd81d16", "value": 61927, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645482, "uuid": "801a13e5-5846-473d-8da3-1e331314be38", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645482, "uuid": "7c1f65cc-79a8-427a-8852-2f7ce3e85362", "value": "Request for price IUST2023010-18IR\u00b7pdf.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d9ef412f-6d69-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697601189, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697601189, "uuid": "0154ab27-2e22-41ab-b9cf-3a1d68663f60", "comment": "Malware payload (Amadey)", "value": "97dbdb45a62119a10842ef6dc2d20eff", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697601189, "uuid": "ab49a77d-518d-4e8e-a130-7372668d0c4b", "comment": "Malware payload (Amadey)", "value": "5ecfe510568f269c221c20dbe1d203eddc185ea26cd5ed7d088dd101c0771575", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697601189, "uuid": "c4487ba8-8a59-4f83-a725-e06a8bedc578", "comment": "Malware payload (Amadey)", "value": "375c1ee93101600a3d6d4213eec0f0de0cf41c34", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697601189, "uuid": "f903831f-859d-4258-9a7a-735405be8587", "comment": "Malware payload (Amadey)", "value": "e2f1763d59f094564be5638c0078e318c22297dcf30e4e67419caad9b437d193496da56e455887b3181117fa43db069c", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697601189, "uuid": "b41ca62b-5aed-4d6b-b3b3-95a6352606f3", "value": "T1943523133BD58876D4F12B3159F613930B3A7C92C928E66F7296D59B28732419A3233F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697601189, "uuid": "5db47b35-9d7e-4bc2-bf5c-e7dd24c1889c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697601189, "uuid": "043e240e-2026-483e-a79e-99837b6db37e", "value": "24576:QyR+oY6nATNHwru4uP4iUE1RdFHDovv9Pd:XRSG8yrJg4doxovl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697601189, "uuid": "8ccee258-4837-4625-8720-e89a2e02637f", "value": 1099776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697601189, "uuid": "61ad465d-f116-4e54-b0f8-85e010b5644d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697601189, "uuid": "ca581c87-31e0-4bc1-b100-2ab240eae4a6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f633d4e-6d70-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697604070, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604070, "uuid": "62947a52-390f-4c40-ab0d-6c221f45b79a", "comment": "Malware payload (Mirai)", "value": "79360fcc9c527ed4a6282c072b5f9742", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604070, "uuid": "1f0a1685-b0b0-43ed-b426-3e3790ebdaef", "comment": "Malware payload (Mirai)", "value": "5f2a2adf3a17b2b06d97549ccdf8ef0bb64d851fc54b771f9a949ec1f53a2438", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604070, "uuid": "4814d69c-fcee-47d1-a9df-d4b8c77b2f45", "comment": "Malware payload (Mirai)", "value": "496f54c67bd27896d6a0ab884b810b386f15649e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604070, "uuid": "58ca62ac-5e8d-4be3-bb9f-d3042e10cbb2", "comment": "Malware payload (Mirai)", "value": "5d6a76a9070f3a24d44f5e4327d9eea6ad22b7bd06cf0335679492bbd4cd225c42942d755c4483fd78110554e68b1d37", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604070, "uuid": "8ffcccc0-3671-4b82-a149-d69d864cfd06", "value": "T16B432A25AD792E26C0D8A57E51F78724F2F2620E26B4C65E7C721E4EFF04B0065137BA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604070, "uuid": "db2c7b65-bfba-4ba0-810d-da9042f39812", "value": "768:TuowUh8q9hW52kto06nFP87ayTbLl6WsldJHy1ttd7DUz1fkO+B5Lr:TuPUh8ShW52kto02EayTF6vl7wtU+D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697604070, "uuid": "5db883fe-5269-4867-88ea-e128c729c591", "value": 60268, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697604070, "uuid": "68b50e68-55c2-43e5-9acc-66a620767547", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604070, "uuid": "7656f122-1579-4fe0-8cb0-63d07a5a4dce", "value": "79360fcc9c527ed4a6282c072b5f9742", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cae3adf4-6dd3-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697646690, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646690, "uuid": "84d3fe01-f27b-4a6d-9a08-8be94b505deb", "comment": "Malware payload (Smoke Loader)", "value": "9a91d7e2ef8f5b07a85783346c3702ea", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646690, "uuid": "053dcae8-01dd-444f-a1e7-89c5811bac2d", "comment": "Malware payload (Smoke Loader)", "value": "5f6bbc836bc46b5f598c997652d06ee1b592e9bfd442ce7ca7d466e99251a93e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646690, "uuid": "031cdadd-a23a-4f31-a2c8-6c9227b6d83f", "comment": "Malware payload (Smoke Loader)", "value": "bca59d68bae0e0d52da870a44f68885c2da9ed35", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646690, "uuid": "e8ceb7d5-ead9-497b-b8d7-fc6ad390f2bf", "comment": "Malware payload (Smoke Loader)", "value": "26bab5dc15624c7183552ba59419dad777b31410bafd4e9611578e53ba0a9a49db24cb9adc269e8e5da842ac06f39051", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646690, "uuid": "768167ad-7317-4148-b1f4-32c87e645b39", "value": "T16E34BF01B6D1C073D972953609E4EBB55A7EB8700AA29EBF27D40F7E4F302C1D621A66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646690, "uuid": "408c9349-75d0-44e0-abd7-9bb64d9d3580", "value": "4f0cdfd3e1be2bc790b5aa9061b7d52c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646690, "uuid": "d6a309f7-cca8-4588-bae0-930b7a16e192", "value": "6144:tmDX4FIRd5DzznuBosiDKl51eAOPaGuf+aTi:tIIKd5DPyehKTi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697646690, "uuid": "f2ef2910-17d2-49d2-ad34-08de8bb62706", "value": 235520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697646690, "uuid": "4d9ea594-0856-42bf-81e3-0ef1a601354c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646690, "uuid": "fa71d74f-959f-44ec-b7af-a75c3227676a", "value": "9a91d7e2ef8f5b07a85783346c3702ea.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "028584ad-6ddb-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697649790, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649790, "uuid": "74f320f6-25c4-4ce3-b11c-fcccd86defd7", "comment": "Malware payload (Mirai)", "value": "2434a49f36533e052f9ddfa294260c30", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649790, "uuid": "f3850414-d4ec-4ed1-b8fd-653525aae75d", "comment": "Malware payload (Mirai)", "value": "5f8ac4bcfb7c84c091bd2e09584a35b4769056f14f3d2307d2d6823400127a2d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649790, "uuid": "be8cb9a5-cc48-4273-905a-760251602c66", "comment": "Malware payload (Mirai)", "value": "68b9902df35f8a5852996680997f3de43c0853da", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649790, "uuid": "8a35aaa4-14a1-4f37-8a9d-7e382f6ade02", "comment": "Malware payload (Mirai)", "value": "36d96232f1f9ffd8c05a343e64f88c63c5aa8f2e806795d1cda4a8b3cba11ad35dd2d98506f55d94f973c28fdd422fc9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649790, "uuid": "d38a2af9-9a68-4efd-a4b3-f8aefc6ffda9", "value": "T175D2E18D76D392FACCCDC6BE721E403630AA34E972B293177306D443477A181E686D8E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649790, "uuid": "69abb21d-9b4e-4196-8b02-e79566362098", "value": "384:Mxd/PxEDLd2TwM4zb6lowYcEaqsU9lcC450LQixBfE4jdlz0lewZ95taoArmNyM:WlxKd294CxEnsU96IHE4RlY995ItM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697649790, "uuid": "fbecdc61-6b32-49a5-aca8-71a5ccc86d87", "value": 29456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697649790, "uuid": "1e8bcf6a-47d6-47f2-b39d-5c99d8ae5e4b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649790, "uuid": "c8af2e74-4b9e-47fb-aaf4-bad18f513321", "value": "2434a49f36533e052f9ddfa294260c30", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "069b0c9e-6d53-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697591385, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697591385, "uuid": "06063ab3-c176-4071-8d3a-3c703c17ece2", "comment": "Malware payload", "value": "3419f3a0ea4ccb552a879f6aca906847", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697591385, "uuid": "90fd354f-695e-4e99-93bb-03ecaccfadf5", "comment": "Malware payload", "value": "5f8f968a6a726dee363067fac0796a044a0c37e40b71457df7b36cfa04f2eda4", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697591385, "uuid": "4226d97e-f313-43c6-9a3f-d265f0c6fcfc", "comment": "Malware payload", "value": "13a495a25fd9d838537d6faccb0442b9fe8dcf75", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697591385, "uuid": "81406588-969e-46b7-ab0b-774ddafe8485", "comment": "Malware payload", "value": "f1d0a5ce647725b84fb1e251d509515343bb889889bba17aac9012f7bd0c2c46b8da4ffe8ce3dcfa93d6aeec2ca84418", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697591385, "uuid": "79f2e494-cbd9-44e1-a1e7-80123632e284", "value": "T1ABE48AF41039294BF319371E6F093E0B7EDE1B837459EA60ED9E70D6C86750C46439AA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697591385, "uuid": "488ca1f9-569d-4bd1-b963-109df8f28f2a", "value": "3072:EmlY3ortkl+/2vm5c08NRKJpYTnMmxa6ZnMfHWb5:1l3Y+Ovm5z8bwpTB+5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697591385, "uuid": "179b97da-a167-4baf-aa21-31af2c7e0c28", "value": 699130, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697591385, "uuid": "dbfe0605-1cb1-4560-90da-2ef011b99e81", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697591385, "uuid": "7c6d38c9-6563-4f0d-86b7-69338a586e9d", "value": "2992a904c27bef67021222fbd4ae003f6fb73a9786f62185cee7de32", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb0c06bd-6d6c-11ee-8907-42010a9c0042", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1697602533, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697602533, "uuid": "45e2cfca-4bf4-43ca-ba2a-10fcd3c6546f", "comment": "Malware payload (ArkeiStealer)", "value": "2c6d8ac1ff3fa0c4cca04838568c089e", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697602533, "uuid": "c75f3f1e-72e2-4781-bc46-885f8ccfa244", "comment": "Malware payload (ArkeiStealer)", "value": "604cae9fe195ccb620aab57009c651fee79b647e8bcfd4691c7fbbd7c49a9026", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697602533, "uuid": "5761bb6e-7f8f-47bb-a5fe-066c16f61e7b", "comment": "Malware payload (ArkeiStealer)", "value": "3504b5515aa8db7cf973d38db39fa428a11c3f17", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697602533, "uuid": "0dbb3726-b6bb-4fd9-8904-e46246a257fc", "comment": "Malware payload (ArkeiStealer)", "value": "673b7c52bc25ce8811167aac12602b90f01e13b265c240086e9dc408f8f08ed63fc77f273383176ea25d08b1a4a4c975", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697602533, "uuid": "1565558e-910e-4c21-ad39-f2b19d138a29", "value": "T1A13401EFC79EA0C1DB5715B2B6AC0D17431C98B3449F54C323BA28D48C9A49BE17276B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697602533, "uuid": "eebf0f33-c156-4818-9d64-5102acc5c047", "value": "17a4bd9c95f2898add97f309fc6f9bcd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697602533, "uuid": "3281f4ba-48c5-4763-ba9c-edf2e5572e62", "value": "3072:GCspRnsUMWHLIM+Y4Ul89XfglWy6sN1OKkzJI7lrnETFUoTQiLOZ1Kn59:DsnQu4Ue9PZsrbiJu7EhlxOZ1m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697602533, "uuid": "a9bba15b-3a1b-4baf-aa5b-4fee91b26700", "value": 239616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697602533, "uuid": "71e1c6df-3957-4584-a35b-9ac272966d78", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697602533, "uuid": "9cd4a94b-506b-4040-88b8-91c18a90245e", "value": "INV 34897003.pif.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "253a18da-6d65-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697599167, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697599167, "uuid": "96adfb04-c2c1-4dc1-8b4e-e1a5781b28d7", "comment": "Malware payload (RedLineStealer)", "value": "cb51b9ddbeb6c360010b35737c784946", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697599167, "uuid": "84badd80-c7bb-4319-ad4a-cc8c6cba0904", "comment": "Malware payload (RedLineStealer)", "value": "610a000789f4ec296c3f6818c345a05a7a05a2e16fbb53f169fc57f64c6781b4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697599167, "uuid": "2516e193-7080-41f3-a2cc-4f6d3944d86b", "comment": "Malware payload (RedLineStealer)", "value": "1d3d09a790a842439ae1ec367d251a3407c86d35", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697599167, "uuid": "45cccf25-e9e1-417b-94eb-f459e006e489", "comment": "Malware payload (RedLineStealer)", "value": "cb5817d33fdf4fd448415d4cb7aa36ba03233236b9bc902a392699e767715f7267cc7bbf564629a9d2a82a39960bc012", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697599167, "uuid": "d339277c-89e2-4d9b-bb11-8575d57f8b8e", "value": "T1DA352303BBE86122C8F0377459FA13A31F39BD769C2076AB6795FC990572681A53133B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697599167, "uuid": "64abc852-2240-43fc-80cb-3f63adc28783", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697599167, "uuid": "05734e0e-9442-41a9-bafd-6ea5a5f65bd7", "value": "24576:Xy3UMDH/OdSPZxyLQXD+/OeWAPX+MlSqg02mY2Qtd8ABc:ikaH/AGZVj+XL4f0/YddPB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697599167, "uuid": "49e20e7e-8b24-4af5-bab4-73af2ac6b9cd", "value": 1095680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697599167, "uuid": "4a19cc0a-aaac-4aaa-b26b-9f1355d89495", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697599167, "uuid": "f111f898-34e1-43fd-a45d-0c90f49c9bb8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8a25268-6d53-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697591711, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697591711, "uuid": "a5e1baee-e5a1-4d19-ad8a-2484847e9a2a", "comment": "Malware payload (Smoke Loader)", "value": "e959de84b20c58c8377f9073f1560742", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697591711, "uuid": "0f598998-e85c-474f-b228-2be528b72dde", "comment": "Malware payload (Smoke Loader)", "value": "619c3b699ba4c6ba0e08d4813270b6b3799620ea49720e09ad1ac30a7668d32c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697591711, "uuid": "b6ad9f57-6139-46e7-9c91-3daab745d168", "comment": "Malware payload (Smoke Loader)", "value": "bcd1c2b4c2fc36d0de36fae82acd71d812b4eb04", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697591711, "uuid": "5401b31d-b0bf-48e2-8fd5-5af8efbe0d4b", "comment": "Malware payload (Smoke Loader)", "value": "4bda61c6e2d9f2729e720cdb2ab98ee6c1d75ac41818a1ce9abe0eed3afe0acf12a810bf6c6f868585ea5520f85ee1fe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697591711, "uuid": "a8d48f76-09a6-49e6-8b4b-b5144880aa25", "value": "T1283523537BE855B2D8B06770A8F307D70B393D72EFB0675A2690D98928B3584643236F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697591711, "uuid": "7cb0c521-56d7-4d49-ad63-bfe09c9d5dc0", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697591711, "uuid": "630bb296-92e0-457a-be94-57ed0db9814b", "value": "24576:GyUz9t/KVrrF4/4/76oP2q18w3NB1RcUcseTsZ3R:VU36rr0u76W2SpBR7cNU3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697591711, "uuid": "6680897a-b67f-4a47-9db8-2b96fcaa9ee0", "value": 1100288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697591711, "uuid": "d7315c47-cd22-44cc-94a6-4f81dbdf49b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697591711, "uuid": "94e43525-5618-4292-8871-0c78aeb733de", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "063cee38-6dd1-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697645501, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645501, "uuid": "9f01d1b6-e685-4ce1-b7d6-c8cccc4301e6", "comment": "Malware payload (AgentTesla)", "value": "adaa6e560706d818775dd346f31986e9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645501, "uuid": "3712831a-6300-49d6-9100-9b8f3fd63323", "comment": "Malware payload (AgentTesla)", "value": "62534a146dc4b71bb4861d8924706ff594a92884257e540b6bd444e0b580f0f0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645501, "uuid": "a61c1215-c154-463f-a451-7e978019bd92", "comment": "Malware payload (AgentTesla)", "value": "80bcd55bcdd32ca2178b6f513950ac2a5594cf25", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645501, "uuid": "8effd94b-8430-4a42-9839-dac73b4aca3a", "comment": "Malware payload (AgentTesla)", "value": "75dcbcf20bc587d0d801f43b94fd6ea08f0644f52422465e8ccd84d6da1572d11a6d82df98f1610bfb0c3f3b1fe5462d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645501, "uuid": "203d217b-c68e-46cc-a402-cd7f7aaed85a", "value": "T1CC257E3D29B9263BC1B9C3A9CFE1C827F154996F3521ED6588C753A64342E4639C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645501, "uuid": "0cdedde2-40e8-42ed-8d4b-9de4120b4d1b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645501, "uuid": "39854d47-8456-4328-8764-cd632e60b81b", "value": "12288:VjrSytnscMpCiTVgfgBVF2ePgVaa4MF/0HoWq:VHSytnsbTVgQVF2ePAz4k/3V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645501, "uuid": "6c3c922a-df10-4cc2-95c8-854ad5764a2b", "value": 1025024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645501, "uuid": "8791a557-ac31-42cb-a58c-c51840c46541", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645501, "uuid": "c7d80742-cb9e-4fd2-bf22-219f83e3f5ff", "value": "Dow\u00f3d Przelewu_33001171023_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "257c3eb6-6d80-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1697610764, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610764, "uuid": "5a481e82-6b5d-48d9-9c91-7849d5195d55", "comment": "Malware payload (Formbook)", "value": "00a13b2ea46473796105d851db5fbe47", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610764, "uuid": "6bab2233-6dbc-413b-98b3-3e4f14529153", "comment": "Malware payload (Formbook)", "value": "62903469e69d822aaf737b1dee1aed354de510ede2e25fbcd9fff3a55b24916a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610764, "uuid": "98e4ea6c-a5dc-4919-86f7-f762ee0e9991", "comment": "Malware payload (Formbook)", "value": "a0cec95bd6c348acdd23cc2baa85d4a30928ec91", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610764, "uuid": "76ace47a-3b41-46f4-922c-25834403df0b", "comment": "Malware payload (Formbook)", "value": "0f0a4a2e9c1292b317f2075f6db7155f3c9081b129aed2ca36e27b5d1ef04275c57800b9816b4cc5e8d95a5d53a9685e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610764, "uuid": "e4412923-4a5a-4771-971f-5601547d3e0d", "value": "T1DBD412A022BDC71ED97A1FFA4035E220C3F969466234D6981DC404DE5D7BF25A228FE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610764, "uuid": "2ca0fe75-1088-4375-9063-85dc2105d9ce", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610764, "uuid": "ef497629-1775-499a-8f91-9f2658663f50", "value": "12288:OzfqBqGzl7nsmR44KtYdvRbOiVmdsukRCQTYR7Ev9u1tgDrN:OT6rzmx4KqbKhdDfR7EvAaN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697610764, "uuid": "5eeccdf0-00d4-4eff-b7ea-2395663991bf", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697610764, "uuid": "121cc53a-e037-423d-9f8a-4ea1e75bcbe5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610764, "uuid": "26f22558-8005-4dc6-afe2-9c402c748d34", "value": "00a13b2ea46473796105d851db5fbe47.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2e356db1-6d80-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697610779, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610779, "uuid": "ed8c8dd0-b98e-4d97-a181-63d65c1bba6d", "comment": "Malware payload (AgentTesla)", "value": "b06265108843d75fb76e3e1069526cbd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610779, "uuid": "c3b65add-95c2-4e83-821e-42ba6ec53af8", "comment": "Malware payload (AgentTesla)", "value": "62ada442852dbc19b06705e9c1357acacdc8a964d61402df870366989501d5d5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610779, "uuid": "25b803c0-a604-4ec2-8d0c-a156443a5d1a", "comment": "Malware payload (AgentTesla)", "value": "d8750856976f3b9ab7992bcc7d29771f368e0e25", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610779, "uuid": "2aae18a8-a531-4565-b695-f477081961e2", "comment": "Malware payload (AgentTesla)", "value": "9795ce1800e51812e52e732bc70d3673e52b62b04c3c7488938d3ef098e485a3b7fc23f4acb629cc65b66349ff6bb238", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610779, "uuid": "0f5bafae-eebb-4ab0-ba71-8b10cab0478d", "value": "T177E412207769CB29D5BA0FF54175E311D7F6AC537832E2691EC404EE4A77BA48220FA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610779, "uuid": "790f485f-8f2c-4060-94c5-ebc4c324196a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610779, "uuid": "883339e3-7ed9-43ae-b709-de8e958beefa", "value": "12288:9zfqBJa5hGGDNBRncBnUqbRAcVP4+qI/AJQWZgaqp9Lw+GKTaY:9T6Jeh3DNB1cBUqbRAS4+WK19Lw+ZTD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697610779, "uuid": "ba98a81d-8632-47ee-a007-61f99b69d263", "value": 667648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697610779, "uuid": "4ef8c66e-49d7-4c92-a314-1ca47e3284f9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610779, "uuid": "85baccf8-73bb-4cdc-8ba2-b7dc459f8bda", "value": "Payment confirmation.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd457f9b-6dda-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697649781, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649781, "uuid": "8bb50d14-dd93-47f8-88cf-9cc3dfe6eaf1", "comment": "Malware payload (Mirai)", "value": "4d2037b9c207956eb5f4c65897151110", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649781, "uuid": "8291ff07-cbcd-4203-8e18-093f12433a56", "comment": "Malware payload (Mirai)", "value": "634fdd5674a3036f782e5f17263dc9b510feca14eaf718d3a832af4808a15331", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649781, "uuid": "45b8da12-1d79-4b97-a670-ba19851167aa", "comment": "Malware payload (Mirai)", "value": "a11321e6fa7e153b6dc6226c75778f2eb56cb44e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649781, "uuid": "dc0baed2-db9d-4635-9313-1e01b1b5cad7", "comment": "Malware payload (Mirai)", "value": "91af3ddb453719415dfb8849a38bc167f8e616c8b55b945cb26303161004f018e9094f3c0d6f91a201521d0551a21c49", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649781, "uuid": "8b3986d1-d376-42a6-98b2-d6017746155a", "value": "T188536DC6B4119E7DF5CBE7BE44220D0EB821625150931B27BB6FFC83BD721A48956E07", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649781, "uuid": "4e98a10f-357f-4b4f-a859-71cd778dc94e", "value": "1536:kPqRg0FZTbSX5xZLepSGossFpxhOx2X/ZOqc/yA8/:p5ofF8I9cK5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697649781, "uuid": "3e75c1a3-769e-43f6-a4ff-638860dcec16", "value": 66508, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697649781, "uuid": "466b5084-3306-4b1d-a193-f7b7c6c70c02", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649781, "uuid": "8399545f-0f3c-4002-9163-5f5157200d7d", "value": "4d2037b9c207956eb5f4c65897151110", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f8615ed-6dcf-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697644684, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644684, "uuid": "0a3a7ff9-51c1-46df-8df1-fe1d77364272", "comment": "Malware payload", "value": "626aca4a08124a725486a269e1171b6d", "object_relation": "md5", "Tag": [ { "name": "0bj3ctivity", "colour": "#C6102D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644684, "uuid": "03f502f0-a705-4091-af33-848a7968b4d0", "comment": "Malware payload", "value": "6369e6b5a250466cd113bb3d44c190c717a13b7295db3ae587f0fd93862659c9", "object_relation": "sha256", "Tag": [ { "name": "0bj3ctivity", "colour": "#C6102D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644684, "uuid": "5885eba8-a58d-4636-8dcb-2f98c73fcd56", "comment": "Malware payload", "value": "694a4d5c5210a8b92c2dd46b8ce9152c9baf4985", "object_relation": "sha1", "Tag": [ { "name": "0bj3ctivity", "colour": "#C6102D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644684, "uuid": "ce01fc43-c9c2-4a4e-bd73-a683f5c64016", "comment": "Malware payload", "value": "e47a97d9a177f5b74ff35245395357ff83ece2fad1f4905cb6c3403c985ba651304bbbb79b410e2bef4f589607e1cc43", "object_relation": "sha3-384", "Tag": [ { "name": "0bj3ctivity", "colour": "#C6102D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644684, "uuid": "e37b3991-1ca9-42bc-8f07-d605ca597c78", "value": "T18373A2F28322EEDA8F3B2C44D12821C06C5914AF751482FDFED366E14AF9664AD758F0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644684, "uuid": "b129a099-1729-4d0e-9113-2c7904640c4f", "value": "1536:KTTvCbifOto3hlMSKoxwSyZYd4XbLTYKbHK+tlxzsPyeab5Wpkm9VBjcbm9N:yCbnmjMSKTAd4XbIKHKtab5Wpkm9rYbc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644684, "uuid": "6fe6f209-c8ee-4d4e-b39d-0c2b0d3049fe", "value": 80556, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644684, "uuid": "7749dbcf-c5da-4702-9c42-6200175051de", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644684, "uuid": "8048a2be-f819-412d-b03c-43b8a7fa0da3", "value": "193.42.33.91", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72b4a0f2-6dcb-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697643106, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643106, "uuid": "eb2b7568-dbe3-422d-8755-d0dfb332ee41", "comment": "Malware payload (AgentTesla)", "value": "b7240d748ff8e1b141595d60446c7a52", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643106, "uuid": "6c1272c7-d5bf-442e-a23a-815969ce2dbb", "comment": "Malware payload (AgentTesla)", "value": "636e8a90b803c29411918e71b42398ebae1d8e3a2945c95a97ffd18d4d156d75", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643106, "uuid": "321dc01b-1c72-4384-8b96-c9455a433f3c", "comment": "Malware payload (AgentTesla)", "value": "f9fa2ad1d0987ac5ae2b8245b7289f2ccf53cbde", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643106, "uuid": "e9ccce15-12b9-4a65-88ff-151aa92c5301", "comment": "Malware payload (AgentTesla)", "value": "dee92e89ba79d0254a41e80f9026e97e58423c49d793658c0d31b679846d0bb0a689ea99c3fb8f2c1ed561130f895290", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643106, "uuid": "74cdc20b-180f-406b-889c-b26fc01939c6", "value": "T147D423E7938F034269DFD961BA251F851081CD455A35BB0AFAED4E32B392F46E828D43", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643106, "uuid": "56eae8c7-0674-4cd7-ad39-92cf0a50b5c2", "value": "12288:WeZm13OJeSjMIknXGKsXwhCwROKejH+6NUXPI9JuIUjA8IwckT5vhQapifBQdz8n:c3O7ApWwhC9b+2VruvjA8I7kNvhQaJMJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697643106, "uuid": "52fdc9ed-16b5-4841-82da-892f1b885644", "value": 647984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697643106, "uuid": "8eb55970-d0a0-4d20-9318-a4af70803dee", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643106, "uuid": "29d779ff-7d8c-4854-adc0-f2e25722994b", "value": "Shipment Import Invoice & Clearance Documents.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1287ad38-6d68-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697600424, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697600424, "uuid": "122bfcd0-2245-4be4-94e2-c42a0fd77174", "comment": "Malware payload (RedLineStealer)", "value": "435db056376424dbbd8755a5ab21bb42", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697600424, "uuid": "1d140c1b-e1d3-48d6-b4da-70dcc21166ec", "comment": "Malware payload (RedLineStealer)", "value": "639038888a79a4c54d0ae58c5d3d8f2374d7e10dc280b4c1a893fd16848505c4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697600424, "uuid": "004243a7-40d0-4636-b5fc-7f97942911e4", "comment": "Malware payload (RedLineStealer)", "value": "eab5a599f202c3c46e9a956db6a84f864fc76d7d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697600424, "uuid": "5a83723c-d773-4c56-a3d3-583163a2356a", "comment": "Malware payload (RedLineStealer)", "value": "81a83b3ea62b2d9385e32b38ad5eb80d29065e76530a05e6fc2ba1e21df79dad3d6be34b041e1c93309b5b727c10b7fa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697600424, "uuid": "76e39c8e-7e7a-4af9-9f06-94b7fcf936fa", "value": "T19A352353BEF09433D8F1173054FE2A932B393D629978813B7A6569590CB26C5AC3272F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697600424, "uuid": "41cd8b80-06c1-47f1-a27c-af941be2fa74", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697600424, "uuid": "019f7d30-cbbd-4bc8-b5fd-77968d676746", "value": "24576:jy4H5kPMTJ6oMyOt8NvEj85PPnWnMi7poki+lSiKhFSJXxqk:24yPMT/fFEj85nnuF7pTSSBx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697600424, "uuid": "2ac473ac-9d4f-4426-b04f-40707a4925d9", "value": 1092096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697600424, "uuid": "3f927236-9370-49a9-b24f-ecbe44c4a6c3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697600424, "uuid": "73155062-c1c6-462d-86e6-588f966e0eed", "value": "435db056376424dbbd8755a5ab21bb42.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6f4ddfd-6d7f-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697610632, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610632, "uuid": "bb2fd65f-4d17-4925-8240-b92c3e0139cb", "comment": "Malware payload (LummaStealer)", "value": "7f5801777d3da7d0d343b8da202981da", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610632, "uuid": "f5a655b1-6975-48ef-89bc-395d0c56126e", "comment": "Malware payload (LummaStealer)", "value": "647a3481adebc8ba2076c4cccb037258c19a782ed4cb7c6fd72f3f1747e4c4b7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610632, "uuid": "2c518bd0-0ba2-4deb-b4d6-62cab6688b48", "comment": "Malware payload (LummaStealer)", "value": "2272050f53e7abca7577a743355bd668089d432b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610632, "uuid": "6a7c5a16-0c6c-4b64-8465-3d9df1655f45", "comment": "Malware payload (LummaStealer)", "value": "a2f7cfec367810a58f42c04a5a1d25c4897e2bbe0801598f2ac1ff26847bbb663c1a318ceaf80dd6c60f379fd4596789", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610632, "uuid": "52f9711e-a763-4616-b243-e6bbe314646f", "value": "T13AF41201EBDC8436D9A6177058FB02970A323DA58E30932B7795B95F1DF29C1B93272B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610632, "uuid": "b2b2de30-62b8-4a42-af05-c2cecaa93d02", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610632, "uuid": "9352d061-7e1f-4e24-bbf6-085b24474f24", "value": "12288:xMrDy90TpIOusrzbo+nNkOTROGWa1ThQO4dmpbq8KmJgxIvZ3C2zy:iyKIArA8DlOGW7opblF73C2zy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697610632, "uuid": "285c9618-c97b-469b-8e22-62b5951b852f", "value": 756224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697610632, "uuid": "25fdb2d3-6d80-4502-bd90-1b1d2c605f64", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610632, "uuid": "07f5375d-429c-4bf8-b7f7-0e6ce0248b67", "value": "7F5801777D3DA7D0D343B8DA202981DA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f84a9e36-6dbf-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697638176, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638176, "uuid": "c2e9923b-9e5b-46be-afc2-83449f2af61b", "comment": "Malware payload (Mirai)", "value": "26474a7ca5ca3c439015a8fdc86d1241", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638176, "uuid": "7021c962-a51c-4ec5-8850-7c45948fe946", "comment": "Malware payload (Mirai)", "value": "64b0702030841c33ee1d4a35ebd6c69d3f7bc58b80a3e8ca6c1f87c09516c485", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638176, "uuid": "97fa7159-7363-4f87-97e0-8d216ae690be", "comment": "Malware payload (Mirai)", "value": "d9aa657ac1847fe23c84e321ce648ea87a9c3fe2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638176, "uuid": "b12bfe21-ccfd-4103-b608-d911664ed1d0", "comment": "Malware payload (Mirai)", "value": "e6aa03b3cca0b02b674658bc422de4454b3af44e01214ffe93fb7575969a5d6a9cff3e06668b70edf2b3c922bb1d313d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638176, "uuid": "ca9fc9eb-793a-4acb-bfe7-3cf2f1945650", "value": "T19B73A70A7E329FACFBA9523447F78E11AA5833D527E1C585D19CD6011E7024E381FFA9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638176, "uuid": "7dba04b0-cd2f-4f7e-be19-b4f53fb40b8e", "value": "1536:3IHb8FMv77EKQHlyxR1Fa6yBm3froxvdeEOPFal:Y78ivnEKMy9Fa6yBmProxvUPFe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697638176, "uuid": "d6d1d38d-af81-4a43-922c-ee922d15440c", "value": 76672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697638176, "uuid": "de65df60-3ac4-4f73-a587-86cf0ee4543a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638176, "uuid": "eb47bda9-1fd9-421e-a87d-bf7988723967", "value": "26474a7ca5ca3c439015a8fdc86d1241", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f3cb40a-6d9e-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697623746, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623746, "uuid": "ef3771ee-b04f-4dbf-8130-3c353d62072d", "comment": "Malware payload (AgentTesla)", "value": "01e24c74214c2fe9a1a199738c8a6d41", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623746, "uuid": "9680aa80-3efe-4b91-9eea-d862aff9eae6", "comment": "Malware payload (AgentTesla)", "value": "6594c446a5e2299cb9dca1f983c72441c10df776488e6facf5002477b17b140f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623746, "uuid": "9556fe0c-2a43-4819-a88a-c9c2dffe1764", "comment": "Malware payload (AgentTesla)", "value": "0679cd2f8f8b7604714cdfc944a466fc43d72041", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623746, "uuid": "11249588-6c2a-4cfa-8774-fd138f2ea9b8", "comment": "Malware payload (AgentTesla)", "value": "16e68931e4dafc8747fde74f594516f94e821e3c9bcf7737686171c8be68de30b093434ede83180cafb892df9617e651", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623746, "uuid": "f0479aa9-7e12-420e-8150-3e5b9645b0c7", "value": "T12B740218E6F4225CC9D309398E6153D4A2323592BF72E75ADD20C668753C6DFC9C4EB2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623746, "uuid": "c6166e3a-5f05-4bd4-ba7b-f84e90817389", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623746, "uuid": "3b0260f8-8c46-47b3-8979-399a69b4b776", "value": "6144:bcpPJVqlm7o8H8PvGV0Dh3Gtn2L0ndb3/jgsa+DxL5TefXeW0i24twH6nEFN1:6JElm7PH83GVy3GF+0db3LgsasL5EeT3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697623746, "uuid": "2f154d64-ca66-4571-b83a-0d71846dfd0d", "value": 358784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697623746, "uuid": "e1a70896-7190-48b1-8646-6a1cac08b656", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623746, "uuid": "7af41d9f-ea3c-445f-a00d-d2f9c1bce4de", "value": "44120220531MES_S Quote.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8dd64747-6dba-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697635850, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635850, "uuid": "69f14ebb-685c-4b01-94d6-b46e1090f0a9", "comment": "Malware payload", "value": "c830d3af7199c37b6cd737b254870dbd", "object_relation": "md5", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635850, "uuid": "575d91d4-c7a6-4d2b-bca9-f01d0b7672f3", "comment": "Malware payload", "value": "65b912d611e6a4a034191d9f91e033ac7d9ad673614fda69f6d8cc9fe604689b", "object_relation": "sha256", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635850, "uuid": "d34d3064-208c-4548-9d67-ec7a1e10e297", "comment": "Malware payload", "value": "a8db8f26506a26b4d817f0756e05d365fd95680b", "object_relation": "sha1", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635850, "uuid": "4ec667a6-addb-4790-abd1-a3010712e67d", "comment": "Malware payload", "value": "30402f74321375ad7ec1458c8bf1602ead046bec56a6d699b8ee11def54316c7783f4b24767049a3186d92d188389fb1", "object_relation": "sha3-384", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635850, "uuid": "0710cb69-689d-4c28-a358-932512536e80", "value": "T1D29423B05DFCAD264E384C1BD0643D1E22FE2E9C091E799AFB5A48875A8DE314527F31", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635850, "uuid": "8d136c0a-3c27-4906-ab42-a3eb243a2f18", "value": "6144:jp7CGseuyOmt4QwLZK3NJYdhjDp4RWOMvL1CDvS7BgvRellY7SeeCMlDppnH+5LD:33ODQ5WrL1CDXg1TllpnH+5jIo0Dk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697635850, "uuid": "20050335-b9f1-40d7-97fa-5c531f66cc7a", "value": 409797, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697635850, "uuid": "d08842d1-9908-4907-9e9c-ccba9812f984", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635850, "uuid": "7c718ac0-376a-4ff1-9219-41d7789dcbcd", "value": "POX0000342.html", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b96431af-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697645372, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645372, "uuid": "533e0f20-829e-4f5d-a1fb-349944b966bc", "comment": "Malware payload (AgentTesla)", "value": "e9a6db38d6bda482d2f52e83213ec64f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645372, "uuid": "3a4aa75b-8538-45a6-95b5-41f050cb4750", "comment": "Malware payload (AgentTesla)", "value": "65c999b0552ccf784f6b0068561a76ebaa890139d96236d476b1a20fc334caa6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645372, "uuid": "548422d8-0b1f-4a0c-b871-1db0ce2d9936", "comment": "Malware payload (AgentTesla)", "value": "a268a55def4bf85695113a73364ed6c4092c2aea", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645372, "uuid": "5c378584-eadc-4047-991f-3de5a071442f", "comment": "Malware payload (AgentTesla)", "value": "8e0548a85a98f3403e3ee0267b27b84e8961e048bcbc6489263f5f1cbf6f40ea38dc9db402b00f1e06fcc2f3706effc9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645372, "uuid": "4bd8e139-e911-44b7-83c6-19e08389e83d", "value": "T1A4841202C2B12B75E7D65E382DB0C1D35332674B761BE32EDD85D158692A3E7CEC06A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645372, "uuid": "f7e1edc7-cb70-4918-8fc9-db2d0dab3b8b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645372, "uuid": "a35fbfde-026d-4472-8cc8-e6ba39cfeb37", "value": "12288:7IiCm7PH83l4v1t9lHnrfzc3uVbI9Iw1:7Mg/8CdHrfMu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645372, "uuid": "0f14bc06-10cb-4ffa-bb78-cd439b581c80", "value": 401408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645372, "uuid": "a2f1e262-fa33-40a1-8d5f-c22f0443d228", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645372, "uuid": "115c8d3d-cbf3-4a07-bb19-38c874194a67", "value": "DHL Express _Kon\u015fimento Takip Numaras\u0131 - \u0130thalat G\u00f6nderisi.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f82e93f5-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697596515, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596515, "uuid": "efb6597c-91af-47c3-b87d-afd73ff095d3", "comment": "Malware payload", "value": "43d41b41c4fb0094dd10842675a4c18d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596515, "uuid": "2f1b1142-9add-4d0b-a1e6-bad329d3cf75", "comment": "Malware payload", "value": "65dd850fc3c3509f072f6d766dae1b19ef46e4709bbfb928602662d66031f1f9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596515, "uuid": "c2d29ee3-1af9-451a-896c-397b6f2187d3", "comment": "Malware payload", "value": "2d17d96d114f495b5bc4774965f3c8261313b987", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596515, "uuid": "5b71bb2a-6023-4cc2-859b-da5319afde79", "comment": "Malware payload", "value": "aa2592d16efed74519cc0c6219e41abb58e75205efa72f55522c6100fc753b4b11363f606bc4a27eae6f703590003d9e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596515, "uuid": "b2dd0c49-89c7-43e9-913a-aa243fc305fc", "value": "T18843182795B8F031D366F7B00E66AAAAD43FF856132BCD0710442E5A57B1F035A3A72D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596515, "uuid": "8af31513-baf2-4ca4-af94-6de9214cd08e", "value": "768:Ze3hDXI8QL0fJ+WJAIQLFqB1xSiofNsEO1X479sFbwiMIEOUuDmALY7Grq:c3hfZJAIQXNp44", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596515, "uuid": "9e241505-5c9d-4a77-917b-afd779a0d847", "value": 57344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596515, "uuid": "a6a3f8a4-2f75-4e21-8053-c45fe0a46cd0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596515, "uuid": "cd0aee31-c65f-4bbc-97d7-0d6bb1086dc6", "value": "SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.3365.28891", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a01dadf-6dda-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697649480, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649480, "uuid": "ad596da9-102c-4a0e-87e0-7f48f11e0093", "comment": "Malware payload (Mirai)", "value": "2e690bd85dcbe2228c69ab7cb8ce725b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649480, "uuid": "7776fa81-6649-47d9-abbd-6fef4a2f5078", "comment": "Malware payload (Mirai)", "value": "660043b68bc7263efa3bf72a7b3ec8e5cfa39bb9c1beaac91f364de3d27e4f9a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649480, "uuid": "4704749c-2c0d-4ff0-be5c-95c790651325", "comment": "Malware payload (Mirai)", "value": "bd6ede46d417471ee08d58da9527be4d967f7542", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649480, "uuid": "22a51720-3d19-48a3-9446-3645773294da", "comment": "Malware payload (Mirai)", "value": "af7fc49803e8668a1fa409e71f8e12144ff837b04b27c1a05769a3afb51aeb22e528c4acbbb480c3ee3df982f0cb9963", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649480, "uuid": "1733d077-821b-48bd-8218-f59c2def2e77", "value": "T193D2E12CC59D7949CAAD3D7E50CE56F9394CB0C0A35DF68E17224418BB27A8BBC071B4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649480, "uuid": "4596e450-52c0-46a6-8d62-cbcfb8df038e", "value": "768:11uUtLrVDsAp6tLkF4FuetwEub4sU/M9g36KNTJbiWU1:1bDs06t4BEub4sU/MbUTm1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697649480, "uuid": "5d421331-ff1b-40f7-9ce7-834e293a028a", "value": 30324, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697649480, "uuid": "cac1a730-fb32-4ae3-bf13-2777a3ddd49a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649480, "uuid": "407f8622-431d-44c7-a05b-cd97c33e8d92", "value": "2e690bd85dcbe2228c69ab7cb8ce725b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f91803e-6d67-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697600124, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697600124, "uuid": "e3646769-3da2-42c7-9813-2968bb253a34", "comment": "Malware payload (LummaStealer)", "value": "9a686b5f2d4d051204080d137ca17887", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697600124, "uuid": "d9b543df-47d5-4082-827f-832452406031", "comment": "Malware payload (LummaStealer)", "value": "660361f776e3b878b6a925cccdfeccfd0d8152e4d98c62398aa282106f75212a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697600124, "uuid": "c7b235fe-37fd-400e-9d14-7954818208a9", "comment": "Malware payload (LummaStealer)", "value": "6976ad623d2d717866bc83dae36febc810ddc04b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697600124, "uuid": "548c798a-e591-4f54-91f7-a9db756928ef", "comment": "Malware payload (LummaStealer)", "value": "9008b01b0f6b8550b61eb2657f2ccdf1384742407cb9744aa48a268edb51f35d3f521df29a71bb75bf455d8d8c1fc858", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697600124, "uuid": "94a1cf81-7a10-430d-97a5-64e0a0e36494", "value": "T1B2448C1074D1C432F5B2153609E0EBB9DA3EB9210BA19AEF67D41B7E4F332C19731A66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697600124, "uuid": "b6bd752b-4620-470f-a5f1-a12a62c070d8", "value": "e6c8a6ac2c39bf589d2a9a54b0ca583e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697600124, "uuid": "11ea8ac6-9459-4783-b663-3f560350a6ce", "value": "6144:66PIxMeHJhPcuiVHnAlIpgLWqAOHkvDY4:6OdeHJhksBODY4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697600124, "uuid": "2f211eb8-8d3e-403e-a173-4b055e5b1a63", "value": 257536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697600124, "uuid": "07f11a2a-28d2-45aa-8791-47592f425b47", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697600124, "uuid": "0346955c-24a1-487f-94e2-1c6348019300", "value": "660361f776e3b878b6a925cccdfeccfd0d8152e4d98c6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3151a209-6d9f-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697624098, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697624098, "uuid": "c44cf450-5367-4257-954b-62637c05b753", "comment": "Malware payload (Amadey)", "value": "5094dbc725d732111ae89a4532f2f395", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697624098, "uuid": "414c6ea2-bdf8-4054-91ae-9abed5faecce", "comment": "Malware payload (Amadey)", "value": "6653629a408b7912f22e6a7039884a3319d485b77373cd8716ae295f4b40fddb", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697624098, "uuid": "08497dcc-f2ff-4db9-924f-0df1b23f5c52", "comment": "Malware payload (Amadey)", "value": "f05ca0365f2149de87e860f59115eca17d65b249", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697624098, "uuid": "afabbc7e-531c-49c8-bb90-72b6070e6e47", "comment": "Malware payload (Amadey)", "value": "0b2d2d1b0d971b9dc742017940538c9172d6a3f07140f64cb79eb0a57ee69a2132f322f8d27b2ea4a87482241e2f991a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697624098, "uuid": "1b0d032f-1bf9-4abb-aa24-05ece5770c8b", "value": "T1823523137ED408B2D5B227B05CF693831E39BDA0AD64632756A5EE4B8CB3B85543133B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697624098, "uuid": "417ee9ff-f873-4d0a-b483-9a2e9629c8c1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697624098, "uuid": "036dfcc0-7c32-4b51-8297-c5f184a320fd", "value": "24576:ryltMZwcoAIL+yX14NTcP3NdavSHr9E8DQ5XNbg/91:elYwcoA7z5i3DLBESQi9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697624098, "uuid": "6a3d2a9d-8db6-4012-a776-a4dcdbbcd7f1", "value": 1089536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697624098, "uuid": "4cb3ebba-aa61-4614-9675-e18278effeea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697624098, "uuid": "47e6188a-efcb-42a2-8f82-ecd8a488c77e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ef0190f-6dcf-11ee-8907-42010a9c0042", "comment": "Malware payload (DBatLoader)", "timestamp": 1697644710, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644710, "uuid": "3c1098de-fb30-47b8-9b13-4e476c4fd068", "comment": "Malware payload (DBatLoader)", "value": "4da4c9bbbd3146018753c6dd29e81337", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644710, "uuid": "af814e37-c1fc-49b0-a0d3-eb37cd9159e8", "comment": "Malware payload (DBatLoader)", "value": "6676903e22f98fa58728009016a86dfc3256556f0d9b275870175475f3627c04", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644710, "uuid": "58e7f8ce-7196-4ce4-8184-6e2282d3989e", "comment": "Malware payload (DBatLoader)", "value": "3946f8884e5595af51994ecd4681bbf30f0d3e15", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644710, "uuid": "2e041d8e-1cac-4c91-9ae0-897a19ebecbd", "comment": "Malware payload (DBatLoader)", "value": "d237ae2015f4f7cdb15b773e7cb89d27d33d38a9e8a83395d973053a216c4916bbc2df700396895d2ca9d95a455cba72", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644710, "uuid": "758e6754-ad38-44a1-a938-d6f2273f16a6", "value": "T19655D025B6934237C1631A368DBB93604839BE643A24B817A7F05D789F3A7893C375C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644710, "uuid": "ee1a8845-3ba9-44d8-b4dc-845dc8bd8302", "value": "943a00a286edd3507b735f866788c4b5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644710, "uuid": "2f8e6a8b-d0e9-4982-9199-25f03a3ed309", "value": "12288:iKl1+wjWARTvUKbV2p11lx8Nimm5cfGNJ3+AJf3tDWwEPbWKiwfat4YJy4IcBHdl:zlxtU9jxR7W+6AJKPdfaLScB9UGoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644710, "uuid": "860e6364-71c6-434c-8a02-19e2d6ce0d83", "value": 1355264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644710, "uuid": "ff13b680-efe6-46f2-951f-19116dda2f03", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644710, "uuid": "8cce7cda-2c65-4e88-81a1-d54fda8c71c4", "value": "Kspxnbmhdbfdpw.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf9107b1-6d6b-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697602003, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697602003, "uuid": "00c3b295-5f78-4fb6-9bc6-85b92c9b21d4", "comment": "Malware payload (LummaStealer)", "value": "a49f3d081cd8272a06c0a804362c14d2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697602003, "uuid": "10a677f1-85bc-4fe1-9ba2-134886c62021", "comment": "Malware payload (LummaStealer)", "value": "6681848e870b08ccb72d0558287ce680df466b0a8b5825d42376e7e5076a0b0f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697602003, "uuid": "f21210a0-f4c9-42c9-bdfd-6939c997f988", "comment": "Malware payload (LummaStealer)", "value": "41c1f4a2baba058ff7fa828e4dba22d6ce56d0be", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697602003, "uuid": "47a0ce68-6151-403b-9dc8-e5f2071cf207", "comment": "Malware payload (LummaStealer)", "value": "b0e8a0e9412e92cde4d536013f72dececd44f0f33fd444435773d9cbc38eb70b7e88f51dbaac9905ab29953dd94bf64f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697602003, "uuid": "af80e831-e2df-4915-add9-44a9a2047a4a", "value": "T1CD352356BBD88072EDF4633118F701970B397C679D789B2F174AA84E18339D8A43636B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697602003, "uuid": "563b06a7-7fe5-4d83-9bf0-4174a4d62218", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697602003, "uuid": "ac904374-fb7e-4e04-bc48-c9740e1a6416", "value": "24576:qyRymYglsM1je8H/50NaSloexBqeOPOqCNy54piXRpSxY:xNve8H/52a8tWeAO1o1Xmx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697602003, "uuid": "69c727b4-ba55-4340-ba66-2564c60d03ee", "value": 1094656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697602003, "uuid": "6f10dadb-5c3e-434e-8d67-22da4a37e789", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697602003, "uuid": "d0d7921b-5f9d-417c-ad0a-6fe09ac1ae20", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23cb243e-6dde-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697651134, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697651134, "uuid": "759107f8-124c-4a39-b7f0-4c01dda281dd", "comment": "Malware payload (RedLineStealer)", "value": "db3590f98aee020a9c55a7358b91d115", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697651134, "uuid": "996b7255-3cef-446f-bab1-357771767aa3", "comment": "Malware payload (RedLineStealer)", "value": "66a7f7c9e426e65f789244fea43beaf49d7d8a4e8f5114941eb9e8d9d9de37af", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697651134, "uuid": "ef60ed93-720e-4110-805d-85119826d03a", "comment": "Malware payload (RedLineStealer)", "value": "9087ef37417444913f594bacba6ea9e9987d7570", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697651134, "uuid": "60298fbd-e105-4a9f-8c41-20f166aa8cb0", "comment": "Malware payload (RedLineStealer)", "value": "2e7e2e8fd9729a993a977ad819a5b3710d205ada0dc3c668095dae4f0dc13b967300c394a5d67284cc7964868b835235", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697651134, "uuid": "c0169524-40ac-4fdc-b14f-5d837a5600dc", "value": "T1F4152303FBCD9422D9A46BB1A8F606D30B3A7DF4E82C4B6B2785D4451CB16C59879363", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697651134, "uuid": "75de0252-fa08-4478-8767-8ec627c9f70c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697651134, "uuid": "ae28c878-3042-4937-a4f6-ce056c4ffc54", "value": "12288:PMrty90SADUfHjGiKFgeb3vp9jgqoSSe6YBySEfd5gp6tBv+95WogtqgB1leRJ:qyY0DGdaG9gqQBYBRxpsBvRtqgU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697651134, "uuid": "4f0c08e1-3a44-4fbe-9441-bfa81754d7c2", "value": 880128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697651134, "uuid": "77df1e73-2457-4c12-95d1-2672f7e5feaf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697651134, "uuid": "93c1379d-38f3-4c40-9bf5-8dac515c4320", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3343c58-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697596506, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596506, "uuid": "fdf657e9-0277-4f1c-b087-3b7cf35fb24f", "comment": "Malware payload", "value": "7f29a145798959fdadfded65831ebd81", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596506, "uuid": "872a3338-39b2-46ac-8586-bc00b1b61ca4", "comment": "Malware payload", "value": "671f1d1f7ea974947eea2c0dcafad5347aae23c4a73b1674a2cc6f2f540b8062", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596506, "uuid": "c50ab5d9-875a-42c7-a56e-71036b78dbb2", "comment": "Malware payload", "value": "0dd5f8c81218a5ccd93b9701ad9561ef1e14f32c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596506, "uuid": "8f705f51-df45-4329-8c59-54b7560c3581", "comment": "Malware payload", "value": "062c753ac1f6672fd92f3a0f83c03b0d611ef809e76c4f0334b2c38da1644148a1b230c8b41462ab7e91e3cf50f5c792", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596506, "uuid": "cf8be658-14df-4572-8490-9b9619571a6a", "value": "T194A24B62E8D28872E22D49BC5D1DD434D43E3A313F2965E3EBAF1D5EC8191C60B69371", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596506, "uuid": "8bb6f02b-88c1-4fa1-b3b0-3d5eec7f7a23", "value": "384:o3HqsREnZX3Qt02g2D9ZgNEVXR3fEyugibF8YLEwLEXpDsmCq33su:MKSmX3MVD4GXZEyuhhq5Db3f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596506, "uuid": "359a0f4d-7d1b-4e9c-b67c-b20cf673382f", "value": 22006, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596506, "uuid": "fa9b680d-d150-42e5-9324-af3ad76ab28e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596506, "uuid": "3886c365-bc93-4498-8beb-a4d4407acc25", "value": "SecuriteInfo.com.W32.Qhost.0CCA.tr.19621.22470", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f608400d-6da8-11ee-8907-42010a9c0042", "comment": "Malware payload (YellowCockatoo)", "timestamp": 1697628294, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697628294, "uuid": "5f00f6fd-bd0b-4188-b1bb-efc3158e23e4", "comment": "Malware payload (YellowCockatoo)", "value": "b29df079c5cdde0adc5fc0906eea5087", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697628294, "uuid": "51df5845-4be1-45e3-9032-3dfa465c52d7", "comment": "Malware payload (YellowCockatoo)", "value": "67e708587a69f2e9f5d4797aecd68bc63a0264dfd6f98379e65d7c459c13d038", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697628294, "uuid": "6e2e0747-2e6f-4ea6-b6ce-70e5947d1c24", "comment": "Malware payload (YellowCockatoo)", "value": "c255d5d988b37abb22a17424d177ca02992bddd0", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697628294, "uuid": "02c84c17-8457-42eb-a654-e419668669d2", "comment": "Malware payload (YellowCockatoo)", "value": "c40c943c172d9691c2cae24deda24a010a184df24673541915a1a2d867808296b14a01466e3484ab6436bb2a2c56d9e8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697628294, "uuid": "244e6192-df64-4783-86c3-8d891d99a84c", "value": "T107C4DF143BA4DC508B2C16E968DB53039B2766E7EDEBFF070AA291741A1B92347513CF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697628294, "uuid": "244689f0-63af-4435-ace9-bf56dcdcd6b8", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697628294, "uuid": "6cc59c68-140b-4448-a309-60265bc68d06", "value": "6144:Q3+RKV/0v/DFalpMjlVy7hTQS3aY5i+tDyIzHDN5B2gOkdB4Imaj:QIb/nxqQS3aETjp2Em", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697628294, "uuid": "f0943e3c-603b-4656-95c7-db4035495f03", "value": 566784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697628294, "uuid": "bf364949-6f68-4eaf-9964-9ff6db550032", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697628294, "uuid": "947fa555-6f4b-4679-9008-71f17048397e", "value": "pABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZJNJP1eK1VNIkyZAf_w3WX3BLOD_41OMT.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0192bdaa-6d77-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697606838, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606838, "uuid": "29eee563-77c6-4f38-a893-619720a7e4c6", "comment": "Malware payload (Gafgyt)", "value": "c80094fd65f27dc31deb461017705794", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606838, "uuid": "239f0869-5715-493e-afef-2f0c86366d52", "comment": "Malware payload (Gafgyt)", "value": "67ef3616582290b020d715a90fee60e6cf21494e6603f70461eaafe449c1be4f", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606838, "uuid": "8a0af962-8af5-479b-aede-c0c1e1b4701e", "comment": "Malware payload (Gafgyt)", "value": "74b6af643a2772a6fa9cc7fc2f128c19119a30de", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606838, "uuid": "a7fdc8cf-1170-4440-aae0-65d15eb29098", "comment": "Malware payload (Gafgyt)", "value": "65fda62bdfbcf5f4b47f1959b2226c6a1080e39bf915e15ba7fb10266910b19026dc94c847555d05af4a073b48c95cd8", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606838, "uuid": "9f1f0679-b6f8-494e-a5b6-da4bd559565e", "value": "T1C8A32903DA60847EC48B93761BDFC6225623F8B90731621B63C4BEA92F169D9DE5D343", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606838, "uuid": "974534b9-316b-41a1-90ba-51cfdd13e807", "value": "1536:Q9fT9WiC3txvWtfEo5vXJM9wypej++3hWEgL7nLGPTms5TDUMHYr/:Q9jC9wtsOnuejjhWEgL7smITDfHYr/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697606838, "uuid": "b3a612a9-23a8-4c13-8e3a-311677e46c8a", "value": 101269, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697606838, "uuid": "a4afc05b-7b10-44b1-8496-3171a1224b94", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606838, "uuid": "b4289b49-fa60-4f92-9ad3-b6e3d166ff70", "value": "c80094fd65f27dc31deb461017705794", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aff0132c-6dd7-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697648363, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648363, "uuid": "71a637f9-9e8e-4ea2-9f7f-8c39ce0414a1", "comment": "Malware payload", "value": "7c42609059f06e00eacd0335e27e3196", "object_relation": "md5", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648363, "uuid": "c0c7f19b-6c44-4233-b53d-892a360ab745", "comment": "Malware payload", "value": "680d32eba69b71fae9a915684abd13a98708c33f8c21f8b6cc5abc7fc6ce205f", "object_relation": "sha256", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648363, "uuid": "7989954d-b454-4ff6-af7c-8bc04d787e80", "comment": "Malware payload", "value": "9399d86b2ab47ebb8f7dc0245d794c6c00056233", "object_relation": "sha1", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648363, "uuid": "e888baba-b323-4d41-892a-c7e5bd3bae88", "comment": "Malware payload", "value": "93b87b4fce7cf09ce6fe444e43751d7917d9eec5350e630a43110bfd6948ffa2859e06d1748f8e4b0f6a9f79134d5fc2", "object_relation": "sha3-384", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648363, "uuid": "1c57ba04-51d7-4248-984f-70bb2f0bf12a", "value": "T15EC61277F0DA2071F9731A36B8A25432393E189CE08729A929F4ABD7F472D484F47791", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648363, "uuid": "c7e2802f-1ab1-4ae0-9a62-cad5430ccd03", "value": "6011984d7c1f1b97a34d7517a498bff8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648363, "uuid": "0b34bdff-cd02-4c44-b46a-38a572fd54d0", "value": "196608:TeOl5FS4DZLTkgk+gpFT3VT3s0marpO4a/TVHJack+YlGlSRRbCvX:jtk+Afmyn0acJYlTF6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697648363, "uuid": "02f3c5de-7c38-4eed-8bdf-44e93f6bc129", "value": 11721049, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697648363, "uuid": "e0e3c9d7-a2ef-4471-a111-f374ae89aabc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648363, "uuid": "86634527-0f0d-4018-9fc1-3a2588f0fb1f", "value": "ChromiumBrowser.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "527ed5f0-6d85-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697612987, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612987, "uuid": "2d056781-ce6b-41b3-b6c0-df1490ebbe15", "comment": "Malware payload (Gafgyt)", "value": "a37e690704e65cd6789f2003e4a748a1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612987, "uuid": "ac29ef95-1687-4ab9-bbbc-112fd3dfe249", "comment": "Malware payload (Gafgyt)", "value": "6a91561d682a59f69ec904cddccd4ea1d2987ad2301f62b23be2e6f21547c2f8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612987, "uuid": "79c18b2a-a421-47f1-93ff-650bbb2f034c", "comment": "Malware payload (Gafgyt)", "value": "3082e20c6f4b0660ba7bae079ee62264e617a3a4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612987, "uuid": "aa822ea0-dfce-41dc-ae20-fce20eea5c99", "comment": "Malware payload (Gafgyt)", "value": "8863649ea24a30730a1b5b37f6587ea6ac28db890d7bb4ab4e9bb69a3eb9c1a3e8e0f00a795f1ad262126e7697de6b97", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612987, "uuid": "92036ab5-bd8e-46cc-8c32-629f6b0433b8", "value": "T12783E99BB71D0BABC59B5BB12CB737F18B6DED6002A21184A10EFF9007B29741532F65", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612987, "uuid": "b3748e6a-fa38-406d-99c1-3360cdbeb847", "value": "1536:zhkpXXB3ff5/Z/Ke9LlTEQX7KqpFsYNQIsV5wtwHUIe:NyHB3friolTEQXOGdQPwtl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697612987, "uuid": "be060e5e-e84d-418d-b7cf-60da2168701d", "value": 88575, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697612987, "uuid": "09221670-1af3-4787-999c-415cbc6d8429", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612987, "uuid": "11d972fb-e665-4605-8b0e-0919609397ea", "value": "a37e690704e65cd6789f2003e4a748a1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05ff9460-6ddb-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697649796, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649796, "uuid": "459cb7b3-2b99-40f3-98a8-ff04fa6bc2bd", "comment": "Malware payload (AgentTesla)", "value": "5f19da54cd1ddcef58de1e0bdf595459", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649796, "uuid": "3374c8a5-513a-43a8-a323-761d05ceae13", "comment": "Malware payload (AgentTesla)", "value": "6acdfc7d8365b4e70685394907a60e18eac1c115c7699b364ebaa22e9c2183f9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649796, "uuid": "b17cc1b8-c81a-47ce-8dfb-b42c8441f70c", "comment": "Malware payload (AgentTesla)", "value": "7dbcff253f08babfb45f7254ccfee445da3502ad", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649796, "uuid": "984fadba-f711-4e17-80b5-3614bc7655fd", "comment": "Malware payload (AgentTesla)", "value": "8b209746f020c2246ed933c9afe837af97f88f6f5efbc7371251e8c22dca7207c391b87a87c737b60fad29be44d2685f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649796, "uuid": "55cbd740-c9f9-4bca-8cbf-0de18156642e", "value": "T15FF4DFAC3510B6DFC817C9368AA86C64AA206C76570BC207A05736EDDE1D6EBCF145F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649796, "uuid": "fba26676-7d8f-446c-8b28-072f757d8b84", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649796, "uuid": "decfb783-7af6-43d5-bf72-70033b54795c", "value": "12288:fNau26+X/E7Y9F0lIw7iCZJEz6iSV1rrBuu2SBEctPv3pN9Ld0xT/VR3iXX52iGC:FaueRIXZalSMSBEctPv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697649796, "uuid": "40642b79-10a0-4e5e-ad0b-9d834609f4b3", "value": 752128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697649796, "uuid": "349bbf20-5f1d-4cfe-b725-ba3d430eb824", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649796, "uuid": "4e9a90f0-7b92-4f14-9659-2deb7e16875a", "value": "5f19da54cd1ddcef58de1e0bdf595459", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f5aab1e6-6dce-11ee-8907-42010a9c0042", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697644614, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644614, "uuid": "39b9d1a6-316c-459b-a0b3-50f1ed5f271b", "comment": "Malware payload (SnakeKeylogger)", "value": "c1100b4f1a59545b8fa170d3404c6fda", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644614, "uuid": "1cbdafcd-d8eb-4e93-adf3-ca6b20968258", "comment": "Malware payload (SnakeKeylogger)", "value": "6af326333d060286daaf29227b41f2afb25c43f072571a096c504c84e61749d3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644614, "uuid": "d84f8555-3acd-4777-9fd2-433938618fff", "comment": "Malware payload (SnakeKeylogger)", "value": "3a41caab745f9bead4253b0b44943a6a4979e01f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644614, "uuid": "ec0cc49a-61c4-436d-aa93-3341c71c3b69", "comment": "Malware payload (SnakeKeylogger)", "value": "cdab0d377b3c6a200b537ed7309afa4dcea34f2deedf3dafc7dceef52518554cdda124273f1b3304d04ed28e59d3948b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644614, "uuid": "325e1569-ca81-438a-a9de-50c1ca586080", "value": "T161053C3D19BD223BC165C6B9CFE5C827F000D8AF3422AD6598D797A64356A8735C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644614, "uuid": "c22543ed-cb83-4e76-a3bd-6b4eee5e9d6f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644614, "uuid": "808fe2a1-c7c0-408b-aff6-668ce2b57a3d", "value": "12288:SNgo/6WgAjGw/7f+3G/PVfv0YuIZrwWU:poyCr7f9PVHxRy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644614, "uuid": "c696fc76-bf0a-4bfe-b48e-54f9db57f906", "value": 873472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644614, "uuid": "4ee53f17-81de-42ff-8bb9-40a98765c113", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644614, "uuid": "f11d2c8a-e6e2-4a92-89a9-c902fa09ebfb", "value": "Halkbank_Ekstre_20231012_094094_956367.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d73b13f-6d9f-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697624146, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697624146, "uuid": "3248a598-b96b-4330-9aad-d382c6a5eb44", "comment": "Malware payload", "value": "a8f15dbae4d10f8baf0d59d29a9c0e37", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697624146, "uuid": "d34aee75-502a-4ca2-b539-2d8102a185e2", "comment": "Malware payload", "value": "6bb666bd40267ce2380c3f5082f5895d493ed4f8839d384e0887baf32ad95fab", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697624146, "uuid": "04de7255-07fe-4062-ad54-4b7376b0df7e", "comment": "Malware payload", "value": "26baea6e2986d75b7a732e6016fed4a921554bb9", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697624146, "uuid": "1072b147-36ea-42dd-8345-1efe1d8d331c", "comment": "Malware payload", "value": "76c6fa24fc116c33f7ef52d2583a189044d6722d2a4abbb3e43aaa9a36580188f42a8e3124e6e612c53d67115cfae1ea", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697624146, "uuid": "de3da792-aebe-4cc6-a83d-30f9080af8d4", "value": "T1CE632B46664260EA41A33379DA17A48E736DCE93C331F24C3EAEC880B75631A74F725D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697624146, "uuid": "d10fbcbc-5ef4-4d05-9756-bec6b4bdede8", "value": "768:agPkZitVRJk994J2vRHCkkRFpouspR/95pjS+B/S1lFh9z1Em8IcY/GwhT4fkJjE:7Hk400bPyuKR/95pj6DdyiNeZYgj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697624146, "uuid": "1245808e-7bae-4388-b4ec-9ce80fd29539", "value": 72957, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697624146, "uuid": "57b27dd1-a698-4c1d-81f6-c646d0aec7ec", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697624146, "uuid": "a9b41952-9fb0-4e41-a7cd-38064862526a", "value": "Ohook_Activation.cmd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62545fbe-6d9e-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1697623751, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623751, "uuid": "2b5e3338-7e9d-4791-b3fa-76adb155d2f8", "comment": "Malware payload (GuLoader)", "value": "c8b8492da1bfa31b3de4c9ee2b14b120", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623751, "uuid": "cb47bc98-44a8-477e-bd00-a56f528397b5", "comment": "Malware payload (GuLoader)", "value": "6c3503a56bb86000bf6e5719ef8ea6cf7e61bee2206139b6917a35caaa2bd1f9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623751, "uuid": "104cfe45-3095-4cc6-b093-aa264657a3ef", "comment": "Malware payload (GuLoader)", "value": "4a25cf01281c7efb52896c4ac1ac0dde7cb6bcff", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623751, "uuid": "95d837e4-5a08-43e5-8f4c-7a6e777337f3", "comment": "Malware payload (GuLoader)", "value": "33cd1a3ca43a644c1331388e7ec6e9e8a3d77423c7d6576dd77a9f8e4d55a750a2356922013a6d4e3a972d49de9bf623", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623751, "uuid": "d7151091-bf0d-431b-aa73-6a751c6fe884", "value": "T1492512473D0141A1EE7752309C2EC0A54F926D6EB896C6CFA291361C68F7FE346EB748", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623751, "uuid": "7ee2ed2d-0813-4cf1-be9e-c5ca2267d72f", "value": "6e7f9a29f2c85394521a08b9f31f6275", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623751, "uuid": "0debb334-8e1b-4dd5-aec5-68434519b92e", "value": "24576:pTqMPCp7rLLLhnzhTRfX6ahX1DCb+H+JKjZMWSi:pTZPCdnnhnxRXhXNCqpVM5i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697623751, "uuid": "f65441cc-1a7b-4628-a0d3-4d4af139fee6", "value": 1037416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697623751, "uuid": "8f6460c9-26cb-4778-9ff1-f9b5b2e02de5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623751, "uuid": "87066d9c-78d2-4f1a-8791-7fdaab72af1c", "value": "Certificado- FNMT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f5c01dd7-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697596511, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596511, "uuid": "e30b7c81-165a-4b37-b155-9f80d152e373", "comment": "Malware payload", "value": "2373443cbc3ed23a794e7963494fa08d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596511, "uuid": "b53d521a-1251-4822-912f-11a69e200fa5", "comment": "Malware payload", "value": "6c4b6083dc4a498922d6536a1865262cad8407ed24a7bb96917c2e9c0d67d0d7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596511, "uuid": "8a38f201-e10b-4021-a237-2c60b4f36a52", "comment": "Malware payload", "value": "c11fe9ae6f81804b4d53e3c76c6fdec28fc2024d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596511, "uuid": "baa86f73-2a80-43b7-a991-9671dfcd7e65", "comment": "Malware payload", "value": "59b6c1a45424fbccf137feeba79b1dbc19cab95985a2a99f806b0cd8c8744fac2bcb3edeac5c80c24296c53c995b76bd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596511, "uuid": "ff08333e-90e1-4d50-9669-01ce151d4857", "value": "T148633A51E9818876D1080EBC5D0BC435E43977252EBD75C7BB9F4F8CC8B939B4A2827A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596511, "uuid": "e8ae942d-a4aa-4ff0-9f75-d5f58e946d78", "value": "768:/KSmX3MVD4GXZEyuhhq5bIOhw4RkcBup3lDOZvDm2o92y7PwW/PpGfhECljVYnyn:SBAp5b+4ecBU3IZyVdpGfhECljVB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596511, "uuid": "482dfa21-26c9-4ff4-ab26-bacf990fa8e5", "value": 68759, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596511, "uuid": "baeb6e7e-d3ec-4f5c-8e75-7a6f9cea4fd9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596511, "uuid": "1a4fd4bd-77a3-4eac-b5cf-cf6a5913acc3", "value": "SecuriteInfo.com.W32.Qhost.0CCA.tr.13299.7547", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf90f11d-6d76-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697606728, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606728, "uuid": "1a1ffc15-8041-4e5a-89fb-73ab0be63d5f", "comment": "Malware payload (LummaStealer)", "value": "86a2937e24c306d22c93e429866e9878", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606728, "uuid": "44343cea-7ae8-41e5-b8f3-73e06b47ac08", "comment": "Malware payload (LummaStealer)", "value": "6d61b93dfbf3ab7dc02c0759f5c003cb6429ab5daa3a75fb6e667a937feacee2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606728, "uuid": "15c4cda2-6293-4e28-bce0-5d0fb224242a", "comment": "Malware payload (LummaStealer)", "value": "e18e75d4b290922ad7d1d5d46d2380b7b68cd366", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606728, "uuid": "e91a2850-0af7-45e0-98f3-be32cd3c47b4", "comment": "Malware payload (LummaStealer)", "value": "e19f5b0f501a9923a0463e303442ed182aa9931ddc4e28abd296c86291ad0932107d278cc2f1dc870bf28585922e48fc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606728, "uuid": "fd6de10b-83b7-4fa2-989e-e8d04020c9be", "value": "T10F3523227BE84532ECF62B7459FE52830A3678F1D978922E23529D2B1C735D1ED32316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606728, "uuid": "f6d14e59-0f69-48f9-a5c3-ede8a66b9e6d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606728, "uuid": "54704e1c-244a-4905-83bb-ea5d89726774", "value": "24576:kyVpeGtqNt8eHJCtYIDNuJCuN9w3TLhP7g7Ew7IOxS6J3nwpAc6+BFRY:zVzte8eYDU+nl7I6H6JwAJ+Bb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697606728, "uuid": "d7eafcb3-5355-4634-bc10-9c9971cdd565", "value": 1095680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697606728, "uuid": "c8cf7c87-c037-49bc-b53f-20d9d86421d2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606728, "uuid": "45fd2137-abe8-445c-8f3e-431fab1b87c4", "value": "86a2937e24c306d22c93e429866e9878.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5e804aac-6d9e-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697623745, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623745, "uuid": "a92393de-3f26-4ca3-82c0-11a0fd745933", "comment": "Malware payload", "value": "c01ecc0341820d7d335ea0f0c72c40f2", "object_relation": "md5", "Tag": [ { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623745, "uuid": "025a5ba6-6bd1-406b-9fec-a8d7714e34a3", "comment": "Malware payload", "value": "6db2ebc71c9485ff4eddbfd643006f38b5f8d502cfb6056aee688b849424d898", "object_relation": "sha256", "Tag": [ { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623745, "uuid": "9f5bf1a2-0536-4f4f-92d2-a8dd6750005b", "comment": "Malware payload", "value": "36a1833cd60e6266473925166146c7efeacc550b", "object_relation": "sha1", "Tag": [ { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623745, "uuid": "929588d0-987b-4028-8315-69e780add666", "comment": "Malware payload", "value": "15a4b22f5be973feb48d6b3caa75acbbf5ddf1b267e8a4a9a406f32fac5f2d7f95a28ca1aa63532d14187cb999899bfb", "object_relation": "sha3-384", "Tag": [ { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623745, "uuid": "3c1742fb-c836-4237-ad5a-cf9056464be5", "value": "T1D8B423E465D83C2AC6B1ADE47028BB477DBBCACD54162E87DF189D2D898C413FDD1A08", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623745, "uuid": "6f44f00d-4b30-4adf-ac5a-5f386baba9cb", "value": "12288:uEHV1wHNr4oUvopO6inBkSScPy+Y9Lld1uk7dh+tkUXzSLFL:PVyHU9rPujd1X2kUXzSLd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697623745, "uuid": "5b0682b0-cf16-4704-a892-2e280c852d9e", "value": 523440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697623745, "uuid": "cb5bc0bd-6b99-4d7f-8882-5d225f74ea2d", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623745, "uuid": "948b548a-47e3-49a8-bd13-19a089f8ffff", "value": "08A347B6-6FB3-4B5E-9A49-9EC1E49DF8F1.pdf.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f945d18f-6d65-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697599523, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697599523, "uuid": "99e188d9-a4c8-4bab-a3e7-8a5bdc6f7aa2", "comment": "Malware payload (RedLineStealer)", "value": "90631a5a8b34cb9ff37e87d2aae3c497", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697599523, "uuid": "0a5a32ee-a87f-4ad0-8529-05569a6421ba", "comment": "Malware payload (RedLineStealer)", "value": "6e24ac3f80a050e0f95582f60a3d70e7126a06be11ea5143c2f606c3c7c170e3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697599523, "uuid": "9b14a304-5313-47cc-8af0-ba2428681833", "comment": "Malware payload (RedLineStealer)", "value": "c0572c6241310868ef72771f961c4307525e34db", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697599523, "uuid": "74f616f0-7eb6-4445-8700-1d9a29c25b25", "comment": "Malware payload (RedLineStealer)", "value": "ff4caf9fe00caf5128c2b62716429302abba7980941b8b6cb7229701c4e732b495734616f6993cc113a662298db600d0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697599523, "uuid": "5f2867d7-4d32-45f7-a7a3-56b85690129a", "value": "T15735234BE3F4C032E87623B486F562136A36B9F24D78476B3745594A8EB3B846871337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697599523, "uuid": "f5dd213f-aeb5-4a10-a7ba-dd1438c5aac1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697599523, "uuid": "01173c0b-ae8c-4250-9d97-e8dae4eb14f0", "value": "24576:SyuLozM+js0WC71OoilgfphQ5dIQzLg8OvXTaAdG3+:5QobFl71OrikyQngHLaAdG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697599523, "uuid": "1aeef59d-b04d-4209-acbb-cfdc36724384", "value": 1089024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697599523, "uuid": "e2dd5edf-606d-4e1a-9fcc-4051813970dd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697599523, "uuid": "5fbe59e5-3a62-4de8-8823-6501f94bcb8f", "value": "90631a5a8b34cb9ff37e87d2aae3c497.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce96a66b-6da8-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697628228, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697628228, "uuid": "96d383f0-6469-4755-ba16-bfefff3a616f", "comment": "Malware payload", "value": "8e91ea82111f35fc5043148adda125e2", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697628228, "uuid": "38d104ff-1916-4398-adb7-646c7edb8889", "comment": "Malware payload", "value": "6e79e1d04c71f5897128bb460f5ba51d1d8c55976277e216cb1ae188de834a4c", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697628228, "uuid": "cee17952-b26a-496e-88c1-9b43ae4b276c", "comment": "Malware payload", "value": "9e4c8baa28e30ea4ee4d48a96703cd031b1a6fe2", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697628228, "uuid": "70e157d5-5717-481c-998b-8701a3faf958", "comment": "Malware payload", "value": "8bcbf719dc054558634bcade4731735462baf1fff8846a538b9efbb33c3da0afafc886a4e61e96b8ee5e97ee075fc011", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697628228, "uuid": "66abb81c-ac58-4d6e-bee2-b2877ade958b", "value": "T18DC73350C72770A3F616D35FA38CB80E92714E5EACD85A59A11610FCA742BD0B6CFD2E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697628228, "uuid": "f22831e4-7e16-4acf-8a94-e77790b2ef94", "value": "1572864:QakCYUYkZKAhR7fsf1AXgJ2CNaI1P7L6Ac/i:JRKAvbXeNaI1P7+nK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697628228, "uuid": "4b89252f-e327-4427-99c6-895c6839d156", "value": 53285089, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697628228, "uuid": "fffbc030-173f-4ef0-aaaf-55cea4a63e15", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697628228, "uuid": "60a4a40f-6a3e-487b-aea2-f6eaf9263fc3", "value": "KMS_Tools_Portable_2023.10.18_password_2023.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5956780-6d56-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697593048, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697593048, "uuid": "6a3b78e2-1c20-426d-a776-d44d4890330a", "comment": "Malware payload (AgentTesla)", "value": "e9c9d6f359a40a660afdb00b766fe25c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697593048, "uuid": "cb3fbea9-71d8-4040-ac78-7a406f09f0bb", "comment": "Malware payload (AgentTesla)", "value": "6fc8349ad98c3a3aa7161d302af4b48a2653e58364f172b632240de6e261da1d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697593048, "uuid": "c4e6695d-1cf2-4ca3-9cbe-e7c161805375", "comment": "Malware payload (AgentTesla)", "value": "0252407061c3b49d2b1f157f940d929dbe9853e6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697593048, "uuid": "e4cb5f10-e1f1-4782-b3ff-cfe6352d6d63", "comment": "Malware payload (AgentTesla)", "value": "dd0ecff67ada1bb591010089342f388f0e02c6b33636278cee4cb4091c39658b3b7694e330e804da80e1de7253569a9a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697593048, "uuid": "5ff8bd66-bd50-42ce-acad-fca0ed04d3d3", "value": "T1FC84238D9474620BD48B0E7B9D8822F289F46A13BA56C55FFE05C29C740F262CED5DF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697593048, "uuid": "e790c1fd-b105-4847-88f4-6d0f279d04d5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697593048, "uuid": "d5c5f464-d1ef-4567-8939-e6b1c4dc1511", "value": "12288:5mIm7PH8XA5NwXF2polYlmK0wnhCJbol5A8Ps:5mIg/8X6cmd+Ul5Aes", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697593048, "uuid": "c3242485-6b10-4655-a961-21dbcda45478", "value": 407960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697593048, "uuid": "112d615c-7fea-45e1-8e28-ffdf03e54adb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697593048, "uuid": "c1bb79ee-9a0f-4607-9efb-9fb4928d9ed9", "value": "SecuriteInfo.com.Win32.PWSX-gen.12710.26433", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3dac7da-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697596508, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596508, "uuid": "5d565cbc-6af3-4471-aa74-6f193e2c2521", "comment": "Malware payload", "value": "787c7de49267c6a4977edff041b2e70b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596508, "uuid": "a8a7f03b-9e86-4e20-805b-fb7ec392961c", "comment": "Malware payload", "value": "6fcaa5ea11dd9cad28a5267de7e86c918febc9f01c4ad164d177e399ed7177c8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596508, "uuid": "da1fed6b-aa14-4644-88be-c3d7ff5c8bc8", "comment": "Malware payload", "value": "46679636c5481919e8d4514d403cc1fd1ed63ba4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596508, "uuid": "5faf67f3-2bf4-4379-a959-ccfbb113de86", "comment": "Malware payload", "value": "bdbe406ac1f9a05038a6ee7016c153b033cfb3f5f94bd5194b081f1348d2f23823413ee67c20255635779979fb011592", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596508, "uuid": "c4a8c37b-03eb-462d-96cd-99b0f6daf237", "value": "T1586423ED9B139A44C4902E7ACD8BE3E5021FEC05A9462A2B71E5F72F2CFC515573902B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596508, "uuid": "943b64d1-529a-4779-8f7f-3f338820f5fe", "value": "22f0cb409faa7223b8eacea42a95ecba", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596508, "uuid": "972f2935-d106-41b6-a20d-97bd9ab287a4", "value": "6144:7gWGEq8O8aNoOfcwu1sbqyqXOHKhdfvK/ZZWc7oKSPc6teAPAU2Jk:0L8Ha+OfcwuNyqUKrqdrSZeu2O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596508, "uuid": "b2830171-68b7-452e-b5ec-7528d6a64453", "value": 308806, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596508, "uuid": "aa92cf4e-be94-4252-9713-98ea804f106d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596508, "uuid": "80418e00-afc3-455f-84dc-07a0e48884ee", "value": "SecuriteInfo.com.W32.Heuristic-162.Eldorado.17392.5665", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f9a921b-6dc4-11ee-8907-42010a9c0042", "comment": "Malware payload (DarkGate)", "timestamp": 1697640094, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640094, "uuid": "7c914125-8555-499b-9ac1-ed638fbd2bf7", "comment": "Malware payload (DarkGate)", "value": "5d17961906342f3d3f8e37013b8dbc4b", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640094, "uuid": "0edbb239-31c5-489a-b064-b3e5bc521d2c", "comment": "Malware payload (DarkGate)", "value": "7081e4b1bffb4c839b937aa5938d83ca6a1dfbd0919917c54c829d8efc40ed34", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640094, "uuid": "0a2b0da3-cf00-41e0-ad00-8530343aec8d", "comment": "Malware payload (DarkGate)", "value": "2482e10f67afc8732c8ba12219e5190ac0816893", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640094, "uuid": "c65c10d0-9f92-4ade-a638-741ac6a5085a", "comment": "Malware payload (DarkGate)", "value": "4a1867fb50d5b6b103ea3f81820c061ed1dd650004c0618b04da0f243343b19cfc45ddbda307105b1967628967b41ae3", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640094, "uuid": "c2ac3ca0-958c-4611-a005-93f7812788d5", "value": "T1560633813BD4D13BD59E1232C9B696A52931BC610B30E0CB6A91FE9DDA303D3EC79365", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640094, "uuid": "b0eb9244-8fd5-4eab-8526-0e4c420383c9", "value": "98304:dpq1DCG1G1w7cwv9JAEGl6ZMjjzpgWxY/f7L7yiSVw8y:UE+dvLAEGl6S5oX7i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697640094, "uuid": "140359b5-b8a2-4de3-90f4-2f6a05bd66e5", "value": 3743744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697640094, "uuid": "f20dacfb-7b09-4644-905b-180906439cda", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640094, "uuid": "b6fb8d3c-cdb0-4974-a7c0-80c1da24b043", "value": "5845.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7577296e-6df1-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697659432, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697659432, "uuid": "68a942e4-9b29-442e-84c7-191ce3281073", "comment": "Malware payload (AgentTesla)", "value": "d770374ef8813698dca9116ac9d677b9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697659432, "uuid": "83083dfa-ac23-4e55-af01-31bb086888e3", "comment": "Malware payload (AgentTesla)", "value": "7128f55d4b1b9193a0bd8ebae6ea29491ef619b79d833e7ce1c15cd91f472163", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697659432, "uuid": "33cf1637-d8c5-469a-906d-0b53be195c40", "comment": "Malware payload (AgentTesla)", "value": "a55cc7523c383611540e1a601208b82d127a70a6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697659432, "uuid": "eec4b8eb-efb8-4692-9406-7d3daa00052b", "comment": "Malware payload (AgentTesla)", "value": "503d123354b299514997af9e88a29a2ad8d2f0602b09192f6bd98514ed7a32af7889dee81614b7e95664d12e12b00243", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697659432, "uuid": "6a4ec8cf-d700-48cb-ba50-26ae4a386c0f", "value": "T102156B7D1DF88227B978DAA6DFA4C432F0A1D6EBF9624D2AD0D746418702903B4C71BD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697659432, "uuid": "d6cb7099-297b-42df-b42b-fb5ccd3a212a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697659432, "uuid": "2514b483-5bf3-416a-9848-94a994ffcfe7", "value": "12288:LOo53bDrftmBg3ARMCJks13bRkd2mL/IpwwT0J:aS3bDrVb3yMCJkuLytSwwT0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697659432, "uuid": "f930da2a-ac96-4e8b-81c8-7c4043c11c1e", "value": 941056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697659432, "uuid": "802d1da8-e099-4b48-8e2a-092509a9b5ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697659432, "uuid": "774ae270-7a0a-4158-9edd-3d82df7927f0", "value": "SecuriteInfo.com.Win32.TrojanX-gen.13674.13105", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f85b7417-6dce-11ee-8907-42010a9c0042", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697644619, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644619, "uuid": "a687c80c-1254-43b6-8122-ed36936b09ef", "comment": "Malware payload (SnakeKeylogger)", "value": "e45b53b4adca836654000e41e1701077", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644619, "uuid": "14a15061-0d4f-4038-92cc-d540c453ce71", "comment": "Malware payload (SnakeKeylogger)", "value": "71577df45ab0ca4cf844c77df74cfd8a173cd9cd29c74be653a5d345fefc0a91", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644619, "uuid": "5623b9d6-9314-4aba-b35d-491d89f5a5a4", "comment": "Malware payload (SnakeKeylogger)", "value": "845c16b8b75e52393c6ab2b8b02f225b788bd3eb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644619, "uuid": "f37be305-e3da-429a-9ec6-f3f8d682a824", "comment": "Malware payload (SnakeKeylogger)", "value": "f2f7feb631046fd196c9f010d49c4d2f98ae6ae71553d5aee8d31640769087d868689bd8657a27ac2831366dd911ecd2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644619, "uuid": "9b6754b8-8779-40ee-be28-4f4c5cf7d099", "value": "T1EC8402A4F29D9B26C65729BBC701F960C33A7D38E9B095F67E21724C87BF41CC592680", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644619, "uuid": "1fd204df-fc4f-4fca-8f71-a5ddfb5bf088", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644619, "uuid": "63a6b31a-fd56-4ed1-8118-b2635d0a5d3a", "value": "6144:RxqOazRkeHLR0ph969tLXDHv9VQvCOMT/eYOtYYE2Odtyqd72fgSA:/qOazNWpefjDP9WvCOMDZlYrOiqo4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644619, "uuid": "a0ff776e-ac88-4e2c-989d-12b92d32703c", "value": 376832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644619, "uuid": "790ef16a-35ed-42dc-a581-c8e512b1c312", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644619, "uuid": "fcdc7bcf-6fd9-41e0-952a-31bd2a44475d", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6615e06d-6d59-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697594122, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697594122, "uuid": "55d2dc32-aee0-4a5c-a90d-56cfd2d86efb", "comment": "Malware payload (Amadey)", "value": "857ee17170c9aac7932035788381a450", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697594122, "uuid": "b45f4780-b5fb-417a-b403-62415f1d9b84", "comment": "Malware payload (Amadey)", "value": "722b37b741d8d02eb2f13605e34a28663eac65fba75aa5c3908d4ea8f3d91a54", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697594122, "uuid": "6bb70f80-bcfa-4d18-a213-44970a8f8a3f", "comment": "Malware payload (Amadey)", "value": "439490b3822efbda930c3554813319542ac40ddb", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697594122, "uuid": "08551cb1-a284-4f4c-a880-6835fea5369e", "comment": "Malware payload (Amadey)", "value": "0211531a9468bee7da79d9599147da69a0832e3ac8f5caec7ac939936da3ed5253a48ca7eb8fe3f0a53b8661a6e01cc4", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697594122, "uuid": "28e5f68c-a5e1-4c7b-b6e8-4b6e91bdbb90", "value": "T123448D0174D1C472D9B2273209E4DBB95A3EB9200BD65AEF77E40FBE4F702C19631A66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697594122, "uuid": "7ab932c2-997a-48e5-8282-e0a55115a4ac", "value": "e6c8a6ac2c39bf589d2a9a54b0ca583e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697594122, "uuid": "58c8ccd9-ddb7-4aff-bfe2-d84cdd966b38", "value": "6144:5Er4bM3mz18sxh8U9I/zUAjAOmAGDso/jm:5iDE18sxqfZj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697594122, "uuid": "a7745df9-b4ca-43ec-91eb-902d4dfd0250", "value": 254464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697594122, "uuid": "6a5d51f9-a07d-4050-93bf-9af7460ca5e5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697594122, "uuid": "ee5da588-e7ee-4acd-a9e4-9207734a3980", "value": "857ee17170c9aac7932035788381a450.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9861a1a9-6d50-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697590341, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697590341, "uuid": "cc26e2ed-5ee1-4790-b2e8-9537df64b026", "comment": "Malware payload (Smoke Loader)", "value": "773ee4d583bbba94408b67d3387f0c2a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697590341, "uuid": "1c3bb072-b626-45ff-ad49-3fb3b2ed398e", "comment": "Malware payload (Smoke Loader)", "value": "729daa3232aa59c480e56c199bc33e059e22d33e96ad036f14c1ea036ee4b799", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697590341, "uuid": "0a6c7c44-d00e-46c6-8fa2-b523abec0092", "comment": "Malware payload (Smoke Loader)", "value": "0d966fa8de3ad8e0b479d63aba4073f5d6bd5cf8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697590341, "uuid": "f9f56b89-3003-42bb-af0b-030176dc8f32", "comment": "Malware payload (Smoke Loader)", "value": "63202624500f69eaf7463c436bf61f7944e1cd47911fd41c5ed8caf73474e89351422823c7a852ac49f095e8e8736974", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697590341, "uuid": "11db97c0-0168-4b6f-87d4-f6a8c12c548d", "value": "T157352346AAD89475C1F15B704CFA13930D3ABDA549788B7F3742AC8D6CA32C6787232D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697590341, "uuid": "b908bc46-043a-496d-8077-5f82b9b2ece2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697590341, "uuid": "f2b32ecd-cc16-4514-ac04-880682859ffa", "value": "24576:PyxDkBw2dKIuLH8+0p1KP5GxpVdtMm+O4S8GcH4c9fJP1:axBsruL8P1U5e5uTOAGIZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697590341, "uuid": "61934c6f-cc22-44aa-9bc9-2c274574050b", "value": 1094144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697590341, "uuid": "fa96a1ee-c051-4bc5-a794-c11cfd761e50", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697590341, "uuid": "ed76c703-af37-4099-a201-4cd17d9434f4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "755763b1-6d70-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697604026, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604026, "uuid": "e021e06a-8f39-47f9-8290-b953e2405007", "comment": "Malware payload (LummaStealer)", "value": "a9b6eb78db215eef5d23ad9a6c6c04cb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604026, "uuid": "10bb27bd-db5d-48cc-bfa7-ac1176588b6f", "comment": "Malware payload (LummaStealer)", "value": "72ee076ef07e179548a5d6973694b29a367ce7a76c7b66006ffc7202730e159c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604026, "uuid": "66c1aafd-943b-4c51-b3e5-6b53694270a1", "comment": "Malware payload (LummaStealer)", "value": "92d3ff8352c928a3cae2c51fda3bad8affaf7c4a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604026, "uuid": "c1367e7a-99f3-46f7-ac78-cba4678f327d", "comment": "Malware payload (LummaStealer)", "value": "498b4d3c08062b5ce7faaa63fce2e6e1a69455a3fe77cecb7e34ff3fb44ccdac85eb843360da97cb6d8ceaecc84c5bd6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604026, "uuid": "2b9b7e7d-65c9-427e-97d1-f4958f3ef0b4", "value": "T1F535234B6BDC5073E8FA637044F613D71E3978A64D709B6B1792E82E4871680F23276B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604026, "uuid": "9a0cbdb5-da4e-4246-97b0-f0eb9586263c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604026, "uuid": "87b8805c-7664-48c7-9166-60d4c6eff192", "value": "24576:/yZeWVYU+FgxkyHfSYD/P+Z8W8ktLefeBdvI+ZOs:KZeWGDFgxkMfSYDX++3ktafeBdvzO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697604026, "uuid": "a34bd976-5076-4928-a973-e6eeb00eaa04", "value": 1096192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697604026, "uuid": "fab0c853-46f3-4957-a21a-addc22c82760", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604026, "uuid": "b220a60a-e004-4b66-936d-e6fbdefc5d16", "value": "a9b6eb78db215eef5d23ad9a6c6c04cb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6fdd2391-6d9e-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697623774, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623774, "uuid": "07eb60b6-3b9d-4733-9f3c-44afe38db39a", "comment": "Malware payload (AgentTesla)", "value": "750aaed6b25f04ba1962fef6049a8172", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623774, "uuid": "58866f3e-28e2-4969-9a4e-977e49f414f9", "comment": "Malware payload (AgentTesla)", "value": "7317ce7a3ef968e23d55fc137f133f26864a6efc47dc1f10896ab6c4cf67ada2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623774, "uuid": "ad42e3de-a272-48e7-a56f-7c5a6a1ba405", "comment": "Malware payload (AgentTesla)", "value": "7ed912980ef6cc85188da283bfbe47986bfa4088", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623774, "uuid": "8469ac01-c5a0-4a08-a1a8-5bb72eafd5d0", "comment": "Malware payload (AgentTesla)", "value": "52a1aad904dd8f84088da820a7aff5c5d0b4e02af02b4eacf81a04700a56a9c5ef19f950c14d0ce36abb4c37b939f676", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623774, "uuid": "1534d9f8-1ca2-4dd3-b89e-4d5e950c6358", "value": "T1A955B27D68B84627D46AC6B1DFE5D823B041AD6F7460A82854D7772613B3B4330CBA3E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623774, "uuid": "74bc1c35-6ec7-421e-bf2d-15c9ccc5a2ac", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623774, "uuid": "7869c19e-82c0-459e-aed8-1d8f9981912b", "value": "12288:yNJRZbkaYWagxPoyfw5zYmBJqiT9z4E0SrTf4jmLPUx9z:qkTWnPoyfuWi5wjmbUj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697623774, "uuid": "91fda27a-575b-41d6-bc83-fb34ba03d873", "value": 1290240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697623774, "uuid": "5ada1ece-0084-4cd0-903a-58fb204e4748", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623774, "uuid": "5031ceae-aee5-425e-9a41-9133b1d6ddb0", "value": "ScanFatura001.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f5996de-6e11-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697673004, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697673004, "uuid": "1a8de90a-c969-49d7-8330-f276923c3a8b", "comment": "Malware payload (Mirai)", "value": "343f4389242eb2fb1e3cb0ab09901614", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697673004, "uuid": "b07b7087-b852-4c14-9f46-f5e598e72c8b", "comment": "Malware payload (Mirai)", "value": "735058de5205002ea81c57a098a5687bc9a420d3f434f14da54d86930fe00677", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697673004, "uuid": "3e9d3d8d-b7c7-40ee-be85-7ceadbcf2003", "comment": "Malware payload (Mirai)", "value": "417ffd49d13c10ddad78139fe05c245242038f35", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697673004, "uuid": "7a65a022-616f-4f72-992e-3464d227631b", "comment": "Malware payload (Mirai)", "value": "b8ec2eacf219e5b1d6aecd81ca2c87a6e1f4bf023e3f3a77c0ea2052a552b224feb8d1fe18ed4ee113c49fa4024e691e", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697673004, "uuid": "2f99b9bb-68f7-4ef0-a60e-19936b4c4753", "value": "T1BD230271880E9EB125703C72DBD5979376F02AB1C6673023D62D4A3C2EB97131E5BE4A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697673004, "uuid": "a84cb9f1-f52c-4958-8054-2b4a6794a84d", "value": "768:g/TYCoIxdEk+AxoTZAZHFeq8b3h9q3UELbUXfi6nVMQHI4vcGpv0:gECFd+A6YHAxULRQZ0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697673004, "uuid": "b436e902-8efc-451e-a31c-2cb5f87e779e", "value": 46624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697673004, "uuid": "87acde52-8b98-4bcb-b588-1bafe971f347", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697673004, "uuid": "e53389c1-5289-4370-b5d3-0e498db2ac12", "value": "boatnet.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "589d8e68-6dd2-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697646069, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646069, "uuid": "2f0888d3-2c59-4705-8316-5ea6d00bbc5f", "comment": "Malware payload", "value": "27bf5313ca1bd8eb34592d0797a49137", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646069, "uuid": "091781c3-c6a0-4f73-abae-a30f6cee1450", "comment": "Malware payload", "value": "73b0e109f9585e58b6ca1e2b2a1cf11ec951eeb17d654a6ec12c5c06c9251bb2", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646069, "uuid": "bdbddfea-3dbf-4db2-a79b-265f9084f3b9", "comment": "Malware payload", "value": "142cd01344da7ba4e15e24bc08e801bb8bff2b09", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646069, "uuid": "f7cf6459-b5da-4c80-97f2-ecc097c34e04", "comment": "Malware payload", "value": "04b4136eda80cd0fe7717d8246ce44c8a41ecea33a479c3de2cb8fda1d2df09dde4cebe5c2dfa99ceba26c30b3e934f4", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646069, "uuid": "f8dd647e-6201-4245-b17e-5319e410b796", "value": "T15AE4AB9D765071DFC8ABC972CEA82C64EA6074BB931F9207D01315EDA90D99BDF180F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646069, "uuid": "caee0d78-9a9a-4ef7-bb55-7148b0b1f070", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646069, "uuid": "e0aabc6d-e801-4f25-9d4a-73d5fad85333", "value": "12288:JcXEwUpbbWNn1ftDWyckLiKjYV9pEmNG/AwOHBN9F5Q5GJ6XRtCR8LzAZJuMmXbv:JHbYnRhWycQiK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697646069, "uuid": "77210ef3-61fa-421d-92e1-dac72fcdbc42", "value": 712704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697646069, "uuid": "6ebb076f-cc3a-419e-8ff2-1c45f4a24beb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646069, "uuid": "07a28a30-1731-4395-a6a2-53c61028f498", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c439a71-6d84-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697612628, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612628, "uuid": "da84f9cd-f077-4967-9c13-842f4795007d", "comment": "Malware payload (Amadey)", "value": "56701b1f2d0740d522f5cab06a52e8b6", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612628, "uuid": "1e5929b4-c2de-4799-9bed-aa2ad02846c0", "comment": "Malware payload (Amadey)", "value": "742c0721acf93e718d60a6305543607f4e1c187cdf2ec5693d926194a8de3745", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612628, "uuid": "885ba553-2da2-4ec8-82a0-4d728c321f7b", "comment": "Malware payload (Amadey)", "value": "5bf326f03564f76c98cb15ce00e891e39cbba1da", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612628, "uuid": "5029cfe8-e7b3-4b54-8753-f26f99c36d30", "comment": "Malware payload (Amadey)", "value": "ef88d8ec21d27b856277de1a5908833d143642c0eea9df52c3deb4f8fddf7b8689a0ed35fc9d6708b68d6b959aa66c7d", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612628, "uuid": "f26c075e-e04a-4235-be63-d4799422bf04", "value": "T1933523172DDC8922C4E5177469FB13C30A357CA2BAB8572A6355E94B4CB3AC6907233F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612628, "uuid": "b99e4b11-3d1f-40ad-9c61-67127bded738", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612628, "uuid": "2cea195a-20d8-4446-8f6c-e53689cec03b", "value": "24576:7yrvYWllCfRFgl8H7D/3BvOI7/NZPLge5hWj8sp9taRI6aFc/JxIYL:ubYWvEj/JvOI7/NtLltsxz6aFy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697612628, "uuid": "be734143-e494-4bf8-af5d-01b14efc1da8", "value": 1093120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697612628, "uuid": "15f12295-cd66-4820-afa3-34dee7645738", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612628, "uuid": "92d43303-cfe0-4bbe-8120-ba312e08c3b8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f49fc5a-6dca-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1697642698, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642698, "uuid": "41d00e99-50cf-4015-a4c7-3ebd1d0afb2f", "comment": "Malware payload (Formbook)", "value": "80771af7d0ca1451a4e25b2c92d0abd4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642698, "uuid": "2902db16-be01-4ee7-bc1b-71d63102f5ba", "comment": "Malware payload (Formbook)", "value": "743d5e3427f52cce546d8bfa4be1b8083b6249a9c9676a78a39eddba0260952d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642698, "uuid": "22a0198f-533c-4e52-8dc4-aa772634856c", "comment": "Malware payload (Formbook)", "value": "c5b0af829525926dc60a6f6ea9f91b8720f50b3b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642698, "uuid": "849b0bd8-1d71-450c-a008-cbcd33a776b0", "comment": "Malware payload (Formbook)", "value": "7651252afaf2316d5608d8a87b512af92af0ecf7e9af2080236b4f8dd7ba3cbf01a85a25227b2e21a1817e6c6dd5ec6d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642698, "uuid": "bda80f68-7c69-4ee0-96de-1cc38d6b4011", "value": "T163E4120532A4E657DB9823748F66C23003744E3A4625E36128F97ECFBEEF703A55A253", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642698, "uuid": "7d013310-ae70-40c0-b513-30fd217068ca", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642698, "uuid": "8c49d63a-c28b-4984-b317-b0d16b60a229", "value": "12288:oV56HfX9KV0AnM8U85Xx2atg4xyr5XbgzirJ3LQJJ:HftBAnjh2Xr5X8U7Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697642698, "uuid": "688379e4-68cb-40b1-8583-58b45d5557af", "value": 677376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697642698, "uuid": "8d95ab44-476d-473d-add2-e2084b48d2fb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642698, "uuid": "9b3ccc23-e31c-44c5-af26-8092b077ef29", "value": "PRICE REQUEST FOR PO KIPO000903 ( KIND122822 ).exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be602eb5-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697645380, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645380, "uuid": "07a14403-552b-4a24-b4b3-dcd4be71150c", "comment": "Malware payload (AgentTesla)", "value": "ce0edd836f1ddd1a206c39b2081116eb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645380, "uuid": "cd5105c1-e644-4e0c-b8d6-2b8482818931", "comment": "Malware payload (AgentTesla)", "value": "74622dee4841085cd64da27da09c697236e5846915736d7d43200874927b6bc8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645380, "uuid": "a696b50c-2547-48e6-92ee-da25c5bbe4c3", "comment": "Malware payload (AgentTesla)", "value": "52ba9972abe762315f4ae31d5ead298c43aad090", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645380, "uuid": "8715d5b0-7128-429a-9437-621b4e1ff896", "comment": "Malware payload (AgentTesla)", "value": "e0a159fcceb83335de8c69adae89d7a47cb70f8a2bb751cb2bc97eb7dee578ab701785ddf81c839c4681f2390a6f36e3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645380, "uuid": "86f971e8-2410-424f-b229-0741a8115236", "value": "T126F5D417B6878FB2C349173AC59B1F246BADD5C27313D71A2E8E236D08CB7BA9944107", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645380, "uuid": "f303a270-bd6f-4399-9708-1cec79fdc30c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645380, "uuid": "d04abcb4-8be0-4341-ac6a-6f4087d7dae1", "value": "49152:JXghjhB3HzbPoTwu5VQTDx8u9205FbZcddPf1Zk9RUv:J6jHXZ8qvWPPGRA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645380, "uuid": "0fb7c2a1-d54f-490d-8993-c7350da6eaca", "value": 3325440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645380, "uuid": "917c676e-c3cf-4d26-945b-71c7a415b835", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645380, "uuid": "ba6d3061-222b-4a39-a618-eeceb198c379", "value": "NewPo075.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "938c7557-6dad-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697630276, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697630276, "uuid": "56907df0-f4f6-4733-902c-431b69f76e70", "comment": "Malware payload (LummaStealer)", "value": "77dbc18e1a10f100fb057c55958dc8c0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697630276, "uuid": "df872ba7-d5bd-4c53-8320-fd19d66a174c", "comment": "Malware payload (LummaStealer)", "value": "746fa5cc5686ccf10b77ff979e292d993ef637c0499f55c643f3f579aaa1b25d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697630276, "uuid": "7ed309ad-4c25-4bcb-b778-b6b6bb52dd57", "comment": "Malware payload (LummaStealer)", "value": "ab36bbcc50a5d157e511159fd6c668fa9b0ab620", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697630276, "uuid": "13738d9d-8878-43a3-9dce-9d686874cc7f", "comment": "Malware payload (LummaStealer)", "value": "ffa5c04b2444e7d26ed87153617143fa47d4d5b6a0736789c431246e5cd4891106f2f0bd17a1477d00190f560a6be91e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697630276, "uuid": "53cf3a1f-f819-457f-931a-789bf73057f7", "value": "T198252303E7EA4133DAB17B7158F203830A3B7CB28DA49A5A27954C7B4C729C1967536F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697630276, "uuid": "6905db88-993e-4fbe-80e7-2ec9f1e96b4f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697630276, "uuid": "f4f60394-67b3-4ead-b232-ea7913bcbff3", "value": "24576:fyPgElZo5dUAcajsykRmhs3ua7DI89tyA:qoXjUAc4+7E0Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697630276, "uuid": "81870a5e-c4d7-4f5e-98c0-41338515a7fd", "value": 1002496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697630276, "uuid": "41c3d932-8bdb-44e0-a16e-eef3dd9459d2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697630276, "uuid": "1040ab53-d33f-4a1e-8124-34d38ea964da", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb61bb69-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697596520, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596520, "uuid": "7ef3333e-185c-410f-8c63-6a5d77b8cf65", "comment": "Malware payload", "value": "6a75d8f114fda63cdabd6818c1b6a095", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596520, "uuid": "3850cbe5-4746-46e3-852f-852085d8d157", "comment": "Malware payload", "value": "764851d72deb9c9f907dd5e36a973459af4709c53866bec83121b912d955bd43", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596520, "uuid": "d4db0629-cd7e-4fb8-b743-4b17237ccf92", "comment": "Malware payload", "value": "5f17d070f3b24c63b12ebde3af909425108036f9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596520, "uuid": "b74b9f78-2aef-4890-8c64-aba7d31df746", "comment": "Malware payload", "value": "93e83111f68f69ef4adc01658ef2d92e4be8545a7ae8e5e6a1b8c5ab67129757780daec0e22111fdbe61d12d232b43ad", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596520, "uuid": "5959b352-f99a-4fe1-bd38-9adbf9c4c0bb", "value": "T19C840609FA8791A0CB3F1470479BC23BB7313D41E0165EA2F6DCBB7DA8976622D52394", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596520, "uuid": "5bcffdaa-c7ea-43b2-b828-f4e385f9e8d9", "value": "6144:SjtCHV7pPVFVLOsOfVOl9dJm+7A+U63kUgO/4:StCHV7pPVFViy9dJH7A+U63Z4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596520, "uuid": "4f568c59-be5d-48b7-99a6-934e480b7004", "value": 405504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596520, "uuid": "17c51293-acf0-404e-b448-4c3ccbd82b0c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596520, "uuid": "f0f4fd9c-b8fc-471c-8daa-3dbb02b39fbf", "value": "SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.6158.11795", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c091a742-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697645384, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645384, "uuid": "63539342-031c-4156-90e5-53d0714ce22f", "comment": "Malware payload", "value": "eff7895b4e8feb42e73cc456ebb1527d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645384, "uuid": "2084a358-373f-4d62-a722-8370821ba602", "comment": "Malware payload", "value": "764ce79a859a16e1398e3298a38c5e28c326087d5a51f372aa0a49859fe538f3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645384, "uuid": "b9682936-4e77-4b44-a9f0-2d71906f092b", "comment": "Malware payload", "value": "690e76c47e9fb8814822a780c732ffcb1c0902d4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645384, "uuid": "0a302d3b-8c9a-4f55-beb2-48d98dea44b3", "comment": "Malware payload", "value": "027034d309a1531b779bb857ed13fa77a2dc9cb541e0fb5b89d316b135de1c47d407115c159facad5de07d2e0b51898d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645384, "uuid": "432efc29-0368-4489-b0f3-47f8ac7b2de6", "value": "T19734E717BA5A8DB3C289273AC5CB01144361D992B7A3E70A758E33EA1BD33B7CD45207", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645384, "uuid": "d0ac9bad-f766-4410-aaa9-c3cc5dd9355a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645384, "uuid": "6eeb34e9-5564-4ab0-b414-459a124b14d6", "value": "6144:+v5CcM3zfcJSdg2MWyh2VehMgudchxnJ2P:+v5zqzfcJSdmWyh2VehMg0chxJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645384, "uuid": "21f29c50-7fbe-4e6e-b852-95c7f55d714c", "value": 240640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645384, "uuid": "e4a9e73d-f5ee-4989-8041-bfb3f79fc0de", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645384, "uuid": "212a894e-ab7e-44f8-ac17-09a6e349f949", "value": "ASTRUM Trading - PRODUCTS LIST_18082023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f86159e3-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (Loki)", "timestamp": 1697645478, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645478, "uuid": "9eadf18f-61fa-4a06-9383-6c559f345189", "comment": "Malware payload (Loki)", "value": "648285e258a91e94ff57128ae789b747", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645478, "uuid": "87ce54bf-023c-42b5-8309-b6331a4c367f", "comment": "Malware payload (Loki)", "value": "7729fe82e6ec73a7b96969562eefb9cfdacad9fed76e63d66b80c03325150d31", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645478, "uuid": "83e79a40-b962-4f50-88aa-01c86c28ada5", "comment": "Malware payload (Loki)", "value": "c80003482640f1bf184b66e78407cc6c565beaca", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645478, "uuid": "981cae22-72ba-4bbf-9771-16b2697832cd", "comment": "Malware payload (Loki)", "value": "b9a24b73d5ce25d079fc35b3cd0ab28c0b26435597bbb2656da245ceb99a40a88676bf123c7bcab86f3812c437479641", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645478, "uuid": "9540ab3b-8203-4fbc-bc53-e402ce6d86bb", "value": "T1A2537DE0DE45151A8D4F27EAEC414872C5BC817A99230136FFED638E920BA5C97BF709", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645478, "uuid": "08cbea8a-0da7-4711-89b9-b824c2b8757f", "value": "1536:WTlKf3aVacpcncE7Lrzx8Og60ocClaAGemqTHUa:WTlQ3aVPcnB7Lrz+R60ocCla3eRLUa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645478, "uuid": "0440bbbf-c3e4-4cfc-898b-9db292fbf67c", "value": 61400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645478, "uuid": "c3611821-e2fe-4c12-a0ac-a64c5826d2e6", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645478, "uuid": "ff02b9dc-ce53-4b55-a6e9-a24202173b12", "value": "Sitat sor\u011fusu (MATEK) 2023_10_18_AZ\u00b7pdf.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6fd14050-6d5c-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697595427, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595427, "uuid": "4154779e-1eca-4e4d-8b9f-4333880559f3", "comment": "Malware payload (Gafgyt)", "value": "b0739d34e60a6a07156db27e31286ca6", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595427, "uuid": "2ad81215-3c9e-4bc6-8fe8-beac41e8089e", "comment": "Malware payload (Gafgyt)", "value": "7767f5bda2dc3f6119d63a00beb7e17b080ca6ead0e4ea26d245f5922d30536a", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595427, "uuid": "fd184bcb-23d9-45ff-b3ec-664735955302", "comment": "Malware payload (Gafgyt)", "value": "5d40ce7fb6ccf2f9cc15b5ca613ab2c56f22fccf", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595427, "uuid": "7c97de96-a91a-471a-ae1c-2734c8394151", "comment": "Malware payload (Gafgyt)", "value": "c3f4d41a25a0763e571c9b1375496463e11266edd24fae753e60e8b3ee0da94feb5915343591d585623e4c695a9fddb1", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595427, "uuid": "16d36971-5d23-4e42-b505-4269c0daa94e", "value": "T1E1C32901E4508767C1D2177AB79F864D37232BE897DB33129A246FB42FC279E1E39960", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595427, "uuid": "d4dc948f-a9f5-4eb5-aa70-3d07f309e560", "value": "3072:FNJbtanjvj1UxsYAoab5hJ565NUqmEQ92tX8Q8:VtajvjOab5hJ564qmEQ92x8Q8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697595427, "uuid": "9f65c7b7-f838-4ffd-830a-aa6ee46b300c", "value": 124474, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697595427, "uuid": "45e1d159-62b4-4668-956c-b9fab766393a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595427, "uuid": "acad7c23-d056-4a1e-9013-5d4101e3a572", "value": "Ayedz.Armv61", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cec23b25-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697645408, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645408, "uuid": "c2f9ec89-5bcf-4464-aa78-c583ef780482", "comment": "Malware payload", "value": "df34855d0d0f2ea1a84b220541d3b4e0", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645408, "uuid": "2dfbcdc2-adff-45ed-9638-cbf113e23fb4", "comment": "Malware payload", "value": "77e72116bae3789e455e2bc8cf088f1c358243251d19cead84ec70aa691e8b07", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645408, "uuid": "60842bd4-dbe3-4620-b5bd-6e4a5a697339", "comment": "Malware payload", "value": "82f0be69ade282cde6ad8bc17eddc894b4f67a64", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645408, "uuid": "3537edd9-74bd-42a0-808d-d0d404c0161a", "comment": "Malware payload", "value": "fc28361aaa117ebac977d535d05431069b2a3fbd44a03480123f4fbd901f550d8c836c06928f2fca09f9724583fadb9b", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645408, "uuid": "65ca692f-27fa-4ef9-8385-ac00f5f6d36a", "value": "T1A6F423354C666A208F57819AE087431AD06B3FDA1BFB7C3A23575884D0D516F62CAC6F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645408, "uuid": "f257b907-6678-4724-b814-40a7fe257200", "value": "12288:AEld4x0WzbgtIoA99Ome2o7PYD1kcP5atAdhcE8xRYsxr6nN+VazJBqUj9Yyq3+:AEbwbqItjOH97ADTxatAd2E8FzyJAMCo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645408, "uuid": "9dee7ac4-3a42-424d-ae21-2916f6debaaf", "value": 729551, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645408, "uuid": "0deff012-badb-4a48-9642-354bf592ae3f", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645408, "uuid": "7b55d827-c725-4b35-8e65-5e77f6db195f", "value": "billet de commande.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42cb335c-6dda-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697649468, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649468, "uuid": "eff4c5b5-7cef-4084-b6c4-3b8f5a4672cb", "comment": "Malware payload (Mirai)", "value": "57b00306aecb2cec8871a737587340a1", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649468, "uuid": "2521f507-460b-4b93-a794-c2e63ce5504a", "comment": "Malware payload (Mirai)", "value": "785cf5ea34c7cfa42f4a612ebbfb07656b2bf6d283736d3258673b57c938fa9b", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649468, "uuid": "fbe323d2-39e1-4619-94d5-016991fa8abb", "comment": "Malware payload (Mirai)", "value": "3f18b8a9a74a249da8117336e3fc1e9715e2bca9", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649468, "uuid": "a8c30f0d-e404-49c8-905d-510ca17dfab0", "comment": "Malware payload (Mirai)", "value": "fd38643e40ad22dd5a40e069cadf682ba646fdad079fa234acf8e8eba0a9a75ae3015bd4abbdd25552438656a37e6386", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649468, "uuid": "130fcb13-95b8-4629-aad1-07651d423eda", "value": "T117D2D0AAF387D4F4E9F585B8515C10C0E468339A5B1087BF049A53BE88B77CE1635F51", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649468, "uuid": "9a434331-6cd7-4ef9-9821-8b23596e47f3", "value": "768:lYSoXdJZtUjkFfNJlVrQeHvPx2csGHE3mj8g4Sx0s69:lYJdJZGjkFV35/McrKYDt69", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697649468, "uuid": "dc68016c-9518-4adc-8cf7-546c4dc815d4", "value": 29432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697649468, "uuid": "32f15f01-7162-425f-9891-efb28588c432", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649468, "uuid": "a0ce7b80-c4d0-46c4-8af4-d03466a9a9ac", "value": "57b00306aecb2cec8871a737587340a1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54a7fd5f-6d90-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697617715, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617715, "uuid": "3708f931-f8b2-4ae4-bab8-f5e2de2d5793", "comment": "Malware payload (Amadey)", "value": "2a5e90aa2289815c02e65e178d6a0408", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617715, "uuid": "a133a00b-17af-4163-8166-6bc9c5bc8c6f", "comment": "Malware payload (Amadey)", "value": "79c72991bea780ab47f1c4eba6c40d268e6374fca5802ebe5ac4f47601fe2855", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617715, "uuid": "34e8eef4-322d-49ed-b212-22bb22971ca6", "comment": "Malware payload (Amadey)", "value": "fe6956987f2df5685a98587601e97341e6df9e30", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617715, "uuid": "9bae5df5-dbbc-477a-890e-ffca8eff8852", "comment": "Malware payload (Amadey)", "value": "900a8673ad950405b475048515158e34f31d70ea73e794e6d9d4f97d17f91342b4f594c3d7f9f08061fb84fc59b4e5c0", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617715, "uuid": "656d33d7-350d-4e7a-ad6d-d2a665261188", "value": "T1903522537BD88833D3B11730A5F602831D38BCB99D38A73A6197E95D09736A4A03677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617715, "uuid": "c7fb9b84-0c60-4d64-92dd-aecf1646b3e9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617715, "uuid": "1fd0792b-0736-4b9e-8f92-305c7994a7ec", "value": "24576:+yi6LUjiaOFkPhEkBQrPkFH5EPyPBprbBXNt9pm+qN06:Ni6gjjQkqkBQrklCPyPDrbpmx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697617715, "uuid": "0701ff8e-4922-4983-8a06-04a14c000b3b", "value": 1100288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697617715, "uuid": "106c58ff-b52a-49ff-89f3-10c116c54c0a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617715, "uuid": "65a9a717-8332-447b-9719-b7d63c52ec78", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ddb866a2-6d78-11ee-8907-42010a9c0042", "comment": "Malware payload (RemcosRAT)", "timestamp": 1697607637, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697607637, "uuid": "9a621137-b46b-4708-88ea-8d20dc5948bb", "comment": "Malware payload (RemcosRAT)", "value": "f3ec53fcff633c2ce7d4465c17d1e0e0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697607637, "uuid": "4a8070ae-23b4-49c3-b1b4-d02812646d11", "comment": "Malware payload (RemcosRAT)", "value": "7a3b69d2da752d5b7be89edc1c1b71393d204915e91fc45d623ed9f61399dd92", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697607637, "uuid": "acc6f79a-8d6a-479f-b8df-7636ed3a5030", "comment": "Malware payload (RemcosRAT)", "value": "da6e3398c8fb220e0e3139d8c2c0926533af1fa6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697607637, "uuid": "2a09cf4c-6e53-46a4-8619-d00c99de756b", "comment": "Malware payload (RemcosRAT)", "value": "bfa3dfbc131ae8f2fad0484857b12d939a6924a6dc23dac12a4f717e0c499055c937b637d860721c83453e4fc4c7ff2e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697607637, "uuid": "fa7fc32e-abc3-40c2-b944-a086b560cc33", "value": "T16D55C23D19B91237C169C2B9CFE5C827B0009D6F3561AD6998D7B7A64373A8634C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697607637, "uuid": "71950ebc-0995-4641-b314-47a72c7860d8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697607637, "uuid": "471c0443-332a-42b3-a50a-fdaf5a4d0caa", "value": "24576:zLNRWpCt1ISVcHBc1Zbp62l3fg38gfyC+6QrkWN:Nt15VWBc1z6s08Gu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697607637, "uuid": "adb6094f-a673-456b-8d7f-66dd9c5fd67f", "value": 1369088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697607637, "uuid": "a1575c47-281e-4891-9abb-d2c1e6af97bf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697607637, "uuid": "c635f659-228c-41e4-b6b9-c20fb1be422c", "value": "NOMINATION LETTER .exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7ddb06f-6ddb-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697650121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697650121, "uuid": "d93c5a11-e954-4c1b-8777-d71cbebc683b", "comment": "Malware payload (Mirai)", "value": "b6a990746b8da5a5fbebc867727d0f4a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697650121, "uuid": "bb403b07-189a-4784-aa35-2d634f32eb37", "comment": "Malware payload (Mirai)", "value": "7ac88e67b0cb1e8ae40b2678dfb959d2a458abfcf9446e10187265ced58525f4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697650121, "uuid": "53205b53-b6f1-483b-aa37-e4ea9ace7a5f", "comment": "Malware payload (Mirai)", "value": "1a023afdaf61c7288c1acd3f677e205ea7e7c18a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697650121, "uuid": "6763db96-c48f-4600-9051-5aa6b2b7a14c", "comment": "Malware payload (Mirai)", "value": "6a1582140cac484007a12d9b2710774c38c82ebcde0e49f9365835c640121c9cad7da47ef5f9707bfe1cf65210dc09e9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697650121, "uuid": "66b5320e-5de9-49fe-969c-7e760da63cea", "value": "T14B735D24A97D2E26C0D4A17B62FB8361F2F6230E2570965D7C760F8FFF2464468162B7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697650121, "uuid": "6201a956-ba3f-44ec-b9f4-ab0a7e2eafbb", "value": "1536:5ms+geQfvznpCR8ee84cNsAUiAvFI7IlNnws8G:YwfdNu4cmZvFqI3w7G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697650121, "uuid": "f60fb57e-22a6-456d-8f9e-5190225f28ee", "value": 74752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697650121, "uuid": "c7f5d350-a2a4-4fe3-a781-575eabbec66c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697650121, "uuid": "c82e90d9-3a43-49cb-a985-6885ece8c140", "value": "b6a990746b8da5a5fbebc867727d0f4a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba5bca63-6d76-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697606719, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606719, "uuid": "57315e49-b85b-43e8-80b8-8d8d6bcbbdfc", "comment": "Malware payload (Amadey)", "value": "8e331d81349ad48133f2bdd8a74b8b6d", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606719, "uuid": "e0157876-706c-40d4-9cb1-7980503e2e3f", "comment": "Malware payload (Amadey)", "value": "7b315683121d4a9fa17658dd652ca05f3ed9f40611b2700429c0da96ef5aeaba", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606719, "uuid": "6d54153c-f94a-4ad6-bd26-2bb512d62d5f", "comment": "Malware payload (Amadey)", "value": "6482f84fe9eb7e97d9e24bc28859c84de63cbcc0", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606719, "uuid": "97f322f4-c604-44b3-8730-2c35159cf561", "comment": "Malware payload (Amadey)", "value": "71ddf3272d9d4f94aead75c44ed76331f03c41242385896addee85d3fc82b67e099bbe0435d947abf4915191f5614f6d", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606719, "uuid": "f58661a1-4d2e-4c8c-945b-a848a30573ac", "value": "T111352352BBDC9571DCB32330ACF323A717327D519A78426B3799A98F48F2B109931366", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606719, "uuid": "730ac54e-fa1b-44e3-abaa-594f9632e261", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606719, "uuid": "b81ccbb8-105e-46f2-b5a2-4fb60aea8075", "value": "24576:IyXrZEt51/g2uunVTu8o60fPrcPvoytKUr27yh+Ll6pP:P7ZEz+nuI8Lejiv3cH7++LU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697606719, "uuid": "b33f5f72-0fab-4316-8871-f06be7fdf4e8", "value": 1096192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697606719, "uuid": "5ab96545-b2cd-4142-9f31-10e2eb280925", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606719, "uuid": "a8c8b244-ff0c-4e5f-9943-e02268273a8b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dbb12627-6da4-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697626532, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697626532, "uuid": "0caa82f8-82ef-4816-9b9c-8a3e312833b0", "comment": "Malware payload (Amadey)", "value": "54190682f50c6fc36a489f2bd8e55c9b", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697626532, "uuid": "c01c1c11-94e9-430e-9c6a-07665167a008", "comment": "Malware payload (Amadey)", "value": "7bb51af198cb0bc06b47238ace7120a524e407b040a186ffa0ad3cc2fc89e1be", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697626532, "uuid": "8cb159c4-adb1-4a0b-aeb4-5a8a973c3dcf", "comment": "Malware payload (Amadey)", "value": "13f2c2dc45bd42d52e931a26ec4eabdb6109ba77", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697626532, "uuid": "91250161-ca12-4c65-ad55-2c8e7504f00e", "comment": "Malware payload (Amadey)", "value": "01061b08ea7de76f4a86a57f6031c04536d92bac03553b29ee8df2437446da7de47642a994711b624bc78e7e0db09753", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697626532, "uuid": "58880865-17b5-49ee-a295-0319c1de8f61", "value": "T18B349D0176D1C073D772153509E0EBB55A7EB8700AA29EBF27E40F6E4F30EB1D621A66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697626532, "uuid": "6b980e09-2c29-4755-bad7-8eecfbb0b190", "value": "4f0cdfd3e1be2bc790b5aa9061b7d52c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697626532, "uuid": "8973bed7-3683-488c-a44e-790d0ac57fe4", "value": "6144:VmfX4FIRd5DzznuBosiDKl51eAOB/fZK+waTi:VMIKd5DPyev/fZ3Ti", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697626532, "uuid": "59c5db38-7cd1-4d77-a2f1-ef302ad2a75a", "value": 235520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697626532, "uuid": "c18e360c-47fc-4e65-847a-cb17cffb0ab1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697626532, "uuid": "8123edaf-5875-446c-b125-ab1978c0b022", "value": "54190682f50c6fc36a489f2bd8e55c9b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c638ade5-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697645394, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645394, "uuid": "3592ae22-bdb9-4269-b483-2f803b12782f", "comment": "Malware payload", "value": "46d768aefdf079553d4af20eaa39c454", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645394, "uuid": "60c93f4b-5e95-4894-a859-b81688466e4c", "comment": "Malware payload", "value": "7d2c06ad2b370abc3951a620800f2fa995cb9b63da10eb97b9aaca9c8d52362e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645394, "uuid": "16eb2083-df37-48b6-aef9-3281f4473ee4", "comment": "Malware payload", "value": "de1bc8dafc5ada3e05e641512ec947ed32a0df5e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645394, "uuid": "9485361a-45a4-4f93-b0ce-bb3bba3a0099", "comment": "Malware payload", "value": "fa76d99b9547d163367ad3f07d49761dc1fad90966d9e24169ba5150dae0d6125b71823b9769d297f6ef84637c27ad96", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645394, "uuid": "51aaafbe-26b6-450e-a5fd-651288c5792c", "value": "T1D6555A747BA4DB23C57F63FBA0B1465807B9D943C71AF78B0489E9E89C527406E0829F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645394, "uuid": "04211008-9f29-454b-9bc7-db123180f730", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645394, "uuid": "9dc391f0-3cc7-4947-8e35-a79d2f9ea132", "value": "12288:g5ehX6tpG5HEIzFBs9OJWN2oHbZ6wr0eRWT2IQDB8JZxWlhQaXjhX0g30xt:gjtpWfE/IZx+hQat1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645394, "uuid": "c4fe8d3e-f2ef-4aa9-b1d4-a953295a6528", "value": 1338368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645394, "uuid": "0e9b48f4-6a66-45fa-919c-cc5c7c3a2666", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645394, "uuid": "3ce9cae1-a151-4d8d-82d7-278cd1ffe9b3", "value": "BINH_AN_TRADING#202326006.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f950500-6d9d-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697623424, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623424, "uuid": "89969683-d457-4925-be1a-a2947a69604b", "comment": "Malware payload (Amadey)", "value": "f36769a39c10ca746431b327cac56ed9", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623424, "uuid": "9ab1662b-e6b7-45ef-bdc9-88673c385efd", "comment": "Malware payload (Amadey)", "value": "7d3f4bb0ca1f25e1a69707c8c350e0aadb00e3a091ec5cd80fc66362fd377e5f", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623424, "uuid": "64758710-8457-442a-b6f2-ae0c3c5fcf28", "comment": "Malware payload (Amadey)", "value": "4f9813b35af47bacf609eb6f6b3bf9036cf2728d", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623424, "uuid": "120e97b2-d8f7-4f1e-b427-61e337d1785e", "comment": "Malware payload (Amadey)", "value": "3161012ed4af2010b0c5a007ac83b14465804e9fd978caef0c7e83081b288212a78c9ec0739d33395aabdebef828ef6e", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623424, "uuid": "1177cd0c-d445-4bfe-9a9f-08081b15bd64", "value": "T1E4352302BAD858B2C9F127B01DF313430639BCB0DC349B6A2B499A5E1D72785B93577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623424, "uuid": "c1546c3b-ea95-47ae-958a-90384efdac08", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623424, "uuid": "ea4de882-bb31-4946-96fe-870f4ca6198e", "value": "24576:kyo6Wf+110Pqkeok8GSrPj+S5MVf8jZLZXM2Rs2q:zsG112zk8trjpqVmNZXMm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697623424, "uuid": "d342541b-52b5-4047-8a74-44514354bcbc", "value": 1086976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697623424, "uuid": "64ef7d52-aab0-4275-bf55-fef47296d136", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623424, "uuid": "7f91e764-8fd3-4c33-8d3e-8e2278e3f18e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35140a10-6d55-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697592322, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697592322, "uuid": "32a0990d-81f6-40b0-8490-db9ac8f8af6e", "comment": "Malware payload (RedLineStealer)", "value": "6e5f63595e971e1450ef6833318064be", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697592322, "uuid": "da02c2f7-3ced-47ff-b54b-36434f2d01f5", "comment": "Malware payload (RedLineStealer)", "value": "7da0a29494bb62b44281ad621f43bdb482cc10c53eaac837f4802d9bd24b520d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697592322, "uuid": "f6aa1173-7efd-4060-bc93-483b1db1c12d", "comment": "Malware payload (RedLineStealer)", "value": "02be883f89aeedf564f3ad31a44ebc2ed1630e00", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697592322, "uuid": "8502a92a-d340-40da-84a8-121eaefc2164", "comment": "Malware payload (RedLineStealer)", "value": "665b92e91d0d97869775e2b58a22ac167bf94e611191323e838294cfa186d75770462fd0fd6baf39562682d3ec61d752", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697592322, "uuid": "36a38205-7a00-4387-850f-b9d37e256132", "value": "T106B41203A7D48032DAB55F7029FA03971B39BD965E7C432B2742A65F1D722C4A931B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697592322, "uuid": "abc6f63f-82a6-4dde-8ed4-e2176a85ed1d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697592322, "uuid": "e232c3b9-fccd-4df5-ad0a-7644e7c30188", "value": "12288:CMrwy907fpLmvZ5Twyr1IVHqi5QDK6EZ67l:WyepLkZ55O55p6EZw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697592322, "uuid": "d836ad5a-50a1-4b22-813e-810a9a2e11c7", "value": 514560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697592322, "uuid": "78b85c8d-ab1a-451f-acfa-d87917b307d7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697592322, "uuid": "1efe0ccc-ae88-4286-a379-fcddd849d2fb", "value": "6E5F63595E971E1450EF6833318064BE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d27e0325-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697645414, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645414, "uuid": "0a41b048-45af-4a65-9c3c-58abf443976e", "comment": "Malware payload (AgentTesla)", "value": "7326aa3cd07946d9d3631382c6cd57b4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645414, "uuid": "9fe0d444-18ae-4be2-8d8c-974fbb6302c6", "comment": "Malware payload (AgentTesla)", "value": "7de08a9e1cc5d05431bc2da4bc26b1725c3730b28a6d2425c313a4eb762b4128", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645414, "uuid": "10539198-9015-4548-be49-7fc5b018bffc", "comment": "Malware payload (AgentTesla)", "value": "8581cd3d5de0f63b678641beb94383006cb43f88", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645414, "uuid": "2c8312d7-ddef-40d5-8dec-e67121ce81fb", "comment": "Malware payload (AgentTesla)", "value": "672b0cce92c599682bc8c1a684563b728374e756a1289e43acff707d0ffc8112f030f5008cd9a3fcf567520bb899e40a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645414, "uuid": "1c11b34e-89e2-45d3-ac6e-da5d472e0ae7", "value": "T194D43364989D291CAF55B322331336B4F3B55B841018339EE74BD94A1F3A4CFB2945EE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645414, "uuid": "532d0684-a837-45b7-90c9-8714cc242c6d", "value": "12288:0jnWQ9RaQca2KyHV71tkc23ieYUnv8RWMf4CQrQtUfAYRtMSoa:WZ/caTyHVBtHqJsX4prQMAYHFT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645414, "uuid": "493298ad-ac1f-4f53-94b1-ca65fc66f18f", "value": 612300, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645414, "uuid": "c448a5a1-6622-40b4-8dff-278670b06815", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645414, "uuid": "4355e526-88c0-4e2a-bc5e-3fe90003fe45", "value": "Confirmation_15Oct2023_080752.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "feb8f910-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697596526, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596526, "uuid": "3e4f3789-770f-4647-b449-349f2b84f0eb", "comment": "Malware payload", "value": "d4ec4c061e1b80f5a2231d4f2290d517", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596526, "uuid": "211c8661-b611-41f4-a75f-b74173592718", "comment": "Malware payload", "value": "7f2fecb6bfb9817694d0f7342df855db2d39c07d1900939c3f2cd0cbbde681b3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596526, "uuid": "cd2be3e4-2b51-42d3-97c3-fad4c5565e2c", "comment": "Malware payload", "value": "25e2daffe37c88406714a78209ed1bdf07e88148", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596526, "uuid": "4e308856-816f-4ccc-bf91-cdf260e99d25", "comment": "Malware payload", "value": "86f272ad6c641bb18e9243b2de00d635238f2a47b8d76fbb3c5d40bee8f3f8a7308c713ee1cc6202f2029e3f5edc36f7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596526, "uuid": "79e5023d-8d0e-4d36-8f07-aedd66fdec89", "value": "T1E574134D67869734ECC72E709E638970AA74FEF48705820FC59779AE5CB10123E69B0B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596526, "uuid": "aa5f38f7-a858-4485-9f4a-5335682e2009", "value": "2b6937ef6831277f66c536aaeabc1a14", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596526, "uuid": "7d428197-fe76-483e-bd1b-866071c17949", "value": "6144:+2fBILgM2u+nmzK6QgSuHL5vj6pN3AxrcxnE1CQcYI8+yXObxKqG98S:jIEGpzK6FSkFv+AeF0CxYgdbVS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596526, "uuid": "c65df240-e6fc-4b64-b5e5-2df4279b48a6", "value": 358400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596526, "uuid": "4924b523-80e5-4d7b-8ff2-b4f029c7b623", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596526, "uuid": "97d508b5-72c4-43b8-b243-17195f20d3b3", "value": "SecuriteInfo.com.Trojan.MulDrop2.19213.15498.14488", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2a455b3-6d76-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697606813, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606813, "uuid": "4b735ea2-efd1-4595-81bc-46057c9a44b3", "comment": "Malware payload (Gafgyt)", "value": "2fa1cc39674fed907b64567a5eeda0f6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606813, "uuid": "4bbef076-ef21-438f-98e9-5e19382110a3", "comment": "Malware payload (Gafgyt)", "value": "8018b7565f0a4351e78ec6a4553a9ad15d90182cbc8e3bf595d9b8d857cec5bb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606813, "uuid": "cd12c99a-8904-4032-b7c5-da627b6dba66", "comment": "Malware payload (Gafgyt)", "value": "cffdb67065d29577537fc93310fc1e72c28a62eb", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606813, "uuid": "7d100598-0707-4deb-92c7-a5bca3646e51", "comment": "Malware payload (Gafgyt)", "value": "e635db43a0102cb3cb741f980ca0b7eb741bbfab02dddd363270f95f604e74488f2980f5e61e6ce0cc1f3167be712a0d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606813, "uuid": "89b0b5ff-5821-4ed2-b4ca-687565151479", "value": "T141D3D617ABA15DBBD80FCE3302E64521109EE49613957B6BB178CA1CF74BA8E09E3D44", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606813, "uuid": "0d853b9e-d790-4bb1-8bb2-21c287729c3f", "value": "1536:76ejNyUhayRB4pa4ggYJ7vOTlO7xhxPYsXm/KBgvYYiCh:74yX4pNL0lhx3mCBgAYiCh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697606813, "uuid": "d9a43847-72be-4480-8dd2-cdd6bcbba429", "value": 140059, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697606813, "uuid": "1dc98221-564e-4292-b9e9-6f4544f8f102", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606813, "uuid": "6f772dc0-802b-4b0a-95b2-7f7f0f359927", "value": "2fa1cc39674fed907b64567a5eeda0f6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69bb38b8-6db8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697634931, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697634931, "uuid": "8c2a2fc4-7eaf-4323-a090-87f7716fd819", "comment": "Malware payload (AgentTesla)", "value": "63ea9acdff3fe07560351cca90577d8e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697634931, "uuid": "8a093197-ad83-43c2-8b1b-27e640838119", "comment": "Malware payload (AgentTesla)", "value": "805359e8add29af8ed6534df363b834315943a8d8af92579a660aa2645531086", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697634931, "uuid": "f726066a-d016-48a8-96ca-a6a310f333da", "comment": "Malware payload (AgentTesla)", "value": "cd34d68bedb135454ac0a69a9a18432eaa0ea68a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697634931, "uuid": "a0321d97-5d11-4c45-9e9a-b9f62d926851", "comment": "Malware payload (AgentTesla)", "value": "16a5f0992532c3330fd0113d684945d5dd995a2fe0615a66d613c7ce9e12a0411f91741ecdd12e11213aaa43518e0cad", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697634931, "uuid": "2011c85f-0de8-4e5f-af06-3699d1a49a27", "value": "T119253346EC661F2F0B0C90A8E0EB581A9700DFC28457F1FB51DE79C72C5EAD15E0A99D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697634931, "uuid": "2633268a-c42a-4702-a2c1-0be354435c16", "value": "24576:Ha02wgz0sNZjcZ/zVRU3u0uTd2lKOXMe8GBySoC4FkQ:HwzdZ0zE8GVe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697634931, "uuid": "b15661fe-b065-47d5-9b83-5fe6d89aaf44", "value": 1037463, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697634931, "uuid": "e8f29751-e0b7-45a0-a7d9-306cede5c7de", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697634931, "uuid": "dd935596-f103-4e4b-9114-2a41d2a698c1", "value": "DOC.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "313f7db1-6ddf-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697651586, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697651586, "uuid": "8d32d179-ef37-4c9b-b6d3-bc68e9a43ba9", "comment": "Malware payload", "value": "1ef8feafafddee37050d0762d8bc94c1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697651586, "uuid": "a49622e4-6fce-40a4-9ef4-41df2ec1ea24", "comment": "Malware payload", "value": "80ad141f45f4c7843e28285862282a9d77e526ef7b4c028aef2264a6d51ff42e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697651586, "uuid": "a76f88a8-2431-4041-bc2c-a0f62d490bb7", "comment": "Malware payload", "value": "e1f37956ddbd652cb67550e62454d6dff4098ef8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697651586, "uuid": "120db5ad-2c2a-4152-9cd8-fbcfff74a5b2", "comment": "Malware payload", "value": "1f55430b13aeb1ed1f740699d5ef0ce5be5ab2bfb43d821ea4c58f3f1ce7fc8f205c5ace7a5ac9673c727b02dbdd6930", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697651586, "uuid": "d64806f4-1ec7-42a5-8a20-41e003cb19b6", "value": "T10DB5195D3A975C66CF4FB1F1832689185F91D812A390E1EB3540A7CFB62F207B98D683", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697651586, "uuid": "07cf497e-b9a1-4166-bbd5-cb29482f14ef", "value": "49152:oWEn1VYvy0ly+PxbGorfS9qom0BDjaHY/J3Ve9PaP8JiCfvihYNTw35QBRAuYwW8:721Wy+PxbGorfS9qom0BDjaHY/J3Ve9Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697651586, "uuid": "9a4c3702-b4b7-4e47-b179-ab518038e7b8", "value": 2361856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697651586, "uuid": "b9dc4e3c-3782-4222-9733-1a8f3b37a2ae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697651586, "uuid": "3e890059-8fdb-4c2d-80c4-210665a90589", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "175745cb-6dcd-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697643812, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643812, "uuid": "9ebc53d1-fb8a-4575-b9a6-e6c976238c02", "comment": "Malware payload (RedLineStealer)", "value": "33d2c4ff9bbe12c99a3ef6279a1b0cf3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643812, "uuid": "3d739ddf-137e-4675-8aa2-6ecab55764cc", "comment": "Malware payload (RedLineStealer)", "value": "815ba7f94597b7f2c838c7244b2a0494902ee4cc073f375ca4eb3abdc8ed0b3a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643812, "uuid": "d64984d9-3ccf-4b58-b837-e7fb56f87285", "comment": "Malware payload (RedLineStealer)", "value": "9f324ac68f2822ad761b6c83abcaa1035dae312e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643812, "uuid": "bc9a20d6-5f31-4b1b-a1e8-922f9cbc300c", "comment": "Malware payload (RedLineStealer)", "value": "4a08c320fbb379eda76b9c976d42bc669204a711ad07bff1e790120c2b7b83ab544e2ad03ea31a91f2e09c4ed445fd16", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643812, "uuid": "a5871355-be4a-4a1b-9bef-186781a82d95", "value": "T1FA152301BBD84432CCB247747AFB13130A36FCE58974D7AA3A6A0D5A09B3BB1953571B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643812, "uuid": "a513ce08-817e-4e1e-a25b-6b01d8d3cc04", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643812, "uuid": "724a7f9a-226a-4362-a870-1e78209cd8e2", "value": "24576:hymFm2wVOEJwf5De1CBMnmabrFG9Z99wflo49ScwzMmxb:U92yOEJUyEMnmalm981Icc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697643812, "uuid": "a1b2975e-5296-461a-89c5-f73345fa4ae3", "value": 896000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697643812, "uuid": "bd74470b-066d-4835-87e3-bbc68964188f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643812, "uuid": "2976c427-0433-405e-8bc8-d50eda2dd81f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91789f20-6da0-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697624689, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697624689, "uuid": "3bc81d25-745c-42f0-8c1d-9b3dbb7efaf5", "comment": "Malware payload", "value": "e4cd478380ed3df2ad187cc9d8415db9", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697624689, "uuid": "cfcc504d-2fc6-443e-81a1-e56069a3931d", "comment": "Malware payload", "value": "81b07f0b67673d11db8b3a28f1234fb125bdbe1cae8b46bd6ac98195120864ad", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697624689, "uuid": "122f4501-4edb-4ac6-aba0-25e7879a6fbd", "comment": "Malware payload", "value": "bdc5122fc8da2d1385a67cf08c447c9254c176d9", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697624689, "uuid": "6368f844-6b15-4bb5-9453-94cd3576c56f", "comment": "Malware payload", "value": "05cad9d59dae0321e8dcf180102159b6962da25663d0b411f617fabc7ef703484da0886bf9d1a1d8d03aede2f136705c", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697624689, "uuid": "5567fe88-5d91-4e2b-8283-db3d71d33a9d", "value": "T12744126CCD90AC74EC53B3F70141C94EE3B8D7970988AE1738ABB911634BB15DA5981F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697624689, "uuid": "6283fffc-67c8-4366-b82a-81d2a72beed2", "value": "6144:tKM7G4vLhqScrJf/BlxhMwUHBpuwva1J7wpKML6C0MsQC:tRnLhn01/v3UHBpuwv87dpRF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697624689, "uuid": "6e6f7966-2cba-4f27-8d18-1b3c372a67f2", "value": 273664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697624689, "uuid": "c57eb253-b9fa-48a5-8de2-e66eb3401b1a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697624689, "uuid": "61e7607e-bc2b-4eed-8e50-06ea09c135d9", "value": "Microsoft-Activation-Scripts-master.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c441de38-6dde-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697651403, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697651403, "uuid": "2d050a72-8412-44c1-8518-7c502eeca491", "comment": "Malware payload (Mirai)", "value": "8f0ead059662018aa8f80f72885f21b2", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697651403, "uuid": "313ec581-7807-4df4-98d5-5973e1dcc384", "comment": "Malware payload (Mirai)", "value": "822153f9b4a1b70efb904883f1f931aeea7156eb1777bbfa95736a2da6a464fe", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697651403, "uuid": "fb81ba56-daec-437d-bbb2-0d0a2edefcbe", "comment": "Malware payload (Mirai)", "value": "3204c5e22e3c690cd95f693d6ee26e45bfe10db9", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697651403, "uuid": "f45368b3-28e6-4d24-a733-ab70535b6a8b", "comment": "Malware payload (Mirai)", "value": "deac78ad890688879a15092de8687359b3e61de14520ca9e680636b3d494462b7f7c4e4d7fe3a2c9455fc30610e52f03", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697651403, "uuid": "5c70fa5a-5af0-492e-bdfe-1cd37a6e8433", "value": "T19E330262576E2AD291B05737FC32FC1A669C17E89C6730972CF0A61977C58064EF2782", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697651403, "uuid": "6902edb6-a1df-41fc-bff5-bc2936b12f1d", "value": "1536:69O/ZMAXIxNUk0x5LcPqF1aBexo4opKZbD:69O/ZNKyd5LGqFUF2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697651403, "uuid": "51cdaf36-a0d5-4263-a341-7bd7683c8a04", "value": 52520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697651403, "uuid": "94d7273f-b59e-49d4-b573-d63c62507960", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697651403, "uuid": "aee8c605-c730-4c76-8aa8-c3130e51b1d1", "value": "sora.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee666041-6df2-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697660064, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697660064, "uuid": "70f61b4d-1c4d-452a-a5f0-86dcde5b2ea6", "comment": "Malware payload (AgentTesla)", "value": "8ed749953dfc694808ed27f1aea08b71", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697660064, "uuid": "cb40a29e-368a-4019-b10a-6aba3a1594b7", "comment": "Malware payload (AgentTesla)", "value": "824068050121b62272bafa20abe9d10fbadadafc97a529754ec73d884eca5527", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697660064, "uuid": "ccdeb438-a78d-4ade-b310-f07b52d54446", "comment": "Malware payload (AgentTesla)", "value": "250039c8ed040602483a32135005b1f3978b589a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697660064, "uuid": "f1bacf54-fdb7-4e23-996c-823e965828a8", "comment": "Malware payload (AgentTesla)", "value": "0453ce31a9e9edc0e44ecec2e91f1436266868138d66c8b31d4de4c96f2fbbd4db2b5a0c09f3780b7df904672ac5308d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697660064, "uuid": "9215a14d-78e6-479b-bb44-e7a410a2783e", "value": "T168257E3D19BD123BC1A5C6B9CFE5D827F004D86F3422AD6698D797A64347A8634C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697660064, "uuid": "ce4331de-5bbb-429d-90dc-3a0dde78464b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697660064, "uuid": "0f75f038-6ddb-4726-a954-58a963beab76", "value": "12288:V6Liysgrf7xJVZwfw5jnF4rn8NFbqvPA201vPB3h+Ve1h:3uJVZbjnKKFiL0vb+U1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697660064, "uuid": "6a1f97d7-41a6-4e33-a5d8-10ce98519b6d", "value": 995328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697660064, "uuid": "7abef60f-1d62-470f-ac46-12a6cd62b2cd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697660064, "uuid": "e75320d8-28f2-45d5-ac4d-887f326926fd", "value": "audiodgse.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a0868dd-6dd8-11ee-8907-42010a9c0042", "comment": "Malware payload (IRATA)", "timestamp": 1697648594, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648594, "uuid": "9f8a0582-7c0a-40eb-9d5f-961650ea617f", "comment": "Malware payload (IRATA)", "value": "7f4db682f0254e14ce0509e0172869b1", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648594, "uuid": "face3744-3d56-42e0-929b-e7f68ce564b1", "comment": "Malware payload (IRATA)", "value": "8292edb44cbcccfd86e0b796ffbdc87f47a986c4572536d1ff09062b8dc1e7c3", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648594, "uuid": "e6f93dec-105a-426c-95e2-caaedc05581c", "comment": "Malware payload (IRATA)", "value": "0021131464888871f0cc7165bf903aa2696fe513", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648594, "uuid": "161a641a-fd80-4d61-adc9-b5315514d489", "comment": "Malware payload (IRATA)", "value": "3d90428c5405e7083d06cb11cc10797591ebac6db057c14e66dcfcb061097ab0ca96df24f4bc320985cfa3ec35ce6b2b", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648594, "uuid": "ea018eca-b5e0-439d-8488-7b72b4f2acb9", "value": "T147A533C5F259C251CDBF9B3A8B3F025089A62D629E03E107386477BC1BB39E5BB62544", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648594, "uuid": "7651f729-6731-4287-99a5-10d3ea3a1638", "value": "49152:AEppedb7C7x9XtpmkX49Zu3iWARKZmPCDdFYGx7Db4Ddti:A0pes7rtpGuTsAqCD5x7ADdc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697648594, "uuid": "6b730050-91d1-4053-8d46-19c1fa144640", "value": 2239707, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697648594, "uuid": "0bac79ca-96ad-49e3-81fc-40025eb66ce6", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648594, "uuid": "afbd4028-dd8b-49aa-8cf4-f60711c4e243", "value": "saham.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff7f8e01-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697596527, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596527, "uuid": "bab70bc5-2190-451a-81b1-bc9a3fe2276f", "comment": "Malware payload", "value": "8129176a4e8009304e536a1247571d18", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596527, "uuid": "a8aa759c-bbec-4b70-9528-8c208dfbd865", "comment": "Malware payload", "value": "82a631b4fbb39e2ca61fc020e2998c8da74e0d95824d76446b2b798a9bfd8a8c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596527, "uuid": "874586de-89b4-465f-950b-659833ebc92c", "comment": "Malware payload", "value": "eba0fee9aa17c07d55fce0431a5c867ef7d5abec", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596527, "uuid": "bfe9ab8d-b17b-443f-973a-4888b4935d71", "comment": "Malware payload", "value": "05babcf6c6ec35ab5bad67625aa1bd39c5f910ead00321092f983776883d9f1d3a2afb1543ec444e953112f628d2866b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596527, "uuid": "4ddbe496-11d2-4cdf-a85a-e506d8d22071", "value": "T1BFA5AF01E5E38056E5710171CAFAE675A736BE58672682C39A48FD353B717C0A8322FF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596527, "uuid": "a5db655e-fc2c-47d6-9fb8-075ad87aa253", "value": "49152:l9qFfMG7SFQ1DUfb1AzFn3TF72QmC8Fznhqddy:OFfl7SmDsAzv9mC8Fzhqdd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596527, "uuid": "ccf190d8-554f-4064-b3d7-f4ec28b95440", "value": 2158592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596527, "uuid": "64a969f9-bea7-488b-a11a-fe5536301aed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596527, "uuid": "3a8bad15-1062-4665-a489-4619345b1536", "value": "SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.18191.4242", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c32f08de-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697645389, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645389, "uuid": "a0e2ecae-1247-47cc-b185-c700aa6a9913", "comment": "Malware payload", "value": "2b17ed0cf00a3c5bd076ba3ab894adf3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645389, "uuid": "4070dce7-e92b-4d75-8695-05bde818a648", "comment": "Malware payload", "value": "82fb21418e2514629ace905c53a53e4387f4e2a368494ac8ce933d787f1317cf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645389, "uuid": "d8b196a3-fbc6-4a4a-b2c2-6e82b9beca80", "comment": "Malware payload", "value": "ae27a15dd648570b8975b8ff79c357005159e8e8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645389, "uuid": "7e80b73d-85d2-4176-a994-dff7b746e310", "comment": "Malware payload", "value": "73ffd599e63b4ac19d18f1afe509e65c6b153cdd0e15a9a3bbaeffa8a2ee0066e7f89ab7c4caf42a2700ae29fa73de9b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645389, "uuid": "0b8aa4cd-f8f9-4176-9edc-c2c783a89b89", "value": "T11984B603BA9EC9E2E2881FF6CD9B000413F1DA86639BDB0B798E235654C37BADC45557", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645389, "uuid": "3b04cef3-7f06-4857-a2d2-555cf8df7143", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645389, "uuid": "c35df102-fbab-45a3-a50e-52cbf5861485", "value": "6144:P1M8jTnk6ppxMMY+FIJmfme1oVMPsq51lLm9et4aH:tPjTk6p7kpJmfme1CMB4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645389, "uuid": "a00feb1c-a907-4ae7-9db0-23b9a461a5b6", "value": 388096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645389, "uuid": "b09911cc-be32-4ab6-bebc-08085cf8a432", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645389, "uuid": "2f12e0de-1acb-454e-8b7f-858814145661", "value": "Products list & Specifications dt.07092023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "542eb331-6da8-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697628022, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697628022, "uuid": "4e26cbd8-4a91-464d-b597-0e2bebd265c1", "comment": "Malware payload", "value": "5ec4acd95e3aba210511d2807e068097", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697628022, "uuid": "3a171251-1b55-4a5e-b4b7-11a622843eee", "comment": "Malware payload", "value": "84b9af42f0896ada62d69276acec22256bbc984081916ba46605de987a79bff4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697628022, "uuid": "b75183e4-0ef7-44e8-abb8-838fc021196e", "comment": "Malware payload", "value": "e308d8f23ebfbc6fea2ffd967770550dcfb13336", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697628022, "uuid": "a39f2ce5-1ebd-4a8b-b2cd-a7c129289191", "comment": "Malware payload", "value": "69ea0246c9747adffbe5ac62994611b437c2c839fb0785b88f500a9d81eba56f686154d808d629a304e1048936ebee5c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697628022, "uuid": "7f13ca5d-f16f-415c-8a6e-20cdbf0f1ecb", "value": "T1C7C7335196DA05D6E4C03F77E8874E5ACA241E881B30D6F3A3853E967DB87D34E3C18A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697628022, "uuid": "908588d8-2411-4fd4-a384-6187ffbe2d5b", "value": "f2a10720b5da968a6919d0e09b13ae8f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697628022, "uuid": "d23f5f47-d688-4a5b-8a48-3a5488d90f98", "value": "786432:4S/z6+6qSsTpKH0OBaA/Ql+XxRmaFoH6ZSAcWiSfmraBqm+fJOJtZ6FonYagz:4SuES+KHp//uMxUaVGXSuraoAJLLW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697628022, "uuid": "db999a73-c640-491c-bc5a-13d230caaa53", "value": 52975104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697628022, "uuid": "aaaa2220-91e3-4bd1-90cd-06a65d36be92", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697628022, "uuid": "8159f82c-4b0f-4369-9f3d-898ec0f84e58", "value": "KMS Tools Unpack.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "713f2c4a-6d5c-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697595429, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595429, "uuid": "03a64776-b84d-4276-b388-8f6ec4cde289", "comment": "Malware payload (Gafgyt)", "value": "116e9f514617109ad006871772655297", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595429, "uuid": "7b915556-14f4-41ff-b234-6df74942a12a", "comment": "Malware payload (Gafgyt)", "value": "852b2d4a571af66b8c94232542b0534b7c3afe52816f08a909b82f09e09faf6c", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595429, "uuid": "c4ed4da6-a40a-49b2-9abc-acd60f08369e", "comment": "Malware payload (Gafgyt)", "value": "cb51a44890d91c01afacf18a07674c6bf9a076a5", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595429, "uuid": "aeaab4e1-a4e0-4029-975c-0931e65a58f1", "comment": "Malware payload (Gafgyt)", "value": "990d1116b5c218c9e37f78f014fe0967af849d41600acf108a97b02ff4ffb783734515ac54ca6cdc04debedb1138cea9", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595429, "uuid": "129d88e5-caa7-4080-8a6f-32ce6b26b61a", "value": "T13EA33B05FC444767C2D327B6E79F434D7B366AA457D73301AA386EB02BC1B892E39960", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595429, "uuid": "020fccd9-9f24-4bc9-b8e8-45198856f0b7", "value": "3072:e+/yuEFIwZmWC5hTAeJF8mFmDQFdC8X30j:eqEFIUtC5hTAeomFmDQFdC8X30j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697595429, "uuid": "bc68c346-5bd8-4307-9565-eabc77426be3", "value": 102048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697595429, "uuid": "442c1bd3-7982-47fe-a9ed-377a5d50faf7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595429, "uuid": "0635d932-a193-4138-86c3-2af2e4831543", "value": "apache2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "08642ded-6ddd-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697650659, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697650659, "uuid": "8517038f-65d0-43ad-b5de-e32de9308c65", "comment": "Malware payload", "value": "969b8bdacc7b58060f79355b022243e2", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697650659, "uuid": "3b87c6fb-74b1-47b2-85ad-a68417574af2", "comment": "Malware payload", "value": "8551dd2e67669e8f7f292296ed868f6c280475a04b203254385e8d251c0ed7d4", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697650659, "uuid": "fd998f4c-9ab5-4649-9244-ff839858c788", "comment": "Malware payload", "value": "ad2e6647fa43ccc2eb4cb15a89f06636af5ad242", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697650659, "uuid": "b8cd81ee-8291-4a8c-9f84-3bc950db295c", "comment": "Malware payload", "value": "4032e93b1ac9a87909776efb1ef305e71bad563b472f0c57281b30c268d4b59693ced0188171b1610b4d51f81b84f96c", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697650659, "uuid": "68479c68-7fad-4060-b395-f6559e06dd6a", "value": "T1782523119DB05C6C61F8DA3D713B0E6E2B891E968802D0CF3FC1BED315B5BA6550EE68", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697650659, "uuid": "e34d4e98-756e-4976-b3db-0d6c365210f5", "value": "24576:JsuZ8CiCPyvUa8PY6mB7pltlNeZ2owVMb+:OFx7pi2Ma", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697650659, "uuid": "4987ccfc-3fa1-45c5-9022-b40906c437a8", "value": 1036221, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697650659, "uuid": "745f1a16-cd82-4226-8cf7-9a5f9fe13fb9", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697650659, "uuid": "77ca24f9-4615-43f8-bfc2-c0a6f1b2c49f", "value": "PRE ALERT DOCUMENTS.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "52eb4929-6dd3-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697646489, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646489, "uuid": "f3700a30-d366-4e61-96cc-532822f1b3a0", "comment": "Malware payload (Smoke Loader)", "value": "7c95e5d57f635ca970b10a8df879b8ba", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646489, "uuid": "cade1a1e-eef9-421c-92bb-ede3df79d27d", "comment": "Malware payload (Smoke Loader)", "value": "85d9e05afbe86c05e9eba2dbaaf03fe38c20cb1555a5e60414c6794ad06c4062", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646489, "uuid": "8a7804fe-6ee3-4845-8eaa-88dd2ee3774d", "comment": "Malware payload (Smoke Loader)", "value": "4cf916479053a57749a28f9bdea0e2d683504bc0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646489, "uuid": "b49b4564-743a-42a6-8c66-d2ec114c630b", "comment": "Malware payload (Smoke Loader)", "value": "ef12bcc123ca1c031a798cf59b5d6bfb8dd4e30262c30bca4f4abae96f65cd4c44e615753c60daca12e1af63d35c5bdc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646489, "uuid": "a4dfac7f-e0bb-4fc4-a7cd-d226b5ecb90b", "value": "T10234AE11B5D3C073DD72153609E0EBB55A3EB8700AA29EAF67E41F7E4F302C1D621A66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646489, "uuid": "8fa58c62-b494-4a45-b8d6-17c0c9f90bc2", "value": "4f0cdfd3e1be2bc790b5aa9061b7d52c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646489, "uuid": "7b998f36-a87c-48a3-af07-79eb7a2561c6", "value": "6144:Xm8X4FIRd5DzznuBosiDKl51eAOnr0ecrkxaTi:XlIKd5DPyeupTi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697646489, "uuid": "3ef6b683-bb04-4cdf-ab16-53beec2c2917", "value": 235520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697646489, "uuid": "192b2e46-aa6d-4abe-8de6-0f76656ad772", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646489, "uuid": "2de92eab-877d-4e6a-8369-4d83058c6644", "value": "7c95e5d57f635ca970b10a8df879b8ba.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e821c8a6-6dd6-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697648028, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648028, "uuid": "0a538346-ccd4-4ce7-81c7-e36bc6ecf48f", "comment": "Malware payload (AgentTesla)", "value": "c5fe41ec7dace83c2f6a8ea8e97dde69", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648028, "uuid": "447cb935-5bcd-4e7c-a409-ec6f98e8fd0c", "comment": "Malware payload (AgentTesla)", "value": "87393132d63e61e7f7b88421e7ea236e09e151ae560f490dec2e85fc5a430327", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648028, "uuid": "2a7154f5-a83b-463f-a817-9f4a70ef3c21", "comment": "Malware payload (AgentTesla)", "value": "a875ba6ac77a663da61d792ca2bec5f15844f64b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648028, "uuid": "83e3b9e7-2cb9-4314-8711-e8f2fe5401c9", "comment": "Malware payload (AgentTesla)", "value": "a1b64839474ae4f7bb2d47c281fdccfb9624e143c4d5af6288f00036fbb0a634b17f9bea247fb941c07d2aec9856b3e9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648028, "uuid": "1d189405-838f-4b0d-9ed2-16711a5e6360", "value": "T104E4E0C9366471EFC86BCDBAC9941C64EA2064B7434BC283A05715ED8A0DAEBCF155F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648028, "uuid": "8d083b55-a5dc-4875-80b5-af6018047a46", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648028, "uuid": "090f3111-c885-44af-962e-43f8a5104cef", "value": "12288:3d92xXwKv2HtygLyQFNAp63RGt8ttQKgD7anUYnQl7D2IRNxOyJdb8Kw:t0xgFHVjC4BS8/QBxDZRNx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697648028, "uuid": "2ace37f9-1d2d-430c-a492-1ca8f1f29c5a", "value": 698880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697648028, "uuid": "7e6de404-54c3-4140-aa67-d7ebb5bfba45", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648028, "uuid": "a0abe54b-50eb-42b3-8d21-e184311825ed", "value": "SecuriteInfo.com.Variant.MSILHeracles.74635.29358.23656", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1e995c5-6dba-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697635937, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635937, "uuid": "d0c3ae1a-9ea3-476c-ac6b-641dcdc99385", "comment": "Malware payload (AgentTesla)", "value": "319adda8161c6257db5b894bfe89ef74", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635937, "uuid": "9284167c-9d84-490a-8402-fbf882b5f68b", "comment": "Malware payload (AgentTesla)", "value": "87af5e522c1f36c1f9ecb51c096145609c3fcf2e18f29b964abf520585ae1c3b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635937, "uuid": "f188b1eb-ff18-4284-b213-7186848da531", "comment": "Malware payload (AgentTesla)", "value": "52fe66d85039b50dcc31e11a4291feccdd4ca7a8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635937, "uuid": "45361153-f2e6-4940-80f5-71406b3acf40", "comment": "Malware payload (AgentTesla)", "value": "81b27fe112767f8b956db52b68fbfcde4b86db8cb79fef70b016072de81cbc59f1bdb4096fb584902d4de32607e95247", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635937, "uuid": "38b81546-1ec6-4fba-9e58-98a324c63f43", "value": "T18063142CC34F02A9CB52427B9B2A5E4052FDBB7EB35052B1306C537533AE83D91662BD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635937, "uuid": "2dd9be9e-4ddd-45fa-a862-9de4741ee060", "value": "768:RwAbZSibMX9gRWjUhhRSWeNvBnaJnVQ2IHnxcJccB:RwAlRLSWeNvBOQb4ccB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697635937, "uuid": "59d31e9a-ed01-4d14-9a05-070e95fd2c4e", "value": 69608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697635937, "uuid": "b8b275b3-6ce6-432e-8b9a-9cc3572828eb", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635937, "uuid": "0fd630d0-fd93-4112-8576-c007ccf0d780", "value": "Order.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "429e21a9-6def-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697658487, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697658487, "uuid": "0f65a002-0c5b-46f4-948d-58bb9250c88d", "comment": "Malware payload", "value": "e4b7eb3eff3c2b5688779e74988ce502", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697658487, "uuid": "9cf6d56e-fa08-40ec-96d3-b94043d5024f", "comment": "Malware payload", "value": "88b6c85fa9f0c81ea2d29b2b07401e4be1935f35f02dde3eeea2cb423c8d942d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697658487, "uuid": "9ba9e929-c8b9-481c-8c5f-83b1b9339f52", "comment": "Malware payload", "value": "0c78e1f78ab64f01a89640c0120d2e339f3fdb6b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697658487, "uuid": "26da2118-a060-4ccc-866c-d9f9208a5e88", "comment": "Malware payload", "value": "d144033110cc2bbedd830976c37e73ebf858634740b33e83f4169f88f1c8949c737d2ed22e8005ba8104cc740639322c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697658487, "uuid": "8c79abab-adba-4a7a-9267-c6cc161ec590", "value": "T164152323EBE88172CC7927B055F613830A36BDA16D742B771351E95E0CB3794A871B3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697658487, "uuid": "e348eff1-3287-4a7a-ae29-f49f628a2e60", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697658487, "uuid": "66a3511c-36de-4617-975d-63250c8e79f1", "value": "24576:fy7euY6CrpFrMV4RNU/F9dHVQWCngBeFT:q7eu0pFw+odHtCe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697658487, "uuid": "71422512-622d-40e0-a8ad-3c3adf14f941", "value": 886272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697658487, "uuid": "9bf67807-d2f6-4ee8-9d95-0a2103dad5ae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697658487, "uuid": "e101b9a4-d1bb-47da-a0c6-3209a5ec412a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf4c0153-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697645382, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645382, "uuid": "1a05a96f-9cae-4849-906a-3ef6cc4c0b5c", "comment": "Malware payload (AgentTesla)", "value": "f5e75edf011c859b1a3f7ce36cc26412", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645382, "uuid": "65c29f91-42ab-48b6-af04-ada2013f22b2", "comment": "Malware payload (AgentTesla)", "value": "89ed47feca13d4f9c5fc16d6bcb290f5b25c9c425e18a6a955f64da2e91fa2d0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645382, "uuid": "64e63869-8991-46ce-a512-e250d342192f", "comment": "Malware payload (AgentTesla)", "value": "dff6014a0faa7a6739c0fe28f677b09b0a219dbf", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645382, "uuid": "6ec7ef7a-99ff-4c04-8771-64bf86979ce8", "comment": "Malware payload (AgentTesla)", "value": "cfd881e4d05b8efeb63ab36444c86fb958df7095ac473b62bd9780626516b792cc1edb0c144917696d62c9c41ef756f5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645382, "uuid": "58df182d-fc76-456e-8c45-dd79f5f0ddaa", "value": "T136434B18275CC71AC39868B8D4E152F883B29EB6F072D363A96C759C3FB3B91402575B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645382, "uuid": "4d80d58d-2fee-42d3-8bf0-ee9a0ecd3d36", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645382, "uuid": "fc30619e-159f-41c8-a0a4-404f43d64add", "value": "768:i7sWlK8CjCWLZs99WFkNQMDorDDT5791bgnSfBtnTOLheGdgHTJQzKI9N:msuK8CGWLZs+QQM0n579HniLYGiHTw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645382, "uuid": "0524120c-7bc4-480f-8b62-f3a8154f23f7", "value": 59392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645382, "uuid": "9cadd804-c693-4ba8-9241-c573691ccf53", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645382, "uuid": "3a2c3349-c6f4-4141-a083-9add82b9ac89", "value": "JMEC HONOR - Product Lists and order Specifications.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ca5d99b-6d80-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697610776, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610776, "uuid": "c53e289e-02fe-4d86-8e84-0fb4d548786f", "comment": "Malware payload (AgentTesla)", "value": "7a3dc12fb7148d94bb022a8208ff21f9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610776, "uuid": "c2926eaf-4531-495b-a490-a1a49d4aed0c", "comment": "Malware payload (AgentTesla)", "value": "8ac8e3944e39e91174ae2c83439435a47bfc215e3caa896bf510defe4b3e13bf", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610776, "uuid": "07fdcb62-1064-44ca-8e1e-5a9a1712d884", "comment": "Malware payload (AgentTesla)", "value": "7389f16a2689072a13d72b5af47f210a418e81c9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610776, "uuid": "11df7e20-4690-477b-8ddf-1ac0719e2daf", "comment": "Malware payload (AgentTesla)", "value": "7ae73f9d4bd85aacf165e42746a31280df6ea45d3433af985bf91df48e8daff53c469897143d90f5eb9a05b0805c6e64", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610776, "uuid": "8eb43db2-83ed-41d4-a983-aeaabacd2c4f", "value": "T138B4025433A8C72CD4BE5FFA4021E310DBF6BC12A831E6191EDA10CE567BF689615B93", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610776, "uuid": "c050f726-cd4f-4213-9602-e0a818e5e3a8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610776, "uuid": "3b602224-feb6-4bb4-925f-1faaf281d232", "value": "6144:Qu1b57zzbQdtYAxddqmTAochUrRtMrubBD/s1EjtJFUwJWa1Sju6LsxtrEgqoC0Y:JzfqBqAtc+rp3hJFUi1SixxJEHoxLc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697610776, "uuid": "ce92e2ed-dbed-4b58-aa4b-10a548a619e0", "value": 524288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697610776, "uuid": "32a2814f-7d04-484b-87a7-fe67e17bf88a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610776, "uuid": "8a421c32-581c-4d20-a4c2-6b0449a9fa9f", "value": "Pre-alert docs.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6461e1d3-6dd6-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697647806, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647806, "uuid": "9faa6022-62d2-4184-893c-aa2d5118b388", "comment": "Malware payload (Mirai)", "value": "9cf592e179307c068ed9ddd866c536ed", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647806, "uuid": "c292013e-d99f-472d-bfd2-cc2ed8715d26", "comment": "Malware payload (Mirai)", "value": "8bfac1c65a2be677ab73ca62bb92c80f635a488e87003bf40878420cdb9bb40a", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647806, "uuid": "60148fa6-8a84-4d2b-ad93-218ac725bf9e", "comment": "Malware payload (Mirai)", "value": "121d98fe819f334033af38e60f22d93645647867", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647806, "uuid": "c5ba97b9-a968-4c44-b67b-fba4f6e16221", "comment": "Malware payload (Mirai)", "value": "f35100810a95ae80337e7bb6066ed1a47a4e7602e889db7aeb53986df6309546533a5062d46e9e34b8881cad175bf702", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647806, "uuid": "c5414712-2352-4fb8-9a83-7c20f4bd33f6", "value": "T15733026267AD29E192B05377FC33FC1956AC17F99CA730DA2CF4691973C58024EF2682", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647806, "uuid": "eec638fe-9071-4e09-bdb5-09c29b5bb324", "value": "1536:j9O/ZMAXIxNUk0uLcPqF1aBexo4opKZbY:j9O/ZNKySLGqFUF9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697647806, "uuid": "c8b0ec4c-d12e-4df0-895c-11812db92e0a", "value": 52520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697647806, "uuid": "08290f93-06dc-4180-820a-587d83558ee5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647806, "uuid": "af39e685-5fac-4d3c-8a84-4378d9fa12aa", "value": "sora.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d18b8671-6d87-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697614059, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697614059, "uuid": "b1f2d4c0-48ed-4eaa-b83b-61a9b8c75728", "comment": "Malware payload (LummaStealer)", "value": "79bdd111d267de03fd39f5534a701457", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697614059, "uuid": "dfb602bc-2ffe-4471-8176-b898b367ad53", "comment": "Malware payload (LummaStealer)", "value": "8c7d1374cd62c56fe2cd315709d2878ac61611514d7fdc5bd631b6692070c9ce", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697614059, "uuid": "8a6b0a6e-e9d8-44a9-a988-06260585474f", "comment": "Malware payload (LummaStealer)", "value": "79f4d6230581b8268c823e1959bb566b1cc7addb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697614059, "uuid": "78b658f5-f206-48d2-a316-2fbfed615d0a", "comment": "Malware payload (LummaStealer)", "value": "84c35619c9906f688985b92935aaf0cf29b14afa0b63d4c7fba60b98add5958e88a4a0f98a6414b3ec606457ab377fcb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697614059, "uuid": "a55003d7-e3b5-4053-b429-d9fab5aafcbd", "value": "T199352312BBECA466D5F5237059F213831E3578B26D789B0A1B49DE8B1873294CC3276F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697614059, "uuid": "6c4853c4-cd57-46a9-a987-f423b38282b8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697614059, "uuid": "dc3d6d50-fbd3-40a5-a29e-7965973e3fcc", "value": "24576:eyCRfeHtiTzVcgjjPjPfr2Rs8GsmB5uO5eI1jmDBG:tCRgtMSgjzjXiRs7BBkO0Qm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697614059, "uuid": "835e0411-d774-4d76-a33a-5c6b818970ac", "value": 1081344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697614059, "uuid": "c5bacc7f-9a33-408b-b606-1260d5d889e7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697614059, "uuid": "dc94011e-6f51-4c92-bb78-bb97f5d7a607", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "188ae7ce-6d77-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697606877, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606877, "uuid": "9d97bbe2-a42e-4f40-94d1-9cd16f5feaa5", "comment": "Malware payload (Gafgyt)", "value": "3f5d86e9d2a8fd2fe856d8ec66cd5272", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606877, "uuid": "bf9c9109-129f-4614-b2c9-03af3f639dee", "comment": "Malware payload (Gafgyt)", "value": "8c7d1da3a7806d827af2b3b57f73cf241b93756a7534fdf741f16222f5af0152", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606877, "uuid": "ced0a0c8-546b-4202-9e17-a58463517aa9", "comment": "Malware payload (Gafgyt)", "value": "1e79ec914b5a5f3d4525a1a289ad2202b462e26a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606877, "uuid": "d66e1c3a-1557-42f9-adad-e55ebd845dd4", "comment": "Malware payload (Gafgyt)", "value": "42e394cd77791a3d5413e1fe8f3e617e2492381ddf67dc546a3f1a347f6f7340eae4580a34d681746a9fd7ee2ffaf183", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606877, "uuid": "eae34f5f-d375-4e02-92fb-5551622bccb7", "value": "T143C32A2327670B23C4E9503441E75337B7B5CB843978934BAAD0AE9C2F1AAD435973E9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606877, "uuid": "64ec384f-2e5a-4a9e-a0b0-99879b1f6ab2", "value": "1536:lIR8jc0YyVNM2ZwoL0QImVv6Fuo+uU1tHTQM9KGmuwA/KiyYIW:ZcVyVNXZPVvaFZ8X4GmuwACXYIW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697606877, "uuid": "65668ef8-1785-4b24-b5d4-2483e1119a39", "value": 119963, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697606877, "uuid": "4337be07-044f-418b-ba28-37791ead74c2", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606877, "uuid": "e3aea550-3b62-4533-8a38-b44afe55b669", "value": "3f5d86e9d2a8fd2fe856d8ec66cd5272", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5b01571-6d92-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697618737, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697618737, "uuid": "603217d1-3334-4cd7-8200-ab3a4e611868", "comment": "Malware payload (LummaStealer)", "value": "257e33b24d61bc044854cc9ac1e044a1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697618737, "uuid": "42f6684d-7df5-4f42-b06b-1256b8f7a788", "comment": "Malware payload (LummaStealer)", "value": "8e2c7da8c8f59ce1b44c9aa51087e75e57cab4fd3116304b03398c28f8b4da21", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697618737, "uuid": "0a10ec77-2e9e-4ece-8dc8-4b64c44a5fd1", "comment": "Malware payload (LummaStealer)", "value": "102b7ed4be6239d037c04212b9be70708f577446", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697618737, "uuid": "0edeccff-d796-4ced-86c6-275632c0c1ea", "comment": "Malware payload (LummaStealer)", "value": "789e3ecc6daac449c146f3bd0f46553e0184deaac4a6e55574f6956b69f84618bd38ab7d91d2e06f0d4ceff5df4af562", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697618737, "uuid": "de06fb78-8ae8-4a0b-8e71-7a899f08a023", "value": "T172349D1174D18472F973253209E8EBB9D93EB9200B5599EF63E40F7E4F322C19731A66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697618737, "uuid": "2e35456e-3f16-430d-a26c-c580e7a0adbd", "value": "e6c8a6ac2c39bf589d2a9a54b0ca583e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697618737, "uuid": "8c75da93-1808-4997-a160-5378bced8510", "value": "6144:fW7oesNz4dxUMUjw/dcpodAO2edjOyQR:fWYd4dxVPJK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697618737, "uuid": "2f90fbd4-af4d-4164-a6f9-77f76906e809", "value": 252416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697618737, "uuid": "a8bb19c1-d163-48c2-9a01-08e26e14e7ac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697618737, "uuid": "17184668-d131-403b-8cfb-f3c527828b77", "value": "257e33b24d61bc044854cc9ac1e044a1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "962d5d68-6dcb-11ee-8907-42010a9c0042", "comment": "Malware payload (MarsStealer)", "timestamp": 1697643166, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643166, "uuid": "37146bfa-3482-485a-bf4b-7c39d9b0c66d", "comment": "Malware payload (MarsStealer)", "value": "353efed6b11bfcb23cc6749ee2a03d12", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643166, "uuid": "b2b4662a-68f2-4e9e-abb0-4cc66a050f66", "comment": "Malware payload (MarsStealer)", "value": "8e9de0885698a1d4a457c1e47b578fbc17c0d6ae9d95e828d54dbf3a6017981a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643166, "uuid": "0414f592-1418-4efa-9bf5-48b4bb8db3d8", "comment": "Malware payload (MarsStealer)", "value": "04cffb421b8a775ec68852f9220a82c89249d004", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643166, "uuid": "38ffa7f9-d1cd-4bee-931e-01f98138507c", "comment": "Malware payload (MarsStealer)", "value": "d7cbcdfa8b368bdda23bc606ee8007b2186ef64624f4f2977a09fd4427e3ee2de7129e427e63594a32482988c5141765", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643166, "uuid": "e2f1149f-eaf3-4797-9dd2-7104d0aa5463", "value": "T16D44D011B6A0D436E0A72A355570D6961B3BFCB3E97581CB33883E3DAD312D05BA6B43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643166, "uuid": "617e218f-4bf6-49ab-9b3e-12c26cee3eb2", "value": "16611b6b96a67ea5066ae4525e5da85c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643166, "uuid": "c47d7904-5518-4a32-9853-09decb7b07bc", "value": "3072:8DBNGCXyyVDWCG/Y5gfsAjNKBVqARQDprQy4zSAdZr3m2LuyKGNHQB:sweyyVvG/Y5gfsAxKpuDprK9Zr2tyvc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697643166, "uuid": "c7f6452f-0b0a-4203-92c0-e4594661c0ce", "value": 278528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697643166, "uuid": "dae202e5-6ec6-4621-8850-36843d098db7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643166, "uuid": "7256ff41-89e7-4e55-be9e-5e594531edd5", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22182d67-6dd4-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1697646836, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646836, "uuid": "d16682da-3ff2-4c63-bffc-2af80f29b9d9", "comment": "Malware payload (Formbook)", "value": "0ea00cd19382a471a5f599c54dff91f1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646836, "uuid": "013733cb-bf63-4c47-9f5a-e1fce720e9fa", "comment": "Malware payload (Formbook)", "value": "8f05551c8ddd819665aef513ec44d4f0d3f905fe9d8eca05e2d7857606f132f4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646836, "uuid": "ca5ea7e1-4da2-47eb-b7af-c7af153286c9", "comment": "Malware payload (Formbook)", "value": "7c0a254a2a2db4dd9dbff900fe59837ac43b0535", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646836, "uuid": "31c7d473-b18a-4635-8701-79770ca70be5", "comment": "Malware payload (Formbook)", "value": "3e0563aadae62fb279810c5ae558001b611221cd03751f10620b28dcb0ff777d19c7aa1c0476f70e83d1e368ea46443e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646836, "uuid": "5a8ca9ea-97dc-4260-8ebf-d2f6c9ac012f", "value": "T1C5E423187ADD6362E2378FFC987440081FB9E6713650DE2E18D8B5ED852970EA112FE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646836, "uuid": "23a13249-8a0c-4fe1-87e8-c9b19f93e8a8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646836, "uuid": "f9510e91-d120-4246-a846-39fb1c52e452", "value": "12288:x+DJ92ISrBKeGo7UymguRDmw9lxUeyqfbsuaHOmhe4LM7J9:s/sBuiUymguRDBb5bXaumhPQ7J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697646836, "uuid": "b0ed59ff-a207-4870-8bfb-570ea37483ec", "value": 671744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697646836, "uuid": "8a53a777-4c55-40ae-85ed-45ef1cb16027", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646836, "uuid": "43379d72-d007-4119-b490-e847b3f39954", "value": "0ea00cd19382a471a5f599c54dff91f1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97a2d7db-6d4a-11ee-8907-42010a9c0042", "comment": "Malware payload (Worm.Ramnit)", "timestamp": 1697587763, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697587763, "uuid": "0185292e-009c-4194-b2d3-263317a75a5e", "comment": "Malware payload (Worm.Ramnit)", "value": "0086389ff5c4b0c23bcd9262df66d34b", "object_relation": "md5", "Tag": [ { "name": "darkshell", "colour": "#3ACFBD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Worm.Ramnit", "colour": "#8B8B76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697587763, "uuid": "cba723f3-9d31-4dc1-9bb0-472508318f59", "comment": "Malware payload (Worm.Ramnit)", "value": "8f0b03436a56098a1f5b48c955b355f459503da260010df40ebd6b548894f6dc", "object_relation": "sha256", "Tag": [ { "name": "darkshell", "colour": "#3ACFBD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Worm.Ramnit", "colour": "#8B8B76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697587763, "uuid": "0c412177-12cf-496d-913b-205810a06ca7", "comment": "Malware payload (Worm.Ramnit)", "value": "c2479462853afd0338d9ec08c79494fb11ca6b56", "object_relation": "sha1", "Tag": [ { "name": "darkshell", "colour": "#3ACFBD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Worm.Ramnit", "colour": "#8B8B76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697587763, "uuid": "ac5929ed-b07b-48b9-be62-046618906a4e", "comment": "Malware payload (Worm.Ramnit)", "value": "3c1dbb7734f7f9c6264fc153ce02b30d217814658a757d220cf4160890c9ea8d9faa8790d24324347e0a06ce5933ad30", "object_relation": "sha3-384", "Tag": [ { "name": "darkshell", "colour": "#3ACFBD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Worm.Ramnit", "colour": "#8B8B76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697587763, "uuid": "bfd620ce-c7ba-4bdc-93c6-6f0e7ab2ce29", "value": "T11E0633AB5BA9AB88EC9FFEB1DD802BC866224D034DDDB3DE558184707816C205E13F75", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697587763, "uuid": "124987d2-66cc-4956-b1e6-c02d5678ba1a", "value": "4328f7206db519cd4e82283211d98e83", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697587763, "uuid": "325630ce-b5fe-44f7-bfe4-70ea3c537197", "value": "98304:VBy38kctAJFGVqv06uruhkRNA6eMEvz8U4C:OMztAJcVFrq76F8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697587763, "uuid": "afb9781e-e889-4b6c-9bcd-70f267f0b884", "value": 3907584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697587763, "uuid": "89795c4e-e6de-4356-8788-d94241984bdb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697587763, "uuid": "a1f35010-4ab3-49b1-88a7-d02acdbbb79c", "value": "36a5f112749289f24e533b86f6d6821fa225e08234b1bdeb115e3a7c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8db49eb-6ded-11ee-8907-42010a9c0042", "comment": "Malware payload (MarsStealer)", "timestamp": 1697657853, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697657853, "uuid": "798e26fa-ad36-4272-97c5-11d48f0a97d2", "comment": "Malware payload (MarsStealer)", "value": "d74b57772de399c6da94e03cd3084fe8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697657853, "uuid": "f3a17d9a-6047-42c2-b8dc-f8c011e9ab0a", "comment": "Malware payload (MarsStealer)", "value": "8f1b134304061a1b6837f7f9dec2c73a6af00b285d1e60bba2bd1aa89d79ea5b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697657853, "uuid": "cda5ae4c-98f5-4798-b862-ee43701d6496", "comment": "Malware payload (MarsStealer)", "value": "0cdea83552909d14970e7bd3ccf5c2354092adeb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697657853, "uuid": "f46bb6e6-59e2-4342-8a85-28d329018a8c", "comment": "Malware payload (MarsStealer)", "value": "2cc8d8b32096f3fa1e0142435edc35403f4e573c2c3b2967089804df6ba01d7ec7d3b6103c172e389bb0d4a04b2f31df", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697657853, "uuid": "66d999c8-ceba-45f6-a206-c76c8293876a", "value": "T1E944D021B690D872E16319355830C6A12BBBFCF2A97191CF77D83E2EAD716C05B65B03", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697657853, "uuid": "50b489b4-6a0d-48cc-a700-fbff4d806fd5", "value": "5241d7444d4d8584697b8889b03f1a00", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697657853, "uuid": "9e585492-025c-42ba-941d-e03a44b4e15a", "value": "6144:szWyNjHG+W6KWXie6fxAhpQr2TwVWxWws:sjc+WOSeSiLTBs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697657853, "uuid": "6b68b9c9-4ee2-44bd-a040-3e3e53db326e", "value": 268800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697657853, "uuid": "67df12e6-cdc2-4199-9983-4cccea4bb6be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697657853, "uuid": "36aeeb04-7e29-4a81-934a-82fe817bf1a0", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8aec7c6-6d55-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697592623, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697592623, "uuid": "f5ee25e2-80da-47cb-83e9-0a8b17d5a283", "comment": "Malware payload (LummaStealer)", "value": "ab3f33e49eee8b36f2716818e886df0c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697592623, "uuid": "9e74bb43-fd2a-4901-b8dc-cb27fb292ce0", "comment": "Malware payload (LummaStealer)", "value": "90b9251b04eee846d57caf0651cddcee59c81aa27b1d8fbe529f5f3413bd5513", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697592623, "uuid": "aeaa1397-940e-4bd7-988d-1929ed839563", "comment": "Malware payload (LummaStealer)", "value": "65765834d6366f441cdc00ac78b9f938e8393f5b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697592623, "uuid": "2718d389-4a9e-4fbc-8d41-61d9e7cfc233", "comment": "Malware payload (LummaStealer)", "value": "3cae6ef8def672c62c69a219a0b1490f9ba6d9c9152f31087345acc3c028835a34f6005d8912e85d9baa3f8484215598", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697592623, "uuid": "d8e1b8f6-d48b-4676-abbc-399e0a66ac9e", "value": "T11D352342EAD854B5D87677F00CFA03A30A35FCB66DB897971354A94D09E3980A13277F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697592623, "uuid": "1e6737db-c768-47ab-9cca-6fff7a12fbb4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697592623, "uuid": "9cf42502-a645-46e7-8835-f549d93f1128", "value": "24576:FyW9ZkmiIJAM6xLr14FRDfVOEjzqoflc95uGDRJ3vvD:gWomiqF6lr14FhEEXtit", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697592623, "uuid": "9d06b078-a5c6-455c-a3bb-5f67a02b05dc", "value": 1084928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697592623, "uuid": "f55ded8f-0845-4d23-880a-0d15c7e32669", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697592623, "uuid": "c1c89dc8-c6e1-4ad1-9857-979b58e3b57c", "value": "ab3f33e49eee8b36f2716818e886df0c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a3bedd9-6d5c-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697595418, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595418, "uuid": "19a87edd-14e0-4b95-ab6f-dce94bb7b0c2", "comment": "Malware payload (Gafgyt)", "value": "3fed411a3586a0f0456b01325b7e88f9", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595418, "uuid": "15b2739a-356b-4676-baae-76c36e9b00ab", "comment": "Malware payload (Gafgyt)", "value": "90d8a008e220b10df33ce30361212b4088bd2c31bec6a3765617f87ede243843", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595418, "uuid": "61e6e0eb-3a4f-40f3-8c1e-831db4174703", "comment": "Malware payload (Gafgyt)", "value": "e446ba0581c966b15487c90d020579a2acb0bb07", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595418, "uuid": "dfa60e1c-d813-4b57-9648-5e0027c94ca0", "comment": "Malware payload (Gafgyt)", "value": "cb8308ea00bf69397a37a30593882f9afd62dc9430754689c43f3ec91b67c2a6ce68f1d26bdebe3fe6e6c85221ff8cfb", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595418, "uuid": "28d53b12-1926-49e8-8f0f-b289bad55b58", "value": "T11CC3A617BB618EB7C84FCE3306AA4601118DE59612E57B6BB2B4C96CF74B84F08D3D94", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595418, "uuid": "c6e7ecd9-b3c8-4936-b763-5ada7fe7b699", "value": "1536:lLeTPEO9A9LV12pjMtZYXvayNgVao7mtc5hJddddd979yxElwmeFfkq+QCyRnVgj:ljO99pjWAwaK5hd+ElwmeRkq+QXnVgj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697595418, "uuid": "fecfd431-6bf2-4b77-abfe-ba446e1d721b", "value": 126905, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697595418, "uuid": "2a051b12-f98f-4c2b-b48e-4f581ed28388", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595418, "uuid": "722ff453-0588-4644-b511-9e3104e9b676", "value": "Ayedz.mipsel", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d71792f-6d5c-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697595423, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595423, "uuid": "61398110-3076-4257-91ad-5822a1aa56b0", "comment": "Malware payload (Gafgyt)", "value": "a2fd4c7e8f3d90e56c39bde473e5fe1f", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595423, "uuid": "cce8e0e4-2cce-4944-8e25-858294677dc8", "comment": "Malware payload (Gafgyt)", "value": "910013e26301fb00fdc60fdcf6ceee940e68b5ba0538d6b8efcaa7bb8f3eba4b", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595423, "uuid": "5bd1f30e-fe5f-4dbf-ab1d-eebfcd390764", "comment": "Malware payload (Gafgyt)", "value": "46d7f42b8cacf2d33dcbd790f0f79db5192d0183", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595423, "uuid": "4c2bcf4f-2a89-490b-bac4-30fb60bb28be", "comment": "Malware payload (Gafgyt)", "value": "5fcb3e19b6c42bda2947893d02ade1a8889bcc5907438956e3d438904f0e4d6400a0982cc89af74b5b54301d90dc3422", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595423, "uuid": "041586b8-06f2-4b4c-8df1-1703914633e8", "value": "T195B30905F9404767C2D327B6F79F438D7B326AA457D733016A287EB02BC17992E3A960", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595423, "uuid": "5e0918a1-76c2-429c-a838-8a11f3377e06", "value": "3072:Q+/Cnw9sVdymhP5hmTecM88N1iume3QQxXxzXToj:Qbw9sSmhP5hmTe91Rme3QQxXxzXToj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697595423, "uuid": "83c8ce54-0b52-4ac6-94c9-0e8d016cfa65", "value": 109594, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697595423, "uuid": "4e2ff7f6-dbc9-4bc8-ba9c-b7a9cd9778a3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595423, "uuid": "ac1d9fcf-e0b3-403b-8930-94d32f07268a", "value": "[cpu]", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "edca2641-6d4e-11ee-8907-42010a9c0042", "comment": "Malware payload (njrat)", "timestamp": 1697589625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697589625, "uuid": "a900ec07-02b8-45a2-97b5-04fc8dd8cf80", "comment": "Malware payload (njrat)", "value": "099b77d49c7d6b4e781fb5e5193f4b0b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697589625, "uuid": "a4ab6220-3fb6-4230-91bc-5cc85f246189", "comment": "Malware payload (njrat)", "value": "916d76b51a0f1e8c86a89bbf6c482a1275c948778e5d4b37eaeb3c619d1c0eae", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697589625, "uuid": "84dc39ae-a0f1-4e44-bc9f-0f3985f80206", "comment": "Malware payload (njrat)", "value": "62e77e330f4d60d21732b0554b0c0c3c2aee3a95", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697589625, "uuid": "a243b3e4-3d88-401d-9466-d41f83d48ed0", "comment": "Malware payload (njrat)", "value": "dff75be44735d705118e9fff95da799c7bb56316a758c3a2fbe4675b027b91cbf55994abb458d31d4a645d73d469e01a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697589625, "uuid": "192eb00e-210d-4e09-8d16-d99df2d6ebfa", "value": "T170C23B9A77AE4952C6BD85B4A2AFE31102BDC1871951FB5E5CC458DB6B3FAC2340C4C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697589625, "uuid": "07af26c2-f6bb-42bd-bb39-cfaddb923a1f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697589625, "uuid": "72a353b2-d43f-43e1-bcce-7d31ebb76593", "value": "384:sWiBlyi5a8OqUGced7Azmx+5UFwwc1XxaneQxs7K6TNR70n8ZF2vR1BlqM2kBm:/L8w2o7QxsrX7AC4wRv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697589625, "uuid": "491cc142-e683-49ca-a261-3b2eceae4dca", "value": 27136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697589625, "uuid": "4eb3b10e-3d23-4c15-ab7a-c00c2f575d91", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697589625, "uuid": "8729f910-a8a8-474f-875e-955d3b53d697", "value": "099b77d49c7d6b4e781fb5e5193f4b0b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8349069e-6db3-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1697632826, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697632826, "uuid": "64b1f4f3-c5c3-47a2-a5bc-5b68dd167310", "comment": "Malware payload (Formbook)", "value": "408148c76a62131fb4b4f2dc78828fdf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697632826, "uuid": "d294633e-3748-416e-8034-517c98571240", "comment": "Malware payload (Formbook)", "value": "925fa028b1511d9fb57e7f69efebff4c34228222af3adc11cfc45d930e9f6983", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697632826, "uuid": "a4c525c3-755c-487d-9a49-25ad8631b629", "comment": "Malware payload (Formbook)", "value": "d08943c94312d15e23e4c27cf2c3dac599b051ee", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697632826, "uuid": "ab4915fe-ed5f-4c34-aeec-97e7ed2b4a38", "comment": "Malware payload (Formbook)", "value": "b9186cd9a85648fce73f5fcfa70a0d143f2c91ae5579aef25f70bae1954a4f054e79a075c460c052e77079ac03e96977", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697632826, "uuid": "2d46efe9-7b75-4134-990c-f4e86447e154", "value": "T1548412815B75CC73D665C27104729A524FBAAC395298A20B5384BE3EFCF16C24E4F32B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697632826, "uuid": "3e0b41a5-f8b2-4475-87b1-22213c8424e8", "value": "f4639a0b3116c2cfc71144b88a929cfd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697632826, "uuid": "4e237ae4-c17d-4da5-a998-7aa6fcb6a540", "value": "6144:xfL+oqP6YFQjNZ5WBFCWmotdJm5XHK6WWjg4iKyfxzqejNELbGnoa2+dOKtz:xfLK1FQjoBFCWRU5XHKdZ18ej4bEG+4M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697632826, "uuid": "87058573-0c3c-4033-9242-ee53c87decfc", "value": 390297, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697632826, "uuid": "b84ca380-f3e5-434c-84c8-421ffb16db2a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697632826, "uuid": "1b1dc977-5b60-418d-a12f-32a51d3ac9fb", "value": "PMP-INS-93-2436-IN-1017.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bfda59fe-6dda-11ee-8907-42010a9c0042", "comment": "Malware payload (IRATA)", "timestamp": 1697649678, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649678, "uuid": "529770bf-5807-4a23-b597-dfba6758af4f", "comment": "Malware payload (IRATA)", "value": "d15617225cb6bad4e423c5cfd2b05043", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649678, "uuid": "c2554e35-e517-42a2-abfe-b212d9aa80d4", "comment": "Malware payload (IRATA)", "value": "92e06366f6ad1b7670a20fe323a36bca66fc851d09996771150421adac262a39", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649678, "uuid": "866e1ce4-634d-4304-880d-b8c0b976ed66", "comment": "Malware payload (IRATA)", "value": "ccb352678329b548a6c518010ef75e60b15c4c7a", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649678, "uuid": "4be88a06-b2ec-4c5c-a268-22bee4614146", "comment": "Malware payload (IRATA)", "value": "c2667d330dfa8947accf1c7ea15a478a71261d222d95a008d790c671911423c09cbcb7f0dc1c3689d84915ae5bb5bec5", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649678, "uuid": "636b9cb6-3f0f-4249-be37-56a9288ed08c", "value": "T17CD52343F276B81BC876C1723181133E55164D59CA82E78A399873E938FBDEC4BC62E5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649678, "uuid": "71182069-116b-4d39-9b27-835ff25d0ccf", "value": "49152:HE7Gdbrd+NjGEL7qaXX0NAsANXYMXYIfk8G9ftKFONBB6ZvFoBE1FtWfNNud:HZBkNaEL7qaXX0NRAhJw8G9ftrIjvtsG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697649678, "uuid": "c2ce22e3-ba75-46e0-83ab-fae2db1fa317", "value": 2760842, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697649678, "uuid": "18fdc029-9140-4c8e-817c-f0c3c650eb92", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649678, "uuid": "650048fb-c688-42b6-b55f-57beec59864a", "value": "app.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee21ca96-6db3-11ee-8907-42010a9c0042", "comment": "Malware payload (DarkGate)", "timestamp": 1697633005, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697633005, "uuid": "bd6a5c3f-902c-4542-b572-49b708d84cd9", "comment": "Malware payload (DarkGate)", "value": "671b3846ad8d45dc2d99a8104b24611a", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697633005, "uuid": "52e7393d-8ba8-451b-adf4-84f13d7b1bca", "comment": "Malware payload (DarkGate)", "value": "93526785f9e867546374f05626957e7691755429acb5ff6dad61179ff1b2e655", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697633005, "uuid": "d5bc6e26-d234-409f-90f4-22bed6f6aa9d", "comment": "Malware payload (DarkGate)", "value": "95fa99c323d506b291913cd1b2e59a34a9e5ff38", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697633005, "uuid": "c8bb2b86-da94-4213-9074-ce7671a6362c", "comment": "Malware payload (DarkGate)", "value": "6fee2fd8fb571735f0a638a58a11f483ad7298d403ace42bdaa9e398a19397e5400333ce391133d113877527aa903d9b", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697633005, "uuid": "8ff5812f-6b41-4030-96be-da04ebd3bcaf", "value": "T164337235B32329566797619315AE0207B23A241FAC09746C7A7C95DD2FEC84D20BFBBC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697633005, "uuid": "ac663740-2b1c-46b6-a0d8-8961138882a9", "value": "768:pBA7PMMFA0tdlXKNSR4vlGRep2lcwJeL+C2jQdc7YCORUQuFBt35U2J2t:nAIMFFdYMxAcEQDq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697633005, "uuid": "87a88756-4eb6-433a-8816-4a632e5ebfd0", "value": 53321, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697633005, "uuid": "8c939783-67ad-4653-8862-ca7f282a9a69", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697633005, "uuid": "bdef0092-ad8f-4f3a-bba5-311ad7acd439", "value": "fire.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98ab41c2-6d70-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697604086, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604086, "uuid": "58d77159-8a90-4a47-aea7-f65ceaee076f", "comment": "Malware payload (Mirai)", "value": "ef4781f34c065795c034de8e16a54801", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604086, "uuid": "75d9e8aa-8265-4bb3-a197-2713e61b2e37", "comment": "Malware payload (Mirai)", "value": "93f67a503f45ece448ae7e9532c1708e51ef078097e9da50dd5f0fd09c1261b6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604086, "uuid": "d03e4033-8bf4-4dab-92c8-8efe8eba87ce", "comment": "Malware payload (Mirai)", "value": "b6d4e225bb8bd982786cdd8ea16f2a4b9f4a016d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604086, "uuid": "59d2ca6e-e063-496b-b246-2b3abd2d49e6", "comment": "Malware payload (Mirai)", "value": "44eb2f7e1e767d83fad41a05644b982511371690a090b417cfaf9ad64b78e8caf20b2344151eecb6979837eb5f0f68fb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604086, "uuid": "25c28ed6-8ac4-4c83-a383-246f424a24b2", "value": "T157D2E0628D96C560C9349C39EC764EDB7B081BBCDAEE72621E508C046EC7058F1AE9C7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604086, "uuid": "eb98a000-dbf8-428a-a01b-d2ad9d4b092a", "value": "768:A/CfMn6YhmiYHiE6CbNTTfrL5GvElD3Y9q3UELgqq:Hk6YnjE6+NPfro2L5q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697604086, "uuid": "559bb930-c940-4161-bc9e-9d59a102ccd4", "value": 29436, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697604086, "uuid": "02660f18-a829-4cc1-a5c8-54ef6f173be0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604086, "uuid": "44645bea-7db4-44e5-97df-f8586ec09686", "value": "ef4781f34c065795c034de8e16a54801", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3625209f-6da6-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697627113, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697627113, "uuid": "1561b06f-aa88-4e0b-a5bc-d20e63d78fb5", "comment": "Malware payload (Amadey)", "value": "bdfe5f572c371eeb9bffb2ec154049e6", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697627113, "uuid": "6efb489c-b967-40d6-b7ed-74cfc6f4366a", "comment": "Malware payload (Amadey)", "value": "951dbdb3c729d3ea42bb5aa2d2ce9f265d7acb67b170e890365a783a99e24164", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697627113, "uuid": "63e92b81-2629-4696-9936-d07197a927cc", "comment": "Malware payload (Amadey)", "value": "6b253d218cbb3adca8422fee2e53ff986b584e64", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697627113, "uuid": "3933acec-9c37-49e3-b2f7-b0ec639b42f5", "comment": "Malware payload (Amadey)", "value": "20069033768cb7a1b832fabd66868b186003385baeb44caf10b0bec1504a80c5ffa75d48663e90f232a85ff394491a1f", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697627113, "uuid": "a13d2006-22bc-4242-b89a-6d540bed3c8b", "value": "T1A1352313BBD89472E47137705CF603871A3ABCA599B8AB2B2785A88E1C735C4D532367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697627113, "uuid": "cb2cb5ea-410c-48f3-b1bb-5c0d24f01359", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697627113, "uuid": "0a3b9891-7008-4636-8a96-289f05755ab2", "value": "24576:tyLvXXjfWKybBib9v5fuxoPzfJGy02NHsOsnsm/hg:IbXjfWKqBM9qWzRx/HsVs2h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697627113, "uuid": "51845bd4-866c-4745-a28e-30e4e29e6e3f", "value": 1086464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697627113, "uuid": "243bf491-5f5e-495a-ba2d-63a72d06e1af", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697627113, "uuid": "c3797456-6868-424e-ac2e-c0cd47c6a0cb", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43d1c338-6dcf-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1697644745, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644745, "uuid": "00742855-09cb-4819-8a21-b1da2a92c57d", "comment": "Malware payload (Formbook)", "value": "bebde97040eeecb866db4f6eff2a0f3c", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644745, "uuid": "2dd44b2c-3b96-4878-adf8-c493e8315aee", "comment": "Malware payload (Formbook)", "value": "95f512905d4b5ebe18ec19e3a3b2dffbd727e91fdc0177667512b44fc7f5d857", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644745, "uuid": "a79324f5-1e92-4460-8c93-accd0141a429", "comment": "Malware payload (Formbook)", "value": "eef9d50a9ee55acc5c4c389d5a0f3105a14ccf96", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644745, "uuid": "e3313b46-2ae1-4783-a92e-e539c4214c40", "comment": "Malware payload (Formbook)", "value": "452a2763afab384af02182ec1a022f9417179988eadc6cb13c8f1f68a6c96440d550a7859bdad13ddfa74033a7e9d4da", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644745, "uuid": "0863b2ea-4be9-4d20-9750-ebbaf5b052d7", "value": "T12C65F0039804DAC3C45D83F8BD1329E90E0D7F2AE8D979DB14927F9B3A31AA7095E15D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644745, "uuid": "99b392e4-9346-4b2a-b69b-16bd37238576", "value": "24576:MWQmmav30xsxZyZw6VC+6bvdXXXXXXXXXXXXUXXXXXXXXXXXXXXXXjbydZyWw6Vx:hQmmQ30G7F6V76z26Vp6/JTHPkWH6NL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644745, "uuid": "16d880b3-7c9c-4375-af83-4acae86f8210", "value": 1492480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644745, "uuid": "65f18b19-3f82-40e3-a759-fec03d555a28", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644745, "uuid": "de884676-46b5-4649-9115-fec8a2fd989f", "value": "\u4e5d\u6708\u58f0\u660e 40981675.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c54eee98-6dde-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697651405, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697651405, "uuid": "99682e54-c710-4c7a-9eaa-4090b3cdd38f", "comment": "Malware payload (Mirai)", "value": "e71b9bcd55116c82020934c7039a541a", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697651405, "uuid": "03b500a1-117b-451e-95c3-8d0a699f60a4", "comment": "Malware payload (Mirai)", "value": "960db5c4c6561d9328279279ec910e0f8c4f6ede02d026ae8f785bb036b1ee60", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697651405, "uuid": "d9042091-c913-4c05-ae8e-c2925feecc6d", "comment": "Malware payload (Mirai)", "value": "e4535731d4d63c97ac568fa98be0c8c47d4d6d9c", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697651405, "uuid": "2a8fa88e-bf82-4916-b128-f34246102c6b", "comment": "Malware payload (Mirai)", "value": "b2c18e591da1070592f8f7c12d27ddc4c6d470d336d84663166ea3703a63942320f962ea526c5255aa104a6487b79f84", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697651405, "uuid": "04deaa43-a20f-4ea3-914c-6d3a1214c03c", "value": "T1B1C2E1FC7EBB6E83CD1B00355898EE3386B0A5A5C39B7297B24541026D171E57E27CD4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697651405, "uuid": "d344b81a-73a7-42bb-a6bf-64b4f54de186", "value": "384:M21DMwk8JPyGNoDZsEXVZVBy6xIJSlSmknnLZddZ6TJfUVlMWEbo28tEe5mjXyUP:vMw4DZdFbBy6x3K/KdWnH5GybV0Nz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697651405, "uuid": "22982c5c-a457-4128-8aee-91af0c05b757", "value": 28048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697651405, "uuid": "1fa46d46-33c1-4dee-81e9-2151adff2daf", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697651405, "uuid": "cede3eff-d35c-4ddb-958e-888f9244b2f5", "value": "sora.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69bffaff-6d9e-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697623764, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623764, "uuid": "98171599-f351-4fba-aded-4ba1b652966b", "comment": "Malware payload (AgentTesla)", "value": "51e88df4bc1b77b3c34939f949272241", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623764, "uuid": "1009364d-18f1-4633-a14a-f6ece0515795", "comment": "Malware payload (AgentTesla)", "value": "96a0e2eff78612e8fc935e515a148b2bc6a2e85526b2697590187c2d70be338d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623764, "uuid": "84f0c29f-f4da-47fd-8afb-1aac0a14da0f", "comment": "Malware payload (AgentTesla)", "value": "47a508223cb135bb32ccbf4ccceebac33ee3aaf0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623764, "uuid": "6bc6821c-dc46-4800-995c-3271c936f3a0", "comment": "Malware payload (AgentTesla)", "value": "d9c03f81fd81305f8c4fd99ff128d6e674d70e5fa9fb2dfa8d717d9f389b0ad45d601ad6957ec9e505eae06ca7ee0cec", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623764, "uuid": "e6181587-4f15-4037-a627-42f5d02d3875", "value": "T1EDE423D042B35F01A944AC2EB13A1F997172C97D271FBE042879ADC5E89A50DC4C79EF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623764, "uuid": "96abd9d9-450c-4e09-9880-3903d0396d42", "value": "12288:fWSwBuSNMROm9WvlbsHWs2eRAv31ZtFf1M0x+TmaxBh1odmmtKnwHGjB:HsuSc9WvREn9RANZtFq4+pjohUnDB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697623764, "uuid": "0129fe1c-93b6-401b-8062-51162e863c68", "value": 659318, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697623764, "uuid": "45b63796-3758-4a29-81c8-6b7d7f10bf37", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623764, "uuid": "ffe65885-07c7-4870-adeb-75c9176fd94a", "value": "ScanFatura001_10.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5325b48a-6d5a-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697594520, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697594520, "uuid": "ccc64eff-27a0-4712-b9ac-15592413f323", "comment": "Malware payload (Smoke Loader)", "value": "5ba170d33e9aa365192615ec69b17723", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697594520, "uuid": "f5a3b694-2ecf-427d-b9c7-3822ff311d6f", "comment": "Malware payload (Smoke Loader)", "value": "96a6e6f7fe394ab529a28ede2480044331c52f2a18d3ee9290cf23397ba1c210", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697594520, "uuid": "e88ab368-cc11-4e9b-8bee-de53dbf365e0", "comment": "Malware payload (Smoke Loader)", "value": "4b55a608bd56f0692991086ee4b75d7f894cc2c4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697594520, "uuid": "10bebb22-84c2-439a-99c7-8cf201cccde5", "comment": "Malware payload (Smoke Loader)", "value": "53345b815d99741d75caf0c84bc958deb04dbc42ff9be3961151f477850d380bd4d5fc51c1865b97433292e6bd56b34d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697594520, "uuid": "9ef878af-a7d4-4e95-a5ec-ceadc29ab31f", "value": "T1693523066BD87423DCF027B068F603D30A797D529D78972E6287DC5A1CA2385E4377AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697594520, "uuid": "f1f7dbf9-f748-45e3-8e65-fd47892a1cae", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697594520, "uuid": "ea4999c2-9acf-4354-be01-f79c9cade097", "value": "24576:Oy5kHROoNB8/ieDaSPodePZ/PX4V9B/tOkJhBBIeNb:d5WQWBepDaSAdQZnodA6BB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697594520, "uuid": "9fd32aa5-3a45-4968-8d73-f0032df11cca", "value": 1094144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697594520, "uuid": "5a38fe32-5074-4452-91ca-15e2b072ff3c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697594520, "uuid": "02e16afc-5058-4f5c-a8fa-b2476ba59cd5", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dc6ba46b-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697645431, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645431, "uuid": "692ba96b-a347-4f62-aadc-c0047ad92383", "comment": "Malware payload", "value": "b057ae5904091b45f01554707d3f6698", "object_relation": "md5", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645431, "uuid": "730a4930-8cc0-49ce-98bc-bc1f734c93db", "comment": "Malware payload", "value": "96e7a31324212722e6f63b138c48026facd19b6e0a825cb714027318f9865943", "object_relation": "sha256", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645431, "uuid": "b884da73-105f-406e-9a46-4b60a6d12d61", "comment": "Malware payload", "value": "93c94cb7bed429b55cd1bb422d7b9056f8d50f1a", "object_relation": "sha1", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645431, "uuid": "9f7dd0ed-abb5-4a28-ac29-66fbbf95fd54", "comment": "Malware payload", "value": "c0a1c90ee24bf9d28a56bb6517da8954715febfb1e3905d275b6d1d1205cc00f477a0aaac26429a74a1dfa1ffe128ef7", "object_relation": "sha3-384", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645431, "uuid": "f5189631-b9f8-4311-8fe7-70f712fca2ed", "value": "T1601439332A07FDC5EBBF2EA4A05438521C593C6B9734926CF9C80A9638E5654DF18EF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645431, "uuid": "01d09537-8eab-4b7e-b18d-15db29156483", "value": "3072:ebRFRRe9PBGwUkPhbUOmik4BfPWFqvvtcHU1lDJ:ebbRRgPHPhAO9k4BGFovyHUrl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645431, "uuid": "84ff4647-359f-4c0b-b210-43b94960511e", "value": 196547, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645431, "uuid": "a3cfbcd8-46e3-46cd-a352-f1c82500a7e0", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645431, "uuid": "3d173142-e7dd-42cd-8c8a-2a580ddf9f2c", "value": "PROOF OF PAYMENT.lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f69fc3d-6dcb-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697642993, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642993, "uuid": "627aded8-5d7c-4a54-8944-b163b359636d", "comment": "Malware payload (AgentTesla)", "value": "08c1d9376b63d52d4bdade68d3558044", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642993, "uuid": "42c4af9f-bc1a-41d4-942f-3ae83148550c", "comment": "Malware payload (AgentTesla)", "value": "977cb1283020fcf7c702fdaf6ec84822bb0f9486039c53ba538d3a5f0b59dc46", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642993, "uuid": "c9fd4bc3-0994-45ca-98e0-85e9b4dad361", "comment": "Malware payload (AgentTesla)", "value": "4b3fe3b798d22c247ca4cf96d24b6156a252d8f5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642993, "uuid": "302ac15e-a8e1-4b92-9fa3-29c8aad87da5", "comment": "Malware payload (AgentTesla)", "value": "d8d840f721d80870b33b3b990996c5f01b310aef234cd9a3688b5477626989a7fa35675d6162b5a440697494ef9b4c26", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642993, "uuid": "0450dc5d-9ddf-4e4a-b4e4-8b5c390fa02b", "value": "T1F1E433A25F3F552B7BD419DB802A3D2A8F300101A5940F7B62C77359493360BF6B7ADA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642993, "uuid": "9f5bcb85-96e7-4fc3-848a-29f950ff47ac", "value": "12288:GeqZxuI9HuQQivR5OF+teE2VfTxJhiFgAKvGXp9bogTQelw1qTglJbl07af0ftbp:ujuI9Hx5RjuL9gp/kelw1qTglQaet9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697642993, "uuid": "e3e60663-e579-4fc4-9a93-86c95cfc3964", "value": 674924, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697642993, "uuid": "4700f2e1-689f-4280-b090-9f8aa45310eb", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642993, "uuid": "3189f3b6-e08b-46fd-8dba-5d8a456bfb35", "value": "Remiitance copy.r15", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b405435e-6d61-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697597689, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697597689, "uuid": "4c4719b0-5a5b-4e82-a710-e185441102ef", "comment": "Malware payload (Amadey)", "value": "1ed2004dce4885774aac3c60fa74b690", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697597689, "uuid": "a050caae-1464-4237-bcd0-60aec862bfd4", "comment": "Malware payload (Amadey)", "value": "992179897e69275779770d1d20c413263ec45681ab28c9a02a561efede53b9ee", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697597689, "uuid": "ea963d9d-4b7b-4573-88b2-198e03e0cefe", "comment": "Malware payload (Amadey)", "value": "dcc0f47cd4b42da26f91c02a8c4372f42c8f745e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697597689, "uuid": "798eac76-45cb-4061-8fff-24238559b6df", "comment": "Malware payload (Amadey)", "value": "c2d72a18bf3acd29d87f096767f67c4221124b15f1743fc50e4a0ba6a33ca8957d526e92b1b4b442488593fdca1aee14", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697597689, "uuid": "a055d770-4738-4890-8cf8-59cb166a1557", "value": "T15C35230277E94432E4B51B708AF703830A35BDA1CAB5976F3796A64E5C332D9D53232E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697597689, "uuid": "0696bcf8-3eb2-4867-8228-b6a768cb1ce1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697597689, "uuid": "1b687e16-48a7-4d9e-bbf7-03619443b3d4", "value": "24576:sy//gunBpxKNwyC8skU0jI5eg2P0/3UzH21mwXyWdqToc:bHdPxK6yTrj9g40vmg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697597689, "uuid": "c586a60d-8803-4afa-a4a2-dc492a074629", "value": 1094656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697597689, "uuid": "0e7b099e-654f-495a-90a8-250cda6f4aff", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697597689, "uuid": "ab6dbb88-02bf-46c2-9c3a-7ed0c93efb90", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f524005f-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697596510, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596510, "uuid": "65b8a809-80c7-41f5-8b2a-a7390092c42c", "comment": "Malware payload", "value": "abab5679ea1bdb51f9c2cb49bda13343", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596510, "uuid": "3ae5e341-6175-4ff7-95d6-9cad087a57b5", "comment": "Malware payload", "value": "9ac19f60af472b25e1f474365e22b5ba5b481a08138d9fdcdb046f1d66cfe4ac", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596510, "uuid": "80bc2b0d-0649-476d-aac6-b3ed63696dca", "comment": "Malware payload", "value": "a6a9d5fe535a1469ff678c24c8d79c39725c5e77", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596510, "uuid": "25b9513f-aacc-4e7d-833b-d0e6836bff0a", "comment": "Malware payload", "value": "18e1fcd85c5e3348583512f2ecb8c04134d9c174f79e4a3e71a31ac2d6993f998a416a1de980d394559f41daba62206d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596510, "uuid": "f41438db-eb8d-4088-9b4a-0d884cee9089", "value": "T16005F13976D6EC5FC02B18314CC3CAD8B9F9AC728FD8A38B7658165E2CB21916C3B155", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596510, "uuid": "b5cd7da5-06ad-4b3f-abad-e27f5d96bc7c", "value": "deba71fcd4e68e93af678f2a5e291977", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596510, "uuid": "e8ccafea-0709-429b-945a-608aedb5be5a", "value": "12288:+R5nWFpPoSkgiXiMhr14hBb0QwlPImIyGLj5cExVbR7XPTL+:VbTiX914hBilP4yGikVVXO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596510, "uuid": "eecfdc9a-2b2e-44a9-a1f8-bcfe697a4cec", "value": 820099, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596510, "uuid": "5755f6f8-dde6-400b-8dcf-0b0dd053ee1c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596510, "uuid": "b5574aac-03f9-40b3-8f9c-1fd4863155fa", "value": "SecuriteInfo.com.W32.Agent.CE13.tr.2596.17161", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a9a17538-6d70-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697604114, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604114, "uuid": "a69b0c3d-dc7b-408c-80dd-4648d1bc1152", "comment": "Malware payload (Mirai)", "value": "0441ac1e94d07066b4f3755a2609bc6f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604114, "uuid": "18d7bcc0-5167-48d0-b49f-0fe03ce346bc", "comment": "Malware payload (Mirai)", "value": "9b4293932b64d06366c63afa57e90ae2cb791372d64e6f79c72e6ca208a7e60d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604114, "uuid": "eece95c7-bb88-45eb-8733-b1a182e9373b", "comment": "Malware payload (Mirai)", "value": "eca705343d234d3be0a98f5fbb2bc014d3cdde04", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604114, "uuid": "3e8bfdc1-add5-487d-8465-6c7bdd33c408", "comment": "Malware payload (Mirai)", "value": "59cae938f5e730e4f8d0b6ed26eeb8e7e14e8ced929218ed92416c1f6d917e1efba328fcd64d5e12ca5ededdb655aff7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604114, "uuid": "22336a39-f75d-41ae-9d0f-23bc4b25bf60", "value": "T155B2D0C42682CA27FB87E035A82E1D4AA5F7F150971CE3A7DE02D217276389B0783D19", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604114, "uuid": "b393027b-60a9-4630-9453-3ecd50cb4318", "value": "768:wX5DCK8a2Je1pNat3uzpsV7ddJZJGXwQQQB:wXIpXJawt3u1sFFZkmm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697604114, "uuid": "02ccaac6-895a-40a9-8df5-51055c9b924e", "value": 24704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697604114, "uuid": "edc4f47a-4375-4614-bfb1-b4ae1fee5859", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604114, "uuid": "47af3e54-fd3d-4e17-bee0-f81a29ad2c55", "value": "0441ac1e94d07066b4f3755a2609bc6f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d982ae11-6d8e-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1697617079, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617079, "uuid": "20ae823b-0f6e-4675-9a9f-74818dde70cb", "comment": "Malware payload (Stealc)", "value": "6e29b070bdd2ebddd72b18b100275748", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617079, "uuid": "ee66ca46-4dc4-46a6-aab2-0cfaf4548e4d", "comment": "Malware payload (Stealc)", "value": "9c53e9c83f7648eca0e6c9469468fab057a07fbf5d584b9203f9806d6d9540ff", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617079, "uuid": "f0667afc-d77b-497b-82eb-5f0e7ed06fd8", "comment": "Malware payload (Stealc)", "value": "a03f5268daeb88fca39377dd6e57aac12a0abdfa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617079, "uuid": "288c12dd-cf62-4937-b53f-e04976b593ab", "comment": "Malware payload (Stealc)", "value": "45509e6c665eecd1fd15f882eb48a9aa8296740246c66ec2e49628e9d7825475d9672d71225ff9d0beb1add0689facbf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617079, "uuid": "2a8a1e63-77a2-4d7f-a1cb-c38db366840b", "value": "T17654CF217AE1D436E1A32A344830C6961A37BCB3AA7485CF77943F2E9D317D05B66B43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617079, "uuid": "2e9e1453-6e99-45b1-b01e-f80295073d69", "value": "dbb117396bfc17b04ab18e75dfd645ca", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617079, "uuid": "9190b03e-9f52-4bc0-92eb-9e7c5de170c6", "value": "3072:YJBNI9Py0Vx0jGp7JqsoGc/5N/Wip5JKCU7oUJQhtL28eRhCsZV:OSxy0V+Gp7Jqslc/9XJTU7xsS8eRQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697617079, "uuid": "678c9993-6dd8-4dd4-9042-e6af044d70e3", "value": 279040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697617079, "uuid": "25679908-1977-49d7-9435-5ebaf1ed3357", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617079, "uuid": "ccdc362e-154d-47fb-b8f8-eea1cdca3d0c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "522ace38-6d89-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1697614705, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697614705, "uuid": "e4ea6ce4-3953-4392-98d1-ccb479f2485c", "comment": "Malware payload (Stealc)", "value": "d6e0705d295441139ed8be8f35d7e869", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697614705, "uuid": "88f522f8-26aa-4a64-b709-34e77cb0567e", "comment": "Malware payload (Stealc)", "value": "9ca71cab8dbe56d82d22bd54e49cbc5a21a30969c415cbc15a35af76f98afc4a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697614705, "uuid": "fe9bcbf5-67e5-4e30-a4d5-be1d8746b216", "comment": "Malware payload (Stealc)", "value": "ff262ef79bd3161babe5d8bc063148cf8bbc0aef", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697614705, "uuid": "26c74359-a7a4-455f-822c-f3008353ce87", "comment": "Malware payload (Stealc)", "value": "b53d9c1a2cc801c42f12e43c8421aa8ffe0d805c7f20df58937bf9695de502f595c39f392e5c46dd559518a5a3b01697", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697614705, "uuid": "f8a3302b-e2dc-4f69-b1be-fe4fe43e7d6f", "value": "T1B4352352BBE89472E8B9277001F603C31A36BCE58E74862E175AED291C336D1E935377", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697614705, "uuid": "af5a2dc5-6528-40c5-b022-c42ba349bad7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697614705, "uuid": "e918025b-e29e-4e1f-9ef1-4630ccd847ab", "value": "24576:jy5SI1jIHOR43LqPu+zPo1xdN2GgOMCxPgCTBjEoC:25SQIHOu3uP/DoTj2GfCC9h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697614705, "uuid": "028b3579-3d9e-4c3c-ade7-77679e70c145", "value": 1088512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697614705, "uuid": "f0416772-e459-4755-a38a-81c73d620d3f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697614705, "uuid": "4bf41d56-1400-4dd9-a71d-539abb4cc885", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "476b9ed2-6dcf-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697644751, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644751, "uuid": "aab2b563-ca86-45a0-9928-7e31d6279d4a", "comment": "Malware payload", "value": "feee1fbd6bb55144e0a9066e67001a8f", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644751, "uuid": "d5c1e898-7fc6-4e05-8f9e-2379b30ef1d0", "comment": "Malware payload", "value": "9ce79d80d6bb7a413c1b6a678b2d095983c49f800407f5a576582dace86fd3d2", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644751, "uuid": "f679d073-f130-48b6-8f5a-08b89e111f20", "comment": "Malware payload", "value": "3cb7a9cdeadf5a92c9f0f65caa1945da46de5c48", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644751, "uuid": "e99a14bb-afda-443e-8dc8-928dab2a9b84", "comment": "Malware payload", "value": "96d378c9f277ed32c67d6def3f3ee8b37eb58117e2478944fa0284d1f9c47c162d3d8333e41675fbcc02f20db138893d", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644751, "uuid": "3d502640-5613-4eef-9313-5fb412b65d6c", "value": "T116D3F14A7165E85BC162E17F0DCCD4FB170C7C949E52D24B32807BAE68B5483AA2F336", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644751, "uuid": "f4cb9990-a29b-4c14-908a-1b9ab23cff6f", "value": "3072:2FzcgBbqo5jT68GcFC4J7R1LqQ1BBBnPuo:2FzcOPhTqQ/tpq2BP7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644751, "uuid": "afff1cd4-40b8-4939-aec5-21193e9ec9d9", "value": 132608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644751, "uuid": "e6ed5da2-6cba-477b-ae04-3e9a779563e7", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644751, "uuid": "e80fee1f-4b14-4139-8c67-4ae92a2222e9", "value": "SNKL Order PO-0092744.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cdaf72e6-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697645406, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645406, "uuid": "7d5553cf-5bfe-4e7d-be45-ba9e0a878374", "comment": "Malware payload (AgentTesla)", "value": "2b316b68c92ff42071486a87466dc478", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645406, "uuid": "41ef44a4-fd9a-49ff-aa1b-d248f2e44a73", "comment": "Malware payload (AgentTesla)", "value": "9d3b52ca879885a78c6877c9ef71c18fd7584ab7f1aa94e6154edf5fb1d553f9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645406, "uuid": "d2047c93-1872-426e-bbac-3418fefafb74", "comment": "Malware payload (AgentTesla)", "value": "1dfc46b57510fb69525b5a63a1f23680d0cf6442", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645406, "uuid": "5596ced5-6405-4617-910b-75be8d07347e", "comment": "Malware payload (AgentTesla)", "value": "c762fb079bd70d77e7760b22d9cdfd0fbcc70bf30c6a38103ac808244651ff808e6813390b6aa9b76f61c3535a10c09c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645406, "uuid": "f6745c25-92d7-426c-b2df-ec44a758142d", "value": "T179155D3D29B9263BC1B9C3A9CFE1C827F154986F3421ED6598D753A64342E4639C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645406, "uuid": "e131f1d5-db68-48f8-af70-e832aa057fba", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645406, "uuid": "e3fba4f0-abb3-4268-964c-413ad212a810", "value": "12288:QarXF1y/nUHKprxBsTTeQUZ6iiFEcQIrSsuxrGNd3KrRWydhzI:73tq1xB0eRIFX2sugb3xy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645406, "uuid": "6167c685-4939-4a00-b6c5-87e2ea27e104", "value": 951808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645406, "uuid": "e67cc930-dc00-4248-8229-0d95f96a31d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645406, "uuid": "d3aa40e1-c490-47e2-a9be-e32fe5a3d446", "value": "DHL097767567778.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b5ad0e3-6dd4-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697646932, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646932, "uuid": "c0995070-d037-49d5-9316-e5591d4e32ba", "comment": "Malware payload (Smoke Loader)", "value": "dc143c1f317c2ea3e3104017dfed306a", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646932, "uuid": "64f3e86a-23b4-42a0-a4b0-e986015773ee", "comment": "Malware payload (Smoke Loader)", "value": "9e856b0959a1a96baca611d7ec36474a3dcce9b5e1a3ec49bd328de6cb5ab7b6", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646932, "uuid": "7abc856e-8046-45d0-89cd-0453f8a7f745", "comment": "Malware payload (Smoke Loader)", "value": "4a860bd538f4d7d7c654e691a455c17ea96630ac", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646932, "uuid": "b9da81f7-c95a-48c5-bad7-17cbe080f3d7", "comment": "Malware payload (Smoke Loader)", "value": "e615c36898ce7db19a3b3fa131771f256687cf758d5cd9007c918459c3f74e8ec65887ace4db104dd91429377e39a933", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646932, "uuid": "8f76d3fe-2f3a-4239-944a-daff68bf78ca", "value": "T12C34AE01B6D1C073C572153609E4EBB55A7EB8700AA69EAF67F40FBE4F302C1D631A66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646932, "uuid": "e1bf658f-486d-4809-8685-ed8ed3e157bf", "value": "4f0cdfd3e1be2bc790b5aa9061b7d52c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646932, "uuid": "414b4e54-60d9-4e3b-a572-07066987c2a9", "value": "6144:dmwX4FIRd5DzznuBosiDKl51eAOO3U2/slBGTTs2aTi:dZIKd5DPyeaTTsbTi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697646932, "uuid": "2f2d8d88-2e48-4bd3-8042-ff4807b0f4d4", "value": 235520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697646932, "uuid": "6b5d4c80-639c-4a7e-9e0c-634ceeb2c655", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646932, "uuid": "d4fa59dc-b407-442d-b3b5-6684cfeb4fe4", "value": "dc143c1f317c2ea3e3104017dfed306a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2f30ae0-6dd6-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697647911, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647911, "uuid": "13ed9445-0878-4f4f-aedb-d8952e48d2cf", "comment": "Malware payload", "value": "3f9701479e0cfa6aca0aea120629a73b", "object_relation": "md5", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647911, "uuid": "41c89e02-ae52-49b3-a17f-c8724995a722", "comment": "Malware payload", "value": "9f6e408536384f0a44dfb15fd76e8d076f160ebe7ac96b0237ae6a3ce4cbb6cb", "object_relation": "sha256", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647911, "uuid": "ae9d547a-dac7-488e-b727-a464c506d0e6", "comment": "Malware payload", "value": "7932fa1115fa2f45a726b718ef3b6d0905d046f2", "object_relation": "sha1", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647911, "uuid": "31f43fa7-dee5-497b-90f8-7359e01b7e9f", "comment": "Malware payload", "value": "ea8fbb351312808c9dc4276dbe434b4b3c3d7dcd262042f2824fe4bb3e16876ce3d12806fb17d7a8e4c832b9866e3f1a", "object_relation": "sha3-384", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647911, "uuid": "68790262-13e4-4ab6-a8fc-e68a4f2bddab", "value": "T10551440236DC02093562558496EF63F0CA6BB57B693EABCB418D4C4E1FE26C44857BA3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647911, "uuid": "cae866d1-a116-49bc-b424-66a6264599ef", "value": "48:9QRsku7RsulcfVC1ubhIZKK1tIQNvtMD12N2OXNIBXNVNPqNENWN5NCTNtNTpNV3:UskuledC1u6vapKEVEs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697647911, "uuid": "07402a54-fab7-4b11-aea3-ff33d628b99e", "value": 3092, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697647911, "uuid": "641df91c-5b33-4028-90de-4f1e3fe37bbb", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647911, "uuid": "2f7f56d7-0545-4225-a021-c5cb56856537", "value": "Dinarski_izvod23001101572573100314958220230928pdf.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6722c634-6dcc-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697643516, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643516, "uuid": "b8f64c4e-abdf-4ca8-86eb-b2f90f7abe9f", "comment": "Malware payload", "value": "7d0eb6194016cbd9109b1069523a8471", "object_relation": "md5", "Tag": [ { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643516, "uuid": "8dbd0845-80a4-4dca-8692-d94e976a4efd", "comment": "Malware payload", "value": "9fdae4fbd739152ee2fb89d6e160f0616ac7f4f26af0b1941ba832b8d75652b6", "object_relation": "sha256", "Tag": [ { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643516, "uuid": "e11bea30-dc2f-46ff-b49b-aef97acc68b6", "comment": "Malware payload", "value": "758add41e9ed17ca9c244391f2f7e4cf979c7b47", "object_relation": "sha1", "Tag": [ { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643516, "uuid": "50e65a7f-50cf-440f-896e-5abb8d0e7f5a", "comment": "Malware payload", "value": "86417458a3a8b8aed716f758dd6f7fd1fb6219295db3ff33abc760fbb4ce12def21402088b9aee40d21053a5236a778b", "object_relation": "sha3-384", "Tag": [ { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643516, "uuid": "99c21a58-9a62-454d-a2c0-58b45bc844ea", "value": "T16AE433C9CF866558A25BC10A32B67410B28D6AB4175D30F7323D7CF997D26E34BCB849", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643516, "uuid": "bef6d621-f84c-4c50-a547-c6af7c66cfe7", "value": "12288:TLmyjCT+R9uepnZD3lKSzkqw0fQh1hfz0QxMaA:TLmy2T+RpPDlKikqwz7hfzOaA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697643516, "uuid": "1e9b2cea-92e9-48a1-a479-7e9ee55554ee", "value": 677170, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697643516, "uuid": "a32051c2-33b4-46c5-a45d-5384693eb58d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643516, "uuid": "c11e3d66-5190-4959-9dee-eb410134ddb1", "value": "HBL draft.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4539e1b3-6dd4-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697646895, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646895, "uuid": "45f2e7e4-e6a6-4efc-8b2f-fec02d651f23", "comment": "Malware payload (AgentTesla)", "value": "029d277a3d2b6e0ba52561e0847e8e12", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646895, "uuid": "48b790e6-feb3-46fb-bd06-601fa11d3fe8", "comment": "Malware payload (AgentTesla)", "value": "a0d37b7122179cfae4d425e12918aceb21ebd354f526b16c82c1bb13ea89b939", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646895, "uuid": "2914deb1-7194-40bc-81d9-78dd91a41a8d", "comment": "Malware payload (AgentTesla)", "value": "eedbbcf355ec67674bad095e631476b37c36768d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646895, "uuid": "cc153ebd-c250-4e49-b67b-792c960b2d9b", "comment": "Malware payload (AgentTesla)", "value": "e40ba54514cbdcdc47dc43268aba410f10decef303429dfb22436769e2905227ba963f27148f31beb4380e3103276174", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646895, "uuid": "ac2b33f6-ad55-449c-8dbe-fec6d70709e3", "value": "T1DD156A7D1DF98227B978DAA6CFA0C432F06296EFF5625D2AD0E746418702903B4C71BD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646895, "uuid": "913265a8-b921-4d23-a3f3-61acacc78129", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646895, "uuid": "a4d0b929-3a4d-4c79-a8c4-876ea93c6bc7", "value": "12288:Tmtk9G4idtJYb6tzcjCFFOWWLhJR0Sshc3e:TG4uJYb8zOCitLzR0A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697646895, "uuid": "f15deb6d-b079-432c-b1f6-4b84c70811c6", "value": 941056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697646895, "uuid": "401471ea-ed60-4eda-8a1a-67bfb62113b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646895, "uuid": "c2106e4f-4f43-4571-b7d8-d29f8b79f71f", "value": "Spinner parts manufacturing.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "601c2aaf-6d9e-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697623747, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623747, "uuid": "a2e535c1-02f5-4f4b-bffe-b15c35a555a9", "comment": "Malware payload (AgentTesla)", "value": "3b84fd1df3de8ed18a8c7691287bcd35", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623747, "uuid": "9018f7ed-bd31-4be4-9e82-ff7169eb950a", "comment": "Malware payload (AgentTesla)", "value": "a1050ca628974ac6d8b158626e9ab673896c4720253763499fb23a3d019a2244", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623747, "uuid": "64fb0977-a664-432f-b1d2-1aa5481f8b41", "comment": "Malware payload (AgentTesla)", "value": "7cb71acb722437e68f408304ee78682b296240e9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623747, "uuid": "798fdc34-9f17-4bf0-9725-75fbd7e616a0", "comment": "Malware payload (AgentTesla)", "value": "ba5ef9ff34ee45895b20bd118455af8d16c3dec8afc77e4f50ac6dfd8e02a932284f20c6c452ac252f2829fda3748b22", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623747, "uuid": "4dd56cee-68d6-407f-bde0-590c22d61761", "value": "T108450218E6F42158C9D309394E611394A2327492BF72E35AFD1CC6687B3C6DFC9C4EA6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623747, "uuid": "b1f49117-4d09-49c2-a8aa-fe23745cbfcd", "value": "12288:GJElm7PH83GVy3GF+0db3LgsasL5EeTiTwzF:dlg/8Cf9dbbtL6AB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697623747, "uuid": "c06ff569-58e1-4b59-bc54-efb14cde8a66", "value": 1245184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697623747, "uuid": "3816b17e-9b7e-4ce6-95c7-84395c1a7a32", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623747, "uuid": "45a89963-1081-44f3-837f-7eb8f36968f8", "value": "44120220531MES_S Quote.img", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a438cc5c-6db5-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1697633740, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697633740, "uuid": "51f53603-aa22-4c56-bba2-7aff265237be", "comment": "Malware payload (Stealc)", "value": "5d54a292aa802b599f589534819f9bea", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697633740, "uuid": "7f19fee2-434e-4ebe-96ec-27418fa678d0", "comment": "Malware payload (Stealc)", "value": "a1bfe37c9b7ae382a21af70a149b2f70c983f5875ba8b23ec3cf9b9edbe96a3a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697633740, "uuid": "968db6d3-8728-4ee0-aef0-2f6e2b7cc8bf", "comment": "Malware payload (Stealc)", "value": "d97ef80d873a02604d456b59634f9e194cbf7c9c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697633740, "uuid": "b79d6d5c-5c47-4d0e-8e99-c1c568d9da06", "comment": "Malware payload (Stealc)", "value": "dd6d33e1b2668dd1e52a32371b0d13fe5aeb0ba31290b414c15c7aab6317ed9fc462ba492ffc2220fe77dbdcb2fcd4bf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697633740, "uuid": "8d5bf288-3d18-4130-81ba-40ee5b6aef36", "value": "T1EA252311EBC84433DCF657B008FB07971E37BDA28D7051562706AEBE58329A4A87637B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697633740, "uuid": "701ea0ba-2eee-4ca3-b8fa-c3af9e1b902a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697633740, "uuid": "d56d9876-a553-4625-99b9-2939aad9927d", "value": "24576:syxuhsG5bmKbsJ3LF4abhOWCxvHpDANey:bx0D5bmssxF4acjJpDA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697633740, "uuid": "78f4d599-1eec-4600-bcab-f09d95c5d5a0", "value": 1001472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697633740, "uuid": "72dcab2b-d96a-4f69-b67a-eeb8025f3fb6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697633740, "uuid": "fef5720e-d230-49f7-9372-3ac0648f1da6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc1f8428-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697596521, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596521, "uuid": "0b39a70d-cea4-4a2e-95c3-dd3662dd59d8", "comment": "Malware payload", "value": "70f578ff05c613c218aeee9bd3daf296", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596521, "uuid": "11c8fc7b-a1a6-444a-8dcf-246e58d047b0", "comment": "Malware payload", "value": "a1d78ecef0820da0455febff55678f43f7fef0215a0c5f6d2600d4025d9d4fcb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596521, "uuid": "d57a4747-f156-4453-9e8a-5b02eec08011", "comment": "Malware payload", "value": "e687ff42234d1864642352b288c52620adc59944", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596521, "uuid": "3e2b5b62-694b-4fec-b2fb-c5656cdcf5b0", "comment": "Malware payload", "value": "3e4df58cb6126fea48058f62dd8ae9a92da0919977bf4382054f1dfffc4389e9b3defd6c1b3104743779d5787b938b53", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596521, "uuid": "70b45a65-33c2-41d1-8504-c6e30381641e", "value": "T101A5CF52F553C080D37B27F185A2633DAA7FE3411760CAD7637CDA2E5EB21926E2A701", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596521, "uuid": "3054b76e-cc2e-4bfd-8803-82b4e8b8a481", "value": "24576:mM5TpcYWWwQHuGvODXg70dPbKSPVE5WVKuGc6jE0wpZeH:mt5nzLqGKS+WVKuGc6jEW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596521, "uuid": "b0161476-0c75-4d00-8bb4-4ed03411eb5d", "value": 2084864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596521, "uuid": "bf3a2168-fc0f-439e-ade0-57d827e83941", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596521, "uuid": "dbd01803-fb59-45c6-9aa0-b363225bce9b", "value": "SecuriteInfo.com.Win32.Trojan.PSE.15IBL0F.1934.17703", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3059d76e-6df5-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697661034, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697661034, "uuid": "16bda25a-cc8b-4485-9ed1-9f93a6cef54f", "comment": "Malware payload (Mirai)", "value": "130958aea9d0d20ff6f5d61077842f9e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697661034, "uuid": "4911cc84-b941-4573-9820-fae2644e8e0e", "comment": "Malware payload (Mirai)", "value": "a234d1087aded201564625ca2e113a271c125a1eb59d0566a246cea6279d156e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697661034, "uuid": "336064ce-88ac-4c37-a0f5-767d1f600126", "comment": "Malware payload (Mirai)", "value": "d348b4714995fc338a930419e22dff9bad7b4037", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697661034, "uuid": "2ad08d34-c817-4d08-b697-a2498b0e8103", "comment": "Malware payload (Mirai)", "value": "b86f1f7bb2093f211a6acd1338eec3891fcabbf29da25c9f56f96402b6ff826a8d1e53d5a77f16ec267c060d246d6948", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697661034, "uuid": "ac9398ce-cca5-4642-bea8-22fc51de407c", "value": "T1CBA2C0B082D5F932C6300935DDBDC747EA1B57B8C2D6BC70229C074CB6EAA478A7A945", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697661034, "uuid": "0e1e1a7c-b809-43f3-a4bb-e0d4fbe7b9df", "value": "384:i80JLrGrVvpw6j2bzYXoFXsHqPd1s5n5CEEXFNSzhymdGUop5htv:MgdKPbsXoFQqV1sVass3UozLv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697661034, "uuid": "54a0c4dd-2f60-41e4-a841-e7b11835c740", "value": 21876, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697661034, "uuid": "fa1d56e5-a052-4fde-8a08-eacfa13fec4c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697661034, "uuid": "28ceb748-d4c2-44b0-bd61-f2c39a1c57d6", "value": "130958aea9d0d20ff6f5d61077842f9e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3dfab0f6-6dd6-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697647742, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647742, "uuid": "70afbfe2-6993-4ab6-9949-828c9e6b4948", "comment": "Malware payload", "value": "6c4b77ae4b347ba46eca6c9fe1d950ae", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647742, "uuid": "cf74758e-0af8-4cdd-b1c9-1aca5a033625", "comment": "Malware payload", "value": "a28a49a87aecc0ecd9f13454df34c1779c380a145754e001c3ff1001192563d8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647742, "uuid": "b4180b1d-cc4a-4a95-856b-c28394ba047e", "comment": "Malware payload", "value": "b2c3a39ed6dd68ab388f493acb9399ff677db485", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647742, "uuid": "ef5ad772-f3fc-4732-bec0-2c9ff7599e5e", "comment": "Malware payload", "value": "e6a4a2e153478a525cdc2b6989b88f89e775453eaad30765689af6e30e10f606f72b930f1741a394b597fd2394cdca4f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647742, "uuid": "9f0790f2-52b4-4247-aab5-4b1060ee7cc4", "value": "T1B0459E71B402C037E1A111F19A6D6BA611A8BB301BAB08DBB7C45E3D98F5DC36635F27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647742, "uuid": "d4a3e8db-890a-48cf-a32e-a70be7c91544", "value": "b625b0422748e8ddd8a2e69ebe413b45", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647742, "uuid": "bb8fadda-2846-45c3-b870-76d01146712b", "value": "24576:RhLbblqMyivFwmXNoNrY0MkNkUoXYSPbijMbRVFTZUENTTSaYd8FFbwzFVc+:bci/FHtLbijMtVFTZzNTTi6FFbwzFVc+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697647742, "uuid": "4b6edb31-ea1b-44a6-bbdc-389414308858", "value": 1280000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697647742, "uuid": "fb431453-4b35-44ff-99aa-a8a5fd5bd5f1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647742, "uuid": "718963ae-21f7-4b51-bbff-17d9afd79125", "value": "6c4b77ae4b347ba46eca6c9fe1d950ae.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1056b682-6e11-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697673006, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697673006, "uuid": "4232b82f-0637-41db-91bf-ed0dcd4f1f95", "comment": "Malware payload (Mirai)", "value": "1b36b53e2ab243ad8b1b38ac09e4731e", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697673006, "uuid": "61a062ca-2008-4351-b0e3-ae5b6f094126", "comment": "Malware payload (Mirai)", "value": "a2c77006437ea862762d490f244c38f1cefe7c5e458bcea6fc64b005a7a61430", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697673006, "uuid": "88b89240-c8ee-4988-9df7-dcd09eef49ca", "comment": "Malware payload (Mirai)", "value": "4f8b45112cdbd0845ad0c4d91e5a25d2e457d480", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697673006, "uuid": "9bcae1d3-52f8-4d20-9053-739cb234e866", "comment": "Malware payload (Mirai)", "value": "a2c03f3475677087f99494809060365b263835e107eb85a3ce42cd4898a5479cc74d6232b3cd4a23a4aca981771bbce1", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697673006, "uuid": "88067763-7793-4519-90dd-45a6e7fb6e28", "value": "T1F3A2E1217F1DE98FCC37B278C6E5E9C693D07D24D2DC89866741C16FABA36846830E46", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697673006, "uuid": "4f3558a5-afea-4937-bbfa-d61da9483651", "value": "384:M0DLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXaQNAr8vcoBAvP+qNV+KLebRtODlSL:x98o08kxofBE+ZkXaT47C2EpitGM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697673006, "uuid": "544f770c-df6b-428b-893b-7cc791118507", "value": 21492, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697673006, "uuid": "107f283b-c41b-4081-9803-1e80460c3011", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697673006, "uuid": "114401ae-6d1b-4cc6-9951-c0ac25b5be8f", "value": "boatnet.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c2318cb-6dcf-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697644759, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644759, "uuid": "e810a78a-655f-4884-bfba-216e3cc13c55", "comment": "Malware payload", "value": "fd8fb53ab7fa694061b522655c0ef606", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644759, "uuid": "9e7d5c40-1cbf-4f34-8dac-35e003bccbeb", "comment": "Malware payload", "value": "a473dfc4162706e4f299353381a26e1f372bcff5223ca8568de6acab98644933", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644759, "uuid": "05223a25-0799-4ee8-ad6c-68575544b63a", "comment": "Malware payload", "value": "e0e4a713ea490b03bcefbcf9c39e5656d33d12c8", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644759, "uuid": "a1de23ca-e1bf-4b7c-aa80-bb4a50e0eea7", "comment": "Malware payload", "value": "0d6e91ddcb61fbb375dc2d6dede5e616ed23d0955f80feeba16cba0d681ca6375ebc8eb04a9a3c55b893bd250c84ebae", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644759, "uuid": "db33e0b6-da16-4b8e-b04c-02082290c11c", "value": "T15DC301347A52F41CE59169720EC5E2DB062E7D55CCC6C5473808B35FECB8D96A2633CA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644759, "uuid": "82c4c9b1-91eb-464f-b572-80aff4e1780c", "value": "3072:WdmU2Y8VRvR/jTI8aiP6XA5kBIq9sMP20/MJ9cUYC:WdZP8VNRTbkSaIqaVHc3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644759, "uuid": "ce0046ca-3174-4b43-8084-b71517511e59", "value": 128512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644759, "uuid": "a07ee233-05b2-4abc-a63f-fa824d8dbc10", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644759, "uuid": "298ee1f1-6920-41da-b5dd-d7b4d2cf1c17", "value": "gmovr.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "53a6c8c8-6dcf-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697644772, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644772, "uuid": "b165df3f-441f-43b8-94be-5b3cab8ef47b", "comment": "Malware payload", "value": "3e6ed773fcd2cc9618c8220d150a3b68", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644772, "uuid": "791d662f-93de-43c4-88c8-673f6d006d66", "comment": "Malware payload", "value": "a4c1c04d6bf94a012f4abf50aac9b0253f0b72d18bbb5e832b2caa1e12d9be89", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644772, "uuid": "8ef42818-acf7-4720-8e9a-1a1b84059044", "comment": "Malware payload", "value": "4917ef95c2b2f1c0ad0a18700a60c5dc16ea4cb8", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644772, "uuid": "022f4a51-4a83-449e-a678-358119404223", "comment": "Malware payload", "value": "38f0ef06b344535d387ff06ea42b6f587df8fba86aae6518e90ad92747a842656c8ea0660983b330c608296c416b8ae5", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644772, "uuid": "b0d778c3-bcfc-42c5-ac8a-77907473599a", "value": "T1AA855A15F042C62FD79C293108AAE3FE77B87C4A6E858643715D732E3EBBA40CA56741", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644772, "uuid": "b83c98a8-e302-4016-9f65-261ac5b7de20", "value": "24576:XGeoKraxg8TTD1JlTwDNmM2XQXnWag7q2FFFmK4sRboIwIvlteqFnlLIOI+lm4KF:WeoKra6871m3WajK4sRbInYKz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644772, "uuid": "cc2d8f71-fc81-4721-aee3-02d4a9521363", "value": 1744896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644772, "uuid": "49f21fd3-af0a-42aa-8b30-2d97efc46882", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644772, "uuid": "95d89a2f-ccb3-4678-847f-9c131cacfda3", "value": "Copy of VAT3_Return_P051548844S sept 23 TEST.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad53e4ab-6d70-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697604120, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604120, "uuid": "07359680-4d7b-427d-a39f-9f4460af83df", "comment": "Malware payload (Mirai)", "value": "0a56e4d9fdfb6bc49b201edc1d6f2859", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604120, "uuid": "9b089193-4e1f-44d7-ae3b-866603467eec", "comment": "Malware payload (Mirai)", "value": "a52953f7fa9317e8adb340bddce2ee85bdb5b30221b74d99f61c13f8c09d83e0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604120, "uuid": "538361c8-41f1-4f34-b420-a892a399b1ba", "comment": "Malware payload (Mirai)", "value": "1ca606bd242277efaa1cc372bc39c12fc53ec454", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604120, "uuid": "ab4ef7bf-9160-45ad-9d6b-9bf86601e07c", "comment": "Malware payload (Mirai)", "value": "46fc1e75ac9f488842615b9909a8fef8ee86c0dd63dded28aff1326b1fcd39663cd63c0b2f47700ed32672a3b4dce6e5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604120, "uuid": "6835dab4-9366-44c6-83bc-47c54edad4ec", "value": "T16CC2E0DCFD6592D3C0485E7EA32D08CC5D99508A97A7231DEBA08C88B150E87F80E93D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604120, "uuid": "bbccf4e7-47dd-40b9-b6ef-778ba199f545", "value": "768:xfp8u7ovmG6BDsFhPOqXSXfveLlQeGwTehPIGr+oRWU:x78vmG6KhPjXSXfv0QjaKN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697604120, "uuid": "fbbc5499-0a4b-47f7-91d3-aef3c7ae9ac5", "value": 27196, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697604120, "uuid": "6dc7ae4c-f90a-4ba0-b21a-3ef4d112ead3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604120, "uuid": "60c06285-c598-4f5f-aa5c-300dfd7c9807", "value": "0a56e4d9fdfb6bc49b201edc1d6f2859", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a6d5030-6de4-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697653749, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697653749, "uuid": "e78c8af5-8187-4468-b8ad-0ea46767a582", "comment": "Malware payload", "value": "97fd71c9f7845bc9712d0101a5a52e91", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "joker", "colour": "#3BEB24", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "SMS Fraud", "colour": "#99DD5B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697653749, "uuid": "f43df280-5ef9-4810-93ba-0c0c9dc4bb58", "comment": "Malware payload", "value": "a59ceb42de98795df657e636aec45ded7208f689fffc1d228dce941d95750423", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "joker", "colour": "#3BEB24", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "SMS Fraud", "colour": "#99DD5B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697653749, "uuid": "9f3abfef-6020-44cc-b2f9-9a018d3089e5", "comment": "Malware payload", "value": "f1e38903b74446d373edb46cdb7be92fff596f23", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "joker", "colour": "#3BEB24", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "SMS Fraud", "colour": "#99DD5B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697653749, "uuid": "210e7ea6-9cef-4691-ba7d-362468f7e32c", "comment": "Malware payload", "value": "44837aff9a039958c1441e08906a45ccc3af90bf34868b10398bc7000c446caba49bd9ea115ad7b4bc355e42419d9598", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "joker", "colour": "#3BEB24", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "SMS Fraud", "colour": "#99DD5B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697653749, "uuid": "aa93441f-e2ff-4f21-989e-351ff5403f43", "value": "T139F723E3E35AFC69C263E539D7249057FE380DA85614F2171902F258EEB3E10E149BAD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697653749, "uuid": "6e703c68-a391-4525-aa01-4366f4a8d396", "value": "1572864:bnX0H5Kq1PY/cMmRpqmr6YZZW+jGCjrXS0jkfcFpk0QM:bkH5Kq1oaRpqm2YZZWrGXNccc0z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697653749, "uuid": "c945d15d-0924-4b52-889b-bdb43bbf7c0f", "value": 70445177, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697653749, "uuid": "88d91dd0-74a3-4f59-beca-015959273005", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697653749, "uuid": "6d00c329-8edb-4ddb-be29-ac7c61b95b5d", "value": "GBWhatsApp_New.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4d2e0cc-6d99-11ee-8907-42010a9c0042", "comment": "Malware payload (DarkGate)", "timestamp": 1697621742, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621742, "uuid": "dd17c5b1-8cfd-4035-8dad-a07afcb51d62", "comment": "Malware payload (DarkGate)", "value": "5324eea6406e5117044023461280ed62", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621742, "uuid": "9041fd01-81c0-4cf2-bdd5-fd2045949a96", "comment": "Malware payload (DarkGate)", "value": "a5af7bf2077787b00561b6aa2fa500d4c783645a84f4d7a466b2a83987dd31a1", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621742, "uuid": "2dddd454-0e4f-4ebc-bc85-7f11d489eb45", "comment": "Malware payload (DarkGate)", "value": "6c5f4127c4e6e464b92674ca253a8f82994c5115", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621742, "uuid": "560958c2-3574-42d8-ada8-fc52fb189228", "comment": "Malware payload (DarkGate)", "value": "bdfbcb2dee05966b404cd3e529a07dab8ea3ff36ad3e198fe40a35dff8f75c52658bfd3ac12256a648ef79ea62cb006d", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621742, "uuid": "c1b89963-5cb9-47ac-9b27-b3de88ba5b87", "value": "T1BC8302A0C61A46E5A466D9A734FCF43141E124825147EF9FBCEE393B9B1CE232F104E6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621742, "uuid": "786671c4-d812-47d1-87fc-31aad8f05d20", "value": "1536:Hpf8oW0+KDXfEjkCyejPZs0wnvmGmgMnnapd0oJku1fidvV6kcL:HFq0dLukEThngWbe1yvHcL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697621742, "uuid": "f1d9298e-2ecd-413d-ac5b-31f516b6d4e9", "value": 85032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697621742, "uuid": "0c455dd2-8f5a-4edd-b3a5-ce594d622ad3", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621742, "uuid": "0a15a5b6-68a1-475f-a571-b075b0ad181f", "value": "keu.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6090dcd-6dfe-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697665177, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697665177, "uuid": "3fa69d0d-38b8-4c1e-8ec4-0ac42f6e3ae0", "comment": "Malware payload", "value": "72cf16c7621299d6de434b9644236347", "object_relation": "md5", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697665177, "uuid": "2d182b09-b27d-4f0b-9078-bf47a4487408", "comment": "Malware payload", "value": "a604bf25d4d538da392ffc1bb6457910c60bcaf6680bde68eff95be9cf294726", "object_relation": "sha256", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697665177, "uuid": "54c665c5-3f7f-4ead-810a-a38d80f720de", "comment": "Malware payload", "value": "9656593d8c06811724a65b00a4e07288c13bbdda", "object_relation": "sha1", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697665177, "uuid": "da5d0126-d3e5-4d84-a143-3b1db4da9253", "comment": "Malware payload", "value": "bc23a943be2fffd1c2759aac475118da4e6f272eca12999b4315600db0486641ca5c1eea076d0848479da042768663a5", "object_relation": "sha3-384", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697665177, "uuid": "f4ad16fe-5ff6-4974-9449-82cd9b0de164", "value": "T102B3BFFAE53AC0C8C4428650A99C27D794DEC0F7595924B7387CCA873A4DEA5FC205FA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697665177, "uuid": "17ef6d67-7555-4754-8b92-6bfeaf4267d0", "value": "1536:6tHUZHIxpx4410iDEuQ6xaCmdNnExCoPh2n3R7IP8ZkjLihY4LYo1qh9:Q+s4AJoSsnEHs35I/jLiy4YMqh9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697665177, "uuid": "51fdc58d-d69f-4879-b990-b56710186ba5", "value": 115229, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697665177, "uuid": "91e243ae-8840-4f29-85b6-b69e44e908ec", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697665177, "uuid": "22ee0e05-51e0-4287-915c-cde9ea6cb1bc", "value": "18102023-ref0998.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3443ecb5-6df5-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697661040, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697661040, "uuid": "c792b56d-df90-4057-9948-1d6706384fd6", "comment": "Malware payload (Mirai)", "value": "13721c3aa89496e629048df51cf80a69", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697661040, "uuid": "4d6435db-00dc-4fbd-89dc-58366525213d", "comment": "Malware payload (Mirai)", "value": "a77e940c3ab2da40b52d8a7e461b5f3b4ef7371a3ceef77e3009211c257ea566", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697661040, "uuid": "20126950-a64e-45c4-ba0a-f7cd1c773989", "comment": "Malware payload (Mirai)", "value": "141f76131f208a9cbbcc484746ec8a77634d6bc7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697661040, "uuid": "13e158dc-faa0-4ce5-b5d1-41c06abd782f", "comment": "Malware payload (Mirai)", "value": "51d4672189bd3720e02b75c1e72a3bb30a975c4fd9afa9fe0a015607fa9a15fda5326347182655da3f21dd2e4b65f90a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697661040, "uuid": "7ce33be0-0922-4ad2-8b4c-e323d72eda7c", "value": "T1D423023AD6B8D523D6D10D3FFE3440B83F9712B4B4BBD16152025262B9F38895E6B14E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697661040, "uuid": "ff4d4d95-026e-4b3c-9ef6-84f74f56feb1", "value": "768:vKlVh2AQ3kxO7ayclZNaCIDZ1rlKSnRd5cia8e9q3UELUIyYPGdgPOKDJ+azxFp3:vKx2AQclZDIFjVRPcULU9lmJ+aXvZ0Du", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697661040, "uuid": "0ff2ef3e-4ad0-469e-8eac-e083e1661360", "value": 49500, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697661040, "uuid": "2ae41072-0fa1-4741-8faf-4a20b2d4c283", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697661040, "uuid": "e7a53aab-a2c3-4042-a7c9-6f1bac572838", "value": "13721c3aa89496e629048df51cf80a69", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f65d78de-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697596512, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596512, "uuid": "aeab8a4d-3b44-4bf6-924a-bc9aecf57d85", "comment": "Malware payload", "value": "f7a642c361b90935dc6e5a8942f2d07b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596512, "uuid": "0face77d-631e-46f1-b870-6a9c1596403a", "comment": "Malware payload", "value": "a802d4e1b1b54dcee2ec80bf08c5ae31429c6ed729cfca486d09a0991d89a342", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596512, "uuid": "56edc915-609c-4f25-a33d-8f67cd62fa4a", "comment": "Malware payload", "value": "4ec264b3e9f24d61d74951ff29703cc867665fa4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596512, "uuid": "c265bcfd-4307-4ee2-b153-e821151d93f9", "comment": "Malware payload", "value": "07e38a0c9bc0c6e20d8c5a5d5c4e646aed2731e84b3f7f541144751933e371062f9f4c1a3886dd8c065b5145f086496f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596512, "uuid": "b14ec466-069f-4352-b45d-ca264cc4b65a", "value": "T19593B553BA8CDC76D965137844AF93721239EAF49223CB235678D4364E63791BEC8323", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596512, "uuid": "1ae90c56-2a44-4e89-aee8-f6750c833636", "value": "37433f7201067cff3e6015c23cd3793a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596512, "uuid": "1c347dc1-84fa-4eca-9f17-4ff0525133f5", "value": "1536:nBn4ZkplMEPH2wWslzDG6d4Jg8sRYghjudju25yAZTiusOChC38usHf2fY6En66T:nBBplMEPH2lslvTd4RsRYghjudju2fZE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596512, "uuid": "3e6460d8-d602-4eaf-818f-f7c3cff1a82e", "value": 95100, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596512, "uuid": "81284708-23e5-44b0-9519-92cde8174456", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596512, "uuid": "95c2b35d-5ee0-46bd-b2f0-c3932a759a5d", "value": "SecuriteInfo.com.P2P-Worm.Win32.Vance.14738.12767", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ad26c84-6d7d-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697609431, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697609431, "uuid": "60d0f245-e41b-4ef1-9bdd-adbb20ea94db", "comment": "Malware payload (LummaStealer)", "value": "a91e30bef6f3596cf95af79fe9ceba61", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697609431, "uuid": "cad2ba51-1d21-4f01-937a-e4077b63a207", "comment": "Malware payload (LummaStealer)", "value": "a81ae83073c817b44ac9ed32b37a780cb642851a564517e22f61693378085e32", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697609431, "uuid": "254cf01d-9ce2-4a5e-a6e9-e9f0b774eb38", "comment": "Malware payload (LummaStealer)", "value": "8a77624a90d2c9e4e8226765a092826f40c03501", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697609431, "uuid": "eab92b17-17f8-4142-bf80-aeb5c9c3cfc0", "comment": "Malware payload (LummaStealer)", "value": "871abf6a3b76c42af4278c15545261c87e8dc022b0c66dc576655a5db12922765ad3fad531b781eb4e00bf72d6dc4328", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697609431, "uuid": "3a091c8b-c68f-4da2-ab9c-627b63b05d18", "value": "T13744AF0174E1C472D9B3253209E4DBB9593EB9300BA59AEF67E40FBE4F342C19631A6D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697609431, "uuid": "6cf01167-24c2-449d-9b4e-064531dceec4", "value": "e6c8a6ac2c39bf589d2a9a54b0ca583e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697609431, "uuid": "91b65029-b330-4015-b665-0a4454229341", "value": "6144:KtgDr4TgnCR4ZnvxXnyLQH7WRN3hAO4ATeHnYSTjKK:Kt24cMEnvx3ohuBCK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697609431, "uuid": "408c72a1-a326-4b52-8e06-e4dbf2357b87", "value": 256000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697609431, "uuid": "a182740e-cc33-4494-b1c8-41f2a73b3359", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697609431, "uuid": "c0bb80ad-a175-4b6b-81db-95bc47935f49", "value": "a91e30bef6f3596cf95af79fe9ceba61.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ce278d6-6dd2-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697646076, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646076, "uuid": "82988152-8c5f-48c5-991d-14c802a84e20", "comment": "Malware payload", "value": "344e9762e1477db04edfecaa07cef091", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646076, "uuid": "19356ef9-d563-4b95-a20c-591b4f781c15", "comment": "Malware payload", "value": "a831bdc4cc298ed6563d6b3c1b0124dd4efdb71fc00af3f0a4894c1dd334350f", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646076, "uuid": "fbbc82e8-f426-4400-b3d6-6e9c6f99019d", "comment": "Malware payload", "value": "9bf05dc2b5b1998440e1ce2d179c0640ce0de90b", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646076, "uuid": "b20e41b2-b7ff-4d03-8cce-26d83285a8e0", "comment": "Malware payload", "value": "ceacae83ef3d1071754030d4b11a533db2680a613de5a238722c29b9c9e09975c1d0853fe39c0d9cd26121a27cc095a1", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646076, "uuid": "8af876c0-1176-448c-b14e-66a4d6b0c00a", "value": "T14C05AA9D765072DFC86BC972CEA81C64EA6074BB931F9203901315EDAE4D99BDF180F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646076, "uuid": "d8b21727-e2d9-4ccf-9209-783e9bed6c67", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646076, "uuid": "13186df9-7b14-4aa3-95c0-a92e6fab48cc", "value": "12288:u7JhQO5JDxkiZ4/GKuOWohkHjQJmoGV2Llojd6qFAldNIEmKiB3PcQwjh6OroxiK:u78OJlHKu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697646076, "uuid": "edf1aa2e-2a37-4de7-9712-5c4962756f90", "value": 807424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697646076, "uuid": "2df4709c-a866-4aca-bf6d-9c9275b375f3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646076, "uuid": "c3ce72c0-a080-4dbc-b439-d20de2f40ec1", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ac928d5-6d85-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697613028, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613028, "uuid": "64a767eb-5101-4b43-b9a8-cc13d88c3338", "comment": "Malware payload (Gafgyt)", "value": "45623a44ddb58d53d79bb5700f59666c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613028, "uuid": "477d1d58-ecaf-43f6-a986-a269956258e4", "comment": "Malware payload (Gafgyt)", "value": "a89142c149e4a9dceb04d7839f990a53497c08176b14a3cf561a45c1cc18a956", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613028, "uuid": "a2589d34-5cb3-48c7-a371-582cf799f996", "comment": "Malware payload (Gafgyt)", "value": "4a23d765964ec8045c087a86777d1beb5f29358f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697613028, "uuid": "b9f85918-336d-400a-a5ba-81c3928e24ae", "comment": "Malware payload (Gafgyt)", "value": "397a72ece1e37ec5e8fa3190092e8afc5cf59a4380c6d844bf2108895d4fe6819cb69ef13fbaf9df2a27bc22bde4f3fd", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613028, "uuid": "4146dd6f-61a3-4760-951f-7df7d916e75d", "value": "T143A3B43737270E63C0CA547101EB1331ABB9DE4438B94B97A9917DA83F36E9834593DA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613028, "uuid": "d6a68230-475d-4e1c-a174-b0311351f9a4", "value": "1536:ygZumh7ei2QEjo958vWtmfteLgfzEjzUI8:V7CjoPzRuEo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697613028, "uuid": "a436e219-be53-4513-b382-1861e3cd015a", "value": 102970, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697613028, "uuid": "e5441baf-deb8-407e-a468-8ea8fa301af5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697613028, "uuid": "69cd4773-a46a-4f5e-b7c3-e313a17bbd7a", "value": "45623a44ddb58d53d79bb5700f59666c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b26eaad-6dc3-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697639711, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639711, "uuid": "ea1f93be-1a04-4d26-b17e-a111beb1882b", "comment": "Malware payload (RedLineStealer)", "value": "27ece47f0318ecf3c1e936ef50c8932e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639711, "uuid": "637eadef-dd80-4adf-a6dd-993d578dc659", "comment": "Malware payload (RedLineStealer)", "value": "a8db6bf72fb914dd1b8ae8c9d42fb5e1a9a096fcd573d64fc3e48d05a94074ec", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639711, "uuid": "f4e77886-448e-489a-8b3d-dee68769c00c", "comment": "Malware payload (RedLineStealer)", "value": "00c8dbe98ae24774a7b32e5b9c3c472b8e762f02", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639711, "uuid": "b259df4a-b736-4c30-884c-80756127a9e3", "comment": "Malware payload (RedLineStealer)", "value": "cef5dc94bdf783e63895894a94b560c659ed7b5d44bb21d52155c31b5f7767ae09482a845a11d05d5753eab7252c458e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639711, "uuid": "10856894-7e0b-4569-94d1-32a305084b37", "value": "T15425236377E96021D0F613B02CFA13C71926FC558978CA2B36915B6B6CB19D1E83473B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639711, "uuid": "fbae827f-4aca-49de-a1ed-f84e37b65cc8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639711, "uuid": "0f85206d-22d0-4acd-bdcc-32c90c8bd954", "value": "24576:RywQbD7eFvJ1QNODkCxabQXe3Y45KYTkMtIdoqYP:EwQbD7MANOD9xawQZtIdoV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697639711, "uuid": "0b122288-2427-4928-81d5-38e5ab2b77a0", "value": 1001472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697639711, "uuid": "14da496d-f882-4a82-a604-43cc364acf39", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639711, "uuid": "d7130123-1be9-49e7-97e9-12754fdabac4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b697cb5b-6df0-11ee-8907-42010a9c0042", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1697659111, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697659111, "uuid": "6aa84313-2962-49ae-8c22-28699774bfa9", "comment": "Malware payload (RaccoonStealer)", "value": "48757b220ae3186f5c0df28dfefc5252", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697659111, "uuid": "69725932-c4f2-4fc8-a104-db8b6d15b2a3", "comment": "Malware payload (RaccoonStealer)", "value": "a918be065dd6e34201449b4b480d7efe031c6e1ddd2881595c857c8a7342cb1a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697659111, "uuid": "11a0452b-2caf-4c49-ba36-e9eb6dd0647a", "comment": "Malware payload (RaccoonStealer)", "value": "5a37c4a82d71baf9f249f410e6c36166fa2f9e5b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697659111, "uuid": "e6b0e571-6e3f-4988-8435-aab542ae8296", "comment": "Malware payload (RaccoonStealer)", "value": "33b29f079c70c5dc5f082bb698508d8e05156fe74c00eacf047b659a17acc8d2dc6c8893a4e7586237905f16aa4c914b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697659111, "uuid": "9d7496a6-6774-4a0a-8efe-ba7f6f108353", "value": "T18D24E536E304951CE87E473DB41C38B09F707C52E16ED32E49EA7AED693BB498A144D2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697659111, "uuid": "a9b79ba5-b2eb-4614-99bc-51ff994b4ebf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697659111, "uuid": "2ba5c39c-a826-436e-9b47-812cb28a1d5b", "value": "3072:16+H4/nnNgcpS1moz+2/ZriggggggggggMv1t/q31Vyl/dpaEO8qrqv:E+HMnNgcpgmoC2/f/qk/dQEfqr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697659111, "uuid": "8318e40a-52a0-49b7-9d05-e9a2440cdddb", "value": 227328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697659111, "uuid": "1c4a7a2b-c79e-4221-a9b9-90978596249d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697659111, "uuid": "58e5c4be-6b1c-4bf0-bfc8-be53aec57259", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c4a3a110-6da7-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697627782, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697627782, "uuid": "5a0a5d4c-5590-4dbc-a8f9-36ea70bd6ca3", "comment": "Malware payload (RedLineStealer)", "value": "849f8b9b62271da17c54a63b068642e4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697627782, "uuid": "59547be3-b76a-43bd-b703-465ac2705a84", "comment": "Malware payload (RedLineStealer)", "value": "a9a40fd3245b55b5808a64126947155a51a649dca1d276d79a759d992efda2b6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697627782, "uuid": "68204a4d-c2a8-4a15-8508-10ff5e570a4e", "comment": "Malware payload (RedLineStealer)", "value": "7eabbfebd57be705eea27444798f8f0767eb3b33", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697627782, "uuid": "9ab42f2e-fad8-447f-92b9-28a0b53e5598", "comment": "Malware payload (RedLineStealer)", "value": "bfadefb62411bd8f0e14aad46c8792b3455307b7841fc591417f35a63608804515d5899707addbaf3c2f1ea8e64ab6dd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697627782, "uuid": "6b9b9b7d-b586-453e-ada4-a0033573ed7c", "value": "T11F352323A7D89073CCF933B159B703D71E3E7DA68A254B973780A89B09732909436767", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697627782, "uuid": "8a092ab6-55c8-46b7-81b4-c9cea59ca3a6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697627782, "uuid": "3222e8fb-5531-41ad-942d-c6749603d691", "value": "24576:gyi6ui79XN9L9QfZZP7SqTluWZ0CEmjRzQA3N:ni+79uxt7R5uM0CVzj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697627782, "uuid": "09f3d417-bb2b-40bd-b8b8-37b8681a10d8", "value": 1088512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697627782, "uuid": "37a35602-12e4-4bef-85c1-0b407e4ea24d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697627782, "uuid": "6b3d2741-8204-40f4-8216-a6879a7e6e7e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "47f45da4-6dcb-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697643034, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643034, "uuid": "e3de2158-68a3-4110-a22d-6b98f5f1a0fe", "comment": "Malware payload (Amadey)", "value": "a8b2c23264840a11fb833a462331bc87", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643034, "uuid": "ac678998-5f36-4b1b-b04b-76045054e8cc", "comment": "Malware payload (Amadey)", "value": "aa4f37bc27f10aa89f91020838e70ec98f08746565310ae0444c4732fed82413", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643034, "uuid": "d933d615-9598-40ef-b1ed-75c01a103904", "comment": "Malware payload (Amadey)", "value": "6ca241b4c64702ac79bdc61540e0127622538e11", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643034, "uuid": "ca576667-77d2-4631-abae-455b680baf52", "comment": "Malware payload (Amadey)", "value": "c864efabfc67cb2313ab34f6bbb984bc5de395b1e5490c49ca044f4050353dd5d037989dfd4a26f5429cbe52267be6e7", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643034, "uuid": "9491f452-3917-43d5-8487-0b4e29422ff2", "value": "T1A6B41216B6DC9032D8B56B7058F703D30B3ABC91997993AF3656BD4A1CB26C0A43533B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643034, "uuid": "7a99ffb7-4d47-4186-b0a2-e3836558695e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643034, "uuid": "d9d36158-1e05-48f1-bed3-484cbce0c07c", "value": "12288:YMr+y90BWV2S0K6sgIA/yurC950a8F58P2thVH:GyF2S0KJ2yuC93gVH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697643034, "uuid": "0f291063-7acd-4bae-ab06-510cfe849cc0", "value": 514560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697643034, "uuid": "84f7bfeb-33f4-433d-aa43-01d5f24c7928", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643034, "uuid": "3c2ec82a-ebc2-4188-b6e1-b68c6da8fba8", "value": "a8b2c23264840a11fb833a462331bc87.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90435fef-6d8f-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697617386, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617386, "uuid": "e4a103b2-5827-4db2-92f3-256ecf08e59f", "comment": "Malware payload (RedLineStealer)", "value": "f5cfae9949e8973779c5539603f98512", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617386, "uuid": "3bd6d7ac-46f8-4b34-b3aa-7daed74af07d", "comment": "Malware payload (RedLineStealer)", "value": "aa89427a86b36667ae39bcbd2ef5eb299769ce69057b889c06290e35d39a47a7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617386, "uuid": "f2a3e5e2-a8fe-48e0-8d7a-faba85460f52", "comment": "Malware payload (RedLineStealer)", "value": "7e81a513aadcb61b6b8cd2beca7675c46d91a790", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617386, "uuid": "bc53f44a-74b1-4544-83ae-28bc5e20b51a", "comment": "Malware payload (RedLineStealer)", "value": "7ed3ff2591a322a460d5eb5cc34b20cf45efc12087c778a465509c779e0fbbbe232d15911d41aecad41e007d2cb1e55d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617386, "uuid": "f2eabfce-e662-44a4-b765-a65c082d2ebc", "value": "T198A46C0679534920F559A032C995B635097AD7294E93FCBFA7B06FBE8DB05C2B12C8F0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617386, "uuid": "fe6bf96a-76d7-429c-b095-c354ca0e9781", "value": "e6c8a6ac2c39bf589d2a9a54b0ca583e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617386, "uuid": "a1232b34-bee7-4f24-88ee-cfa43ffe6db5", "value": "12288:F2YwCby3hOkzj3h9t/bhblnkOudK8XpUrbKQD:F2YLAhzDt/9uOudK8XpUrbKQD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697617386, "uuid": "c8882902-c19f-4b34-a79e-7d0fa5a5d90b", "value": 455168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697617386, "uuid": "4ce994cc-ad57-47a1-a5d2-9c252fa97234", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617386, "uuid": "16482ae2-d941-464f-8b82-64a9ec414b6a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5cd5797a-6dd6-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697647794, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647794, "uuid": "022a209a-7d3f-41bb-8776-df5f23f23dae", "comment": "Malware payload", "value": "e8b7458421cf38768cdebe6fcf0bba8f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647794, "uuid": "984fb8cb-d6af-4d61-ab71-c2c3e6b6319b", "comment": "Malware payload", "value": "aad60b8bb85f2f090ed9a2c8b8361c03d2636bb1233b970af46ecc4b3839f386", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647794, "uuid": "15382811-8536-454b-b08b-100bb0ffc39f", "comment": "Malware payload", "value": "51f53884b294b8bde8aa9667af09e1ea2f8c1e72", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647794, "uuid": "d1b411ab-12f4-4572-863e-50b90eb6d3ed", "comment": "Malware payload", "value": "eaeb90acd67f589d90804dd2d319c171805efd79719014af85c58b845034712f48bbc520dae83108dad6b19362b20ec1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647794, "uuid": "611ac376-7dc3-4967-85e8-558e0fd523de", "value": "T12A459D71B402C037E1A111F19A6D6BA611A8BB300BAB4CDBB7C45E3E94F5DC26635F27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647794, "uuid": "b57a8112-4e65-4005-88c2-0df63e1fccbd", "value": "b625b0422748e8ddd8a2e69ebe413b45", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647794, "uuid": "0e9ccbb2-66fe-414a-abf6-7ea5a52ee788", "value": "24576:wA/2o06ZmGfgh07yXgrY0MkNkUYXvSPbijMbhsFDJKkUwTSa4KJPFFbwzFVc+:NJ4GfM3HdWbijMdsFDJKkUwTiK9FFbwx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697647794, "uuid": "2c3d9b1e-2eaa-4631-8bcd-3439f91dfaaa", "value": 1280000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697647794, "uuid": "d72522ef-31dc-4ac1-bc5c-31f6564eb183", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647794, "uuid": "d9740c29-ba3f-49a6-899a-f7357556ff2e", "value": "e8b7458421cf38768cdebe6fcf0bba8f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "016c9d42-6d62-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697597819, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697597819, "uuid": "856f5e65-1c72-4b31-95f1-262169c2ebbc", "comment": "Malware payload (AgentTesla)", "value": "a233302718a5e5f5d9453b851f0a5d36", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697597819, "uuid": "b298ee5e-ad2b-4bec-80a9-8a4125b43a8d", "comment": "Malware payload (AgentTesla)", "value": "aaee3f4165667badd04f160b83f114fc70d251d3589da1abf89ec04194a6cfbf", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697597819, "uuid": "d0b6f2ce-bec7-468c-8bc3-797d185e905b", "comment": "Malware payload (AgentTesla)", "value": "ee7d911eccfc922fe50987621539520f6126ea87", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697597819, "uuid": "b72222a4-2d72-400c-8967-75cd8270408c", "comment": "Malware payload (AgentTesla)", "value": "35b440a754f7c3645bb23aa6025746bd5cf0b172bf3c30aa3229f13b5495e55c91ebf8075cc8e6696052edabd2ff16c3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697597819, "uuid": "17e9a37d-2067-4ac7-9520-bc207aeb0b84", "value": "T15025180977F45909F9BE6B3248714C5963B0E4925923EB0D4FC284AA5F33780CD9BBA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697597819, "uuid": "4302b311-1878-400b-a1b3-571afff98492", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697597819, "uuid": "2499686b-f435-4328-8fb4-97f9b504d041", "value": "3072:3wkdTbUtTbkH+LGP34oeKerVUzeeDXbwa21DH9ua/aHyvZRQd2iQ:3wkxbU1mbwv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697597819, "uuid": "a6cc3c0a-a749-4007-96c1-eadda5472db4", "value": 1000000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697597819, "uuid": "eea433d8-011c-4af1-9955-e0d824f1274e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697597819, "uuid": "d807739c-780c-474f-b633-a3a66625e79a", "value": "zipsetup (2).exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1bdfed1c-6dd5-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697647255, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647255, "uuid": "fedb9552-abd9-4eb9-8e7d-b7d77acec5d6", "comment": "Malware payload (Smoke Loader)", "value": "e188bdd61667e46a01b494855fa022d8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647255, "uuid": "8d1d81fc-ea46-43cc-a0d5-a9614746c9c8", "comment": "Malware payload (Smoke Loader)", "value": "abb917b434598fc7adee1f8b9dd1ad1fbb0524cd72321ec00a141d4c3f63963b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647255, "uuid": "aa02ae17-61b9-4d53-81e2-e6e330dc96ba", "comment": "Malware payload (Smoke Loader)", "value": "b0c25a08d1178ab915afd92db32b83ae81e75a94", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647255, "uuid": "238d607e-b04f-4ea5-8d52-fafad3b5e30f", "comment": "Malware payload (Smoke Loader)", "value": "7148ece8907d8fe26ed0693fd11e3c099df684d9797e4c9e752695cd490f8137270b5ec7089a8673165dd6121c1c9831", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647255, "uuid": "27c29683-8af1-4086-8ec6-4275d0c5d9c4", "value": "T10C34AD0171D3C073D972153609E0E7B95A7EBB700AA39EBF67A40F7E4F30681D621A66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647255, "uuid": "960d9e61-dc97-42a3-b48f-444bd95a2db0", "value": "4f0cdfd3e1be2bc790b5aa9061b7d52c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647255, "uuid": "c424041e-eee4-4822-8d44-48dcfd4149bb", "value": "6144:1mqX4FIRd5DzznuBosiDKl51eAOeSdloSmUVaTi:1jIKd5DPyeIciSmUUTi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697647255, "uuid": "af7e005f-9734-4b9e-b90f-fd73cdc70ad3", "value": 235520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697647255, "uuid": "83c7ae53-d059-40d5-98fc-357f6a8c6fd5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647255, "uuid": "f915f27f-69bb-4548-885c-6a29362bb874", "value": "e188bdd61667e46a01b494855fa022d8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "092bf9c1-6d77-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697606851, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606851, "uuid": "3c26d3d4-ba76-4b7b-b485-7df256a79103", "comment": "Malware payload (Gafgyt)", "value": "d19f27a83b07780fb3758a283dda12ff", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606851, "uuid": "971116db-c128-480b-b881-43469eaf3218", "comment": "Malware payload (Gafgyt)", "value": "ac1988abf99f0bae00c37c78f8ce9db6f1c77494421cc2a9abe86475606adb52", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606851, "uuid": "d538843c-d9b2-4292-9f7d-dc2337da8c19", "comment": "Malware payload (Gafgyt)", "value": "ee6664d6b48670c4c0dc818f99b32907bf05ef22", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606851, "uuid": "78226fe4-d29b-451f-9ad5-bb8d3ee91d3e", "comment": "Malware payload (Gafgyt)", "value": "930b52bee35f7ac60da1eda90bdec0e68167ea3250ff6abd2e881e74a0f30d5e79dd500ef3271904212e91a3524ff9f7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606851, "uuid": "e8e0c1c4-1afd-4087-9b98-e8337e9a6810", "value": "T138B31B93F511D5B6F44AE73308D38B247270FAA14F53152263177BAAAE362D4386BF42", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606851, "uuid": "0425c09e-cc72-4c4a-942c-d7ff80223251", "value": "3072:4wQeqacWucW0JcWcBeNX2WfKIwMI278ORF/qnFU3mzmmHqzTQKHKtW:4wQeqacWucW0JcWcBYmVM978Oay8mmHe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697606851, "uuid": "aa9f14e5-9137-4621-a3c3-0dea1fdc2b83", "value": 109567, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697606851, "uuid": "559a4c07-4c90-416e-9a95-d3dabe56408d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606851, "uuid": "16b097c1-293b-43d2-a9e7-a4399c87c1ed", "value": "d19f27a83b07780fb3758a283dda12ff", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f8d554db-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697596516, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596516, "uuid": "19d082c5-003c-4d24-b71a-7f8aa049c718", "comment": "Malware payload", "value": "20d0e1f7c6b59bce667fdd1a79eb958d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596516, "uuid": "22b66382-2974-4cea-82cd-4c83ab5a78e6", "comment": "Malware payload", "value": "ad4585abb8fa85826fc31dea4abc2513a9ed233387529c42e40f357896dc9a17", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596516, "uuid": "b8f472dd-98c0-49dd-b2d4-bb33297f62c7", "comment": "Malware payload", "value": "2f2946c077c3980e157b4d0dffbd53edbd222059", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596516, "uuid": "50a35aa1-c62e-4782-8591-fc1daa38a9b8", "comment": "Malware payload", "value": "356aa6a56a0a8513ce4b04bf70561469d83701be963c5a479528ab320eb236d175dea9e8416d2462ed1ebbb294df0d6e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596516, "uuid": "85d45be2-bd98-46fc-9d50-61fb5c259585", "value": "T16BE46D32F6A1C437D17357749C1BC1E9A82ABE112D78688A3BE41F0C5F3966139393E6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596516, "uuid": "13c5be54-45f2-474e-8c71-c0110af2dd27", "value": "12288:Zh3uR3q4NaXigbHCNaEMFrg3dTAGWmQFib+iKNy:zgsXigbH5/rCdT5WmQwb+iwy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596516, "uuid": "b7c77073-c876-4f06-8d67-c0ee6e582730", "value": 672768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596516, "uuid": "3d428bfc-ff14-4062-824d-a93be4ccfede", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596516, "uuid": "134774c2-b7bb-4567-b079-54fb52634554", "value": "SecuriteInfo.com.W32.A-62389890.Eldorado.14207.16993", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ea990e1-6dbb-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697636174, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697636174, "uuid": "aa99888e-6d17-4100-933e-56d087fd58c1", "comment": "Malware payload (RedLineStealer)", "value": "443ebfe5300c79fd559324c757aab369", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697636174, "uuid": "72a1a640-b601-4d06-8445-6d4706cc1458", "comment": "Malware payload (RedLineStealer)", "value": "adcc241adbfaa85f052b73bf45e5332d33ccd734456eddcf3111196423434c8f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697636174, "uuid": "7e573367-0f69-4586-9f57-01fabff9eac4", "comment": "Malware payload (RedLineStealer)", "value": "8d2e2fbaaca3537140f276fe4d5b3bf444c60fdd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697636174, "uuid": "eab8cfb5-7761-4d87-ab5b-14dba81d9559", "comment": "Malware payload (RedLineStealer)", "value": "099a7d8e889e09843068a64bbe56071e87446a3946c123a5afc18100d5b73d56f8765a2705b63e4004d4ac275d61d9a8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697636174, "uuid": "833d2b8c-79d5-4aa4-9d81-883a10581169", "value": "T15DC48CC032C64971CE2377B15BAC8A7D6FBA7A6006110CE717A7CD389D70D63EA954AC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697636174, "uuid": "71b1969e-58ce-41f7-86b7-250253538f05", "value": "4f0cdfd3e1be2bc790b5aa9061b7d52c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697636174, "uuid": "b9013387-dbbe-47d9-a39f-5d94f9818037", "value": "12288:HWStITaxODYdhtBI5iapJOcpfRPH3nxjy:HdtbOMPuiapJOmfRPH3t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697636174, "uuid": "07cda2e7-8f3c-470b-ad5d-9ef832aaf39b", "value": 556032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697636174, "uuid": "7ecd1c90-7b03-48b7-b45c-b4c1fd91d11e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697636174, "uuid": "d8effabd-b797-492b-91f4-b81e5dd9d937", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "335f411e-6dcb-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697643000, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643000, "uuid": "dec2609c-f6c8-4e04-8737-c65bca72db92", "comment": "Malware payload (AgentTesla)", "value": "c9957168d370ff036e0c72e32b3f49c8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643000, "uuid": "d0924e8d-e29c-4713-9f9c-656ca44013b9", "comment": "Malware payload (AgentTesla)", "value": "aec5d1b5fa3a905ce36b592492e8a51bfa68503f774724b0f936151f138016fb", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643000, "uuid": "34537532-0253-45f0-b4e7-6a0478d6aba4", "comment": "Malware payload (AgentTesla)", "value": "4112ea71f673090036871d3ab57a67ddc62f83d5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643000, "uuid": "143fcdc8-a0b3-496a-b226-5c666cce1866", "comment": "Malware payload (AgentTesla)", "value": "a298881678202628386dd38ac1d07478e825f20eb97a23690d7776852d2c45d37c2eda55fd40500ea71485efce3676db", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643000, "uuid": "81dce4a5-66e7-4750-a78c-7b316e55dbb2", "value": "T19615AC2A2A00D8D3E25C0DFE509C51B7C362DF352821F9D92C8179EAE5B6B447E4E4B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643000, "uuid": "24f5c136-ee56-4dc9-8b51-25f9128dcd9c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643000, "uuid": "ad3b0897-2224-4ebf-82b7-410b42ccc983", "value": "24576:bqGtyT2IyUrb0ZmSmUo9v7IFoKVzvlOE1D6Vf:7MzrbJjKFHzv4AD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697643000, "uuid": "98eda1fd-e8b0-4174-bd8c-fefb06ae33a8", "value": 900096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697643000, "uuid": "9effb8c5-6f9d-44ba-85d7-ace6272e3ab3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643000, "uuid": "40058c4c-e2e4-4ebc-9d51-2f05f646c9c6", "value": "Remiitance copy.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f43ac55-6da5-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697626779, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697626779, "uuid": "33ba5676-d147-4e35-a8d4-7fac85626d5a", "comment": "Malware payload (RedLineStealer)", "value": "76025f3b7df4df5933c0f0ea9cb7cadf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697626779, "uuid": "7ea68cb4-969b-4dd8-bf8d-94242a8e721e", "comment": "Malware payload (RedLineStealer)", "value": "af0e35ee6f95dcb0c2ff9656b4d82127a72711ffff0147caaef04687d9e41570", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697626779, "uuid": "d7873a12-52f2-41f7-97be-ae001e5a70da", "comment": "Malware payload (RedLineStealer)", "value": "4cde261ffa7eb0f9cab124f98dfc90fcf93185cf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697626779, "uuid": "1bec6167-c826-4705-9be6-e079de285384", "comment": "Malware payload (RedLineStealer)", "value": "ca37d4a3dadfe4b96b0fa5b8806272d44a3db8815120af12b2fdfdab603226f3fc22c768ae76c4c9748bc154ca8c2d08", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697626779, "uuid": "297416cb-e8c5-451a-8d65-60c4b1aa9899", "value": "T1EA945C00B9B54872D3EA793A47D32DE4A7A9B4108ED36E9F13652D8D8FB91F2DB50340", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697626779, "uuid": "a993cd40-b072-4735-aac4-7ce451d884cf", "value": "4f0cdfd3e1be2bc790b5aa9061b7d52c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697626779, "uuid": "b4995928-2c12-457e-9afd-e39080ffb493", "value": "6144:qXPmJQTPOhvYjV7KvUxo8GbxAOZRNsscrdideGEsKR24RDpoe09dljy:qfhTOJYNmtZWdid+24roe097jy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697626779, "uuid": "544c4c7d-00ec-43c2-90ef-cad38bb2638e", "value": 434176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697626779, "uuid": "a6a4d907-3761-4636-8b11-494d8c8973fa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697626779, "uuid": "ddf0d2df-2be3-43a4-bcb0-407d39e60745", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3942d490-6df0-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697658901, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697658901, "uuid": "322735da-4c3b-4d81-8cab-ac6bd230423c", "comment": "Malware payload (AgentTesla)", "value": "ce578f72d60fb2805408619113cb008a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697658901, "uuid": "7caa3afc-a8ca-4036-ad86-410a88b4ca88", "comment": "Malware payload (AgentTesla)", "value": "b04c9bbf157d580b17f509bec67ae177846a03ddcb525bb06a08cc71d2af4192", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697658901, "uuid": "3a9a9405-7dc7-4e3f-9865-5195f14255e6", "comment": "Malware payload (AgentTesla)", "value": "5ae1557fe584ac776d51467f94286e63fffc5911", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697658901, "uuid": "d81e04c6-5d11-403d-924d-2e9026a45c37", "comment": "Malware payload (AgentTesla)", "value": "d4637c90b4d7465838280a855787c8e4e5b58f54381176810405fd3d01a991c6487ee47e05c7bc1f91d14fc8487d219f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697658901, "uuid": "97c523f9-2d98-4b46-aae8-3be13bbf7c4e", "value": "T160C4231A8E66F39B0D255773BDADDD2D0242B8D681F095FE3563FF0C92588A2624C782", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697658901, "uuid": "fe4fa209-d7c5-4a06-ad14-44cb50700ec0", "value": "12288:c0LlwFHMJeS485S6fEm6YR28oDuqCA4VNONTy3z8pfaxdnCyIUK:c0LuM7R5XsVM2PDx74VkNTSUwCyDK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697658901, "uuid": "2e1a19e1-575e-440d-9c96-5e47c04d82a2", "value": 571925, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697658901, "uuid": "74630631-d178-4085-a53f-65ada0d9f14b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697658901, "uuid": "2e5b2d1b-df1b-4d5e-ac2f-ed0b6477f23f", "value": "NEW PO.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "294b4449-6dd5-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697647278, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647278, "uuid": "3e3867e7-6079-425c-bbd9-0865f528446f", "comment": "Malware payload", "value": "a6a0f7c173094f8dafef996157751ecf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "test", "colour": "#E8E8B4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647278, "uuid": "45ccee9d-396e-44f1-900e-854f43e38fd7", "comment": "Malware payload", "value": "b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "test", "colour": "#E8E8B4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647278, "uuid": "b6414b40-b8ef-46b5-bc4c-bb87b8627af9", "comment": "Malware payload", "value": "c0dcae7c4c80be25661d22400466b4ea074fc580", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "test", "colour": "#E8E8B4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647278, "uuid": "3809f4d0-995a-4cb3-af70-20ccbed37c80", "comment": "Malware payload", "value": "4098aa72c987d31901185e7dee30aa2d23c4a0739e6e7ef87d84dd073f1023895b4b9fca6bd79e7d7e832b273556fc0e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "test", "colour": "#E8E8B4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647278, "uuid": "0680640e-8da3-4e54-b009-b9291c23c85b", "value": "T16C7533B3F3B2C15AEAED633F310A135B51763F95D208CE191E54464FA3399B09B68193", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647278, "uuid": "9bb5d7e9-548f-4802-bd0c-54975ecfadef", "value": "54d407b03a79a4ace00748773fedfc2e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647278, "uuid": "38f5ebac-f029-478e-a32a-ecd74c4080c3", "value": "24576:mGIyixBMj+/A2d+UKnvT+LwZWj7iDDVVYrz0rbzGTw3DoA/sk6smE:mGbj+/BpKnvyIxVV/XDoAfmE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697647278, "uuid": "62163400-4c51-4866-bafa-c2ca40bdaa7a", "value": 1575742, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697647278, "uuid": "bb0084e8-418e-40f5-b697-de591177190f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647278, "uuid": "6596a60a-46d7-45be-95a5-a043bb4c38ac", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "10ef7651-6dc5-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697640365, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640365, "uuid": "e26ba4b6-afda-44ac-a5f2-eb67abd2cfc5", "comment": "Malware payload (Amadey)", "value": "02be1ef3d5098d3a38c192618b93b7a2", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640365, "uuid": "14e485f5-69d8-4c4a-b2be-efa8833c582d", "comment": "Malware payload (Amadey)", "value": "b18169717fa9adab4879ec4040c3e1c0f55f51724385ab61d4a8a739d43e8705", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640365, "uuid": "b0456d80-da70-414d-8510-7198e13aab6e", "comment": "Malware payload (Amadey)", "value": "d0923bc86863430ca33d48233e14d2b1fce12670", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697640365, "uuid": "ec56c996-8734-4d43-8a5d-a8cea2d83b97", "comment": "Malware payload (Amadey)", "value": "15962c98c6de1f7835e0154e5b0687275eeae2391acf4efc1852764188d3fe0f0509ef07a56a6d4464c5dedce2f9b436", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640365, "uuid": "3bbdac61-98a7-42ee-81ba-d58c1a6acd14", "value": "T140252346EDEA8223ECB967702CFB12C31A72BCA55964C32637865A5F1C72EC0647531F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640365, "uuid": "8d29e279-8664-43db-809d-5bc40812c0a7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640365, "uuid": "bbd553ca-8084-4c47-909a-c1cd6f907712", "value": "12288:FMrmy90Hj+P7+jSBqJUGSo/mN8aIuKmdFuPPmt89hJiZXbKCFZQ4NVTb/tnGk+74:Xywj+iGB8SrICQeuoZX+KQYV1/+7vDc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697640365, "uuid": "87c1e012-cdad-4764-921d-e4ee1aaa6055", "value": 1010688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697640365, "uuid": "1398848d-4a6c-453c-adcf-9f12cdde3b34", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697640365, "uuid": "6aad030d-1765-416f-ab50-ae79229d3af8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d54a2dbe-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697645419, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645419, "uuid": "150c80a8-b9cb-4895-80a1-03525c0c6950", "comment": "Malware payload", "value": "3a81c93011b17e57523c2e5306e25e5f", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645419, "uuid": "244cfd43-50a5-4fd0-aa91-98d79f227640", "comment": "Malware payload", "value": "b27cc297a6b4bc3f3374fc9c6b3ee6052bbeda20695a4dd8f12c16e7faaeb3c2", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645419, "uuid": "80b00743-0538-4798-a379-c760b0bd6b2a", "comment": "Malware payload", "value": "3e113a4bb652b59ec7049b8218a233163d1d9eec", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645419, "uuid": "28f63dd2-7575-452b-a92b-45bbf2caafb1", "comment": "Malware payload", "value": "ebe8dcc47034bff41fff14520585790136e489f8cf9a7bd5e6de172a48b59b8585cdd825675eda8562fb3da5ab8b624a", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645419, "uuid": "694722c1-dfa3-4a82-bacf-0dfedd42f28a", "value": "T161E423DC243397F28047D1BA0830BAFBA18739A355D7B2BA2506FFC026D6D9079A5177", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645419, "uuid": "0df90654-e432-43d5-b164-9234a14b12a2", "value": "12288:d9su2EpUWYqsQkYPRFlzPfqwV7NfWIt8vU9WRLwTPSCXPz5RFx+jVEcNCNaPe5GR:dmu2E2WYqsQkYVfqq+soRIzfL3JnK4qr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645419, "uuid": "5d695c7d-eac5-4cae-a190-eb8bd875e608", "value": 696264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645419, "uuid": "88bdd1e5-33fe-4110-b142-8d211b13f772", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645419, "uuid": "2a7243ef-e034-4d3f-9ebd-762925ece860", "value": "dhl00893098008.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dc02eaf1-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697645430, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645430, "uuid": "335dfa68-3b48-4b43-b254-e3685072faa1", "comment": "Malware payload (LummaStealer)", "value": "a20a0dafbf1910c86659839dd1e2acb5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645430, "uuid": "1b4a620a-9ea5-47e0-8f06-8570238b6c64", "comment": "Malware payload (LummaStealer)", "value": "b429be12ba7b778ba6c1d4ec76e54d8fbe0d4add2d8fb1690e122d02f775c6cb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645430, "uuid": "2b78701b-9840-4556-9a3c-8f67388a34f9", "comment": "Malware payload (LummaStealer)", "value": "152ba7e2f83782605d0d6502291a5950c6be047f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645430, "uuid": "30ce0536-1ad2-4e3d-a393-d57d0c13745d", "comment": "Malware payload (LummaStealer)", "value": "76ea1e1d0f9608cbf0e961765de9bda1b3e92c15728a890564791f80c1d54c80c1d90ff2df9cec6ab6045d70f50de376", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645430, "uuid": "1aae22b6-5d0f-4bf4-ae2b-aedd6bc0bda2", "value": "T1F134BF0176C1C473D972153609E0EBB59A3EBD700EA29EAF67E40F7E4F302C1D625A66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645430, "uuid": "130f188a-fbca-4031-8923-03be7786a8aa", "value": "4f0cdfd3e1be2bc790b5aa9061b7d52c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645430, "uuid": "d6e2b163-dd14-4653-9c22-01fd89187933", "value": "6144:Wm9X4FIRd5DzznuBosiDKl51eAOhqdlYHsKaTi:W6IKd5DPyenkYM/Ti", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645430, "uuid": "fae9680a-3318-4e61-a26f-c60f30b34f01", "value": 235520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645430, "uuid": "fd93c244-2a6b-48d1-bf3e-5a8a2dd44e91", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645430, "uuid": "ff455299-095d-4617-98da-ab0e3c600234", "value": "a20a0dafbf1910c86659839dd1e2acb5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60c768b2-6d64-11ee-8907-42010a9c0042", "comment": "Malware payload (IRATA)", "timestamp": 1697598838, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598838, "uuid": "44489b9e-3ab5-42c3-8b04-feb292a06644", "comment": "Malware payload (IRATA)", "value": "ce1b9015e5d9dadeb2d69625108233de", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598838, "uuid": "a7f99831-3a49-4273-aef5-7bc32f015af4", "comment": "Malware payload (IRATA)", "value": "b47b9da0c4cae61ba00501e20c26fcac0b3df0bc106376750a37a849fc22d8e7", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598838, "uuid": "c0db2f2c-7328-487e-afeb-070350e6db1b", "comment": "Malware payload (IRATA)", "value": "70cbc01ac83b343a42780a2fdcaeaf4d34f912ea", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598838, "uuid": "dabceb0f-ec76-48ce-9c2e-1d3055b78c74", "comment": "Malware payload (IRATA)", "value": "425ffa2caef3b90914b9cdb6e77e27077e2f9b6cf25cfd1e24054df20b06ebfb28c0d7fdb0275434790c3b5dcc8cf826", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598838, "uuid": "fd888b78-f918-42f2-ab57-9f442995c887", "value": "T1D8851213F27AA927C832C03224591B3661175D18CA46F74A368977FE78FBDD84BC26D8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598838, "uuid": "882e9c93-27aa-4e0e-a750-b1ed2241d4c8", "value": "49152:psFkk6EXLTIyj8xumYcaBDnXVJzu5xxUR61WOu2HT:AkkBXfIlumCb/CJURK7uS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697598838, "uuid": "cfc732d1-45cc-43e0-aed6-62aa043bef3c", "value": 1776693, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697598838, "uuid": "062b98b1-df41-4b78-92d6-df33cccd5484", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598838, "uuid": "601eae23-1902-48e9-9648-88305fc0d73b", "value": "saham1.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c2717a58-6d62-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697598143, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598143, "uuid": "5e473a49-604d-4360-81a1-b96bece63281", "comment": "Malware payload (Gafgyt)", "value": "11e0ad942dc1933cd3a8575c0c993d0f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598143, "uuid": "c4be88a6-c112-466f-b308-5173de946b25", "comment": "Malware payload (Gafgyt)", "value": "b4c80950f2667da933da0d7b02bcdf579505e1a1be58fd51719fd87b78a01a0d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598143, "uuid": "7fb0b5ff-6fce-4721-859e-db2ad1b331d5", "comment": "Malware payload (Gafgyt)", "value": "5825a079c7c1aec354596062b7488c91651e432b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598143, "uuid": "1e3137f4-1608-4942-aacd-e22f3f2f658a", "comment": "Malware payload (Gafgyt)", "value": "3f9e820720c766d54d88262b9a246fdda063c8d98cbe372524ce3834befbcdb35958a6885ebd823b2981cbe2b1d58e6c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598143, "uuid": "53d74227-e11d-4934-852a-93df0e559833", "value": "T1CC934C43A8654FB3C0825AB1256B5A304757E8D20F4F1B96713DAAF4474B9CEB80EFA0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598143, "uuid": "0c53d43d-6572-48bc-b952-3cacd37e8d18", "value": "1536:86fb6NtiK2XBYUwvIXlm1dCr5hxdddddv7HOhuAim/j10PILDLf3Ij:vfEtF2jwv7dK5hXmimb10PIvLf3Ij", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697598143, "uuid": "0066e944-5354-4bc8-83f0-4d4acd167123", "value": 89836, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697598143, "uuid": "c9f8051e-6d02-41bd-88e4-9595a8025a34", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598143, "uuid": "8a51f004-0447-452c-afe0-52290d74090a", "value": "11e0ad942dc1933cd3a8575c0c993d0f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1154196e-6e11-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697673007, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697673007, "uuid": "a4bb50f0-4220-4e3d-9bcf-ae7b6c055b2f", "comment": "Malware payload (Mirai)", "value": "b74e5dcd45f1c0e8bb309ec4af61290f", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697673007, "uuid": "55194b5d-54e5-46b7-8242-8c08c7c2397d", "comment": "Malware payload (Mirai)", "value": "b4eca09ba7e73671cd46eb44570dc55e868aee807e3f5ec51fd90da00087784b", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697673007, "uuid": "288c9f95-04c8-4d0e-a987-fcea1d7d1548", "comment": "Malware payload (Mirai)", "value": "c234d1658371f2801c8143777a72363c250028a3", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697673007, "uuid": "2e986716-2375-4ce1-a889-0194bb16f116", "comment": "Malware payload (Mirai)", "value": "812c159acd4eecb1b7349fde9df77aece86ccce79c4c4bccca29d3dadda3e62907fe20937ab2a1bfc78f005ac74a3416", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697673007, "uuid": "d9e3d575-0666-4b5c-b310-38a49ffe96ce", "value": "T1A0A2E01472A32D96E3ED1C3DC9AE8357B9A717FC90F5327679016620C94D20A3E39A4A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697673007, "uuid": "a3d6b7bc-45f5-4d3c-9133-c6a4255d3688", "value": "384:vvtIoZxrSniaXs+qx+bwqPX+VOcFd5fHq52lxjs3ioQhymdGUop5h2:vvQn4j+ZO5fKAlxA3Qs3Uozk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697673007, "uuid": "b028d23c-922a-4116-b3a2-bfd978367ff3", "value": 22160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697673007, "uuid": "2c7d9827-c5bd-4015-9116-1be464223a30", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697673007, "uuid": "b732f55d-93bd-4342-9ab5-dae10712a036", "value": "boatnet.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5e922ac1-6da2-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697625463, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697625463, "uuid": "e77aa2c4-fb00-4d45-ba98-5d3e254bb14e", "comment": "Malware payload (Amadey)", "value": "0461ce1fcd8ee747119ca5a249b2673a", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697625463, "uuid": "a319f6d3-9d0d-417d-b2c2-1e66d1943402", "comment": "Malware payload (Amadey)", "value": "b66172e4f6915c594d2cb29934b0420a08abe544349b4813f15710a6a01140e5", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697625463, "uuid": "509ceb01-13ac-4b22-a03b-395549a651db", "comment": "Malware payload (Amadey)", "value": "acb11c63ba0aa130ca55153fdc4963f4a138f4fb", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697625463, "uuid": "0c7bcedb-7140-49e8-8bc8-7f9f31d5c074", "comment": "Malware payload (Amadey)", "value": "480ccca1adf8d2b0816b43b9f32b6fb07970a3eb1601b4df576b379bb992ee43cd638aa829a5021aa63cbbf6bef72fe5", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697625463, "uuid": "b03c5edc-ef23-47ee-b7a9-1cb06cf13c14", "value": "T1C3352343ABEC6427E9F123B05CF307530E3ABD56483A4B771665D90A58B0684F5B23AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697625463, "uuid": "c7b9ed87-9f7e-4faa-afcb-e1b56ffd4d62", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697625463, "uuid": "64a77b30-4d62-4265-81e5-4f65554691d3", "value": "24576:By7Bs9rV1tUbA4V0TGPzxHc2wF6+l0CoaicE:07Bw1SbAOqIzBdwReC3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697625463, "uuid": "fdea6298-d4d3-45dd-a145-cfb116fd2fc4", "value": 1089024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697625463, "uuid": "02510d30-5b2b-40eb-9534-4858d396c4ae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697625463, "uuid": "cd8242bc-ddb0-4cce-a57a-60db4ec9cb8f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07631704-6d99-11ee-8907-42010a9c0042", "comment": "Malware payload (Vidar)", "timestamp": 1697621451, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621451, "uuid": "fb56c6b6-d367-4e44-b828-c4242d8cce78", "comment": "Malware payload (Vidar)", "value": "6e781cf49af81b961d0ab465210a35f8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621451, "uuid": "5720fc5c-3363-4baa-9904-b4dba00706bd", "comment": "Malware payload (Vidar)", "value": "b7980abb0fbb1e27c9dfd24f2d36891986e3325b2596fff09baa3904830eac0c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621451, "uuid": "348e2ed5-e454-4298-990a-d1bd425406b5", "comment": "Malware payload (Vidar)", "value": "f28d8fd00a4729e184bdf0806a570e5eb9641b8a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621451, "uuid": "717cc582-b798-4f59-ac98-941851756f8f", "comment": "Malware payload (Vidar)", "value": "c652689f79cc2d9f7beb8fb9a5793b8154c8b4c96780d501c862ea51b64e6c17da70154f209e764df766cd554e94b79c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621451, "uuid": "01e344d1-61f2-4a49-888d-c76f0d1bd5dd", "value": "T14B3533E748BED330F6CC5832090184D2AB9775A9CC601DE46176B95ACF3ED3ED9049AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621451, "uuid": "cabc902c-2a3f-42e7-88a6-7202ad45cffb", "value": "9d73eabc1296af162ac6ff5d06072544", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621451, "uuid": "d5be1500-ac4c-4692-827a-adb33b085002", "value": "24576:nlP+gGRPlVlmClblzNj9ZmT5/Za866njeXTJbrn0fatsse:lP+bxlVzlZNjvG/IjlrsQxe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697621451, "uuid": "b86bb54e-f098-4dc1-8eff-a395cfeb0d15", "value": 1148640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697621451, "uuid": "5c1395d5-871d-4bed-ba1c-ce494ab1f8fb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621451, "uuid": "5548aeb4-ec07-48d7-a2a5-98203f8dd83d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb26e4bc-6dce-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1697644597, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644597, "uuid": "c1f54a8b-1334-4956-ae13-1907972811ba", "comment": "Malware payload (Stealc)", "value": "8aecab35e6dc29179150b76203ebfdc8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644597, "uuid": "71650594-d435-4f43-9bda-5c5e9ba1248f", "comment": "Malware payload (Stealc)", "value": "b7c2a49c3abf99089b9012f68371a84068bff32d123d28a126f8f75a4a987b5c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644597, "uuid": "ac1d7dfd-94a4-4a03-9733-3f530ee85141", "comment": "Malware payload (Stealc)", "value": "4a834ca856af99863001e349556c73dc95bbc4dd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644597, "uuid": "0c12cff9-9267-4a96-a412-f56c5632e55d", "comment": "Malware payload (Stealc)", "value": "a57d38ff28ad39c9f8955097fa69f32d7f32d9dd22199a25e8c2c621c5577cdd325c7086187ab51b6d7a1fc1d51702b5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644597, "uuid": "1c5bfe8f-a034-4f79-85d4-c0506a0a7e4b", "value": "T1AD64AE6FBCFD88E0F85B09360429FDF814ACE5BE0A645F6B47D011D32E1939162635AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644597, "uuid": "bb794bb6-15be-4536-a8b3-6ebe4ba81ee4", "value": "993e953762ca135b10079a743060f9c7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644597, "uuid": "f9fb702f-cf38-402a-bbc3-9ceaef5ddbfc", "value": "6144:pyGBQ8dH+Vv/pfxiA48mUYk6TDOVUeWZCVmkuy2KWAz3bGWxPhftZ:pyGBQ8dH+Vv/A1A6TDOVc5k8uzLZhftZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644597, "uuid": "b4223ca3-9da6-4773-b46b-7143ab363fa4", "value": 319488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644597, "uuid": "385fb517-2421-45fd-8d35-3a92cca87439", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644597, "uuid": "35c3816c-f91f-4c89-80cb-ff59c1bd2f1b", "value": "8aecab35e6dc29179150b76203ebfdc8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98894a60-6e06-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697668510, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697668510, "uuid": "11d11ae5-d28d-477c-a761-67f0a41094aa", "comment": "Malware payload (AgentTesla)", "value": "9ffadfed8c84ef64a24659860e5fffd1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697668510, "uuid": "a6d518ea-d882-4b29-9a9a-061d0dacca45", "comment": "Malware payload (AgentTesla)", "value": "b8b3c1fc69a66c4b0f1da90ca2968b465880241ddd81dd641217fc706d72194d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697668510, "uuid": "fa9b86f5-1810-45c5-80c7-78042104c076", "comment": "Malware payload (AgentTesla)", "value": "64960a5178a83b2fe6090a63e45a6b04587fcd6e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697668510, "uuid": "f57a33bb-d9ea-438a-ac5e-1518af5e66d1", "comment": "Malware payload (AgentTesla)", "value": "d876c4a69fcc16ccddbc0340c136962120015cf3da99adb0505c3ae2458f791f9ddf7f0dac761cd2c229248fb4265705", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697668510, "uuid": "ed22c024-27ab-4490-9584-21280ba1d08e", "value": "T12A154C3D19BD223BC1A5C6B9CFE5C827F004D86F3421AD6598D7A7A64353A8635C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697668510, "uuid": "e662aede-7632-469b-8b3d-a869fad74ebb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697668510, "uuid": "ed996e45-80b6-40dd-b0e5-c2b120c9d6e8", "value": "12288:1/BjRyFp60OLROY3pHKDExEepFDw6xc2vxmOwvx9Af4COuzg:fjRolI1KYrpF06rxmOc9Af4z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697668510, "uuid": "f41bc242-e111-4094-8e24-4b43a21a8149", "value": 921600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697668510, "uuid": "eaf5a74d-73df-424d-bf9c-9ffd5970a77a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697668510, "uuid": "db421e6a-1c28-4f7c-84a8-b9e1f182710f", "value": "SecuriteInfo.com.Trojan.DownLoaderNET.710.3015.14409", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c49af273-6dd1-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697645820, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645820, "uuid": "f4f29c46-db48-4dc3-bfc2-70b20fa6321e", "comment": "Malware payload (RedLineStealer)", "value": "2a0153a8bfe4e639d52e2fc38ef07865", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645820, "uuid": "5cadca48-735b-4e8a-aa21-e76efb01ecf3", "comment": "Malware payload (RedLineStealer)", "value": "b8bf36d283278b94e53ba6b660dee1debbcf9f5628ee5b5ab46f789a414b6863", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645820, "uuid": "b08d7b33-0d18-48ec-914c-3457957d9b0a", "comment": "Malware payload (RedLineStealer)", "value": "ecb45aaca5f2d7dea0acdb2fe46f4ff94de3d53d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645820, "uuid": "4be9e910-e3a4-491c-9bfd-6e4ad962a1c8", "comment": "Malware payload (RedLineStealer)", "value": "50c9a3075d8b4e556b641256a0bc34c53e7322015c68acffe4c077518b7f4a409ef58dc35a9f90d43ffc7fb36a638469", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645820, "uuid": "23f8562c-9477-44a9-9976-b6a5b56f2574", "value": "T1D5152266EBF641A3ECF5177104F713D32637BDA24934A32EAA01AB5B0832B855531327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645820, "uuid": "e0b45dea-a9ce-41dc-9c50-86bb28a9f9ab", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645820, "uuid": "37942b6a-ea49-4dd7-a83e-10647102dca0", "value": "24576:LyomiGpU+PI8FUdItzdcj6jjMabqyNJIcApg5H9zVMw:+riGpUX8FUdItzqEjMaDNzApgphVM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645820, "uuid": "93fd8d75-1543-4166-8418-4ad2b1f2be59", "value": 892416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645820, "uuid": "cae95097-e9f3-42fe-947c-5fdcf459c1f1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645820, "uuid": "8f83cc3c-f5cb-46de-8abc-651b82a9dd41", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "02a1d53a-6dc3-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697639482, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639482, "uuid": "001f900b-fb78-44b5-9fa8-d73c12e65542", "comment": "Malware payload (AgentTesla)", "value": "f2cfaed0fa20a451dbf999e913a84ac3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639482, "uuid": "ba554eda-6569-4e23-b5cf-def3575f82db", "comment": "Malware payload (AgentTesla)", "value": "b97373a2cf56a7e34552242194ca53f1afdc4283eadc6b028353d7a546d7fc11", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639482, "uuid": "d1849005-0721-46ee-b8c0-7a67f78e6445", "comment": "Malware payload (AgentTesla)", "value": "174b95ea8c0c37b715bf0cd6465a40b9aba7d03e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639482, "uuid": "a1f82f96-d0cb-4f58-8a7b-d59308e05099", "comment": "Malware payload (AgentTesla)", "value": "d87d4d0bf85167dd683432047ba680c7f65bd989443686f06d3dd5cd5e0d482f424e68d4f6f17a8b484c88ffcb4c34ca", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639482, "uuid": "213f2437-6b7b-428a-95c3-93d80c980bd3", "value": "T1CD257E3D19BD223BC1A9C2B9CFE5C827F004996F3412AD6598D797A64347A8735C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639482, "uuid": "649dd37e-871b-4f1e-bf95-b54b11d30ebc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639482, "uuid": "3c2943de-8bd8-426b-9093-d699a02ae98a", "value": "12288:45jdJKJ+IoHQ4svQlyGYtBSrPMwRfNFawrJO3X4j2gozrd1B:YxIv5oniB5uFgIcMofdb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697639482, "uuid": "712e1525-c97e-44cf-8782-2403183b4cd5", "value": 998912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697639482, "uuid": "00df12ef-707a-445e-995a-48a37d57b3ab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639482, "uuid": "519e1fc1-69bb-478a-a203-010fd7249cbc", "value": "SecuriteInfo.com.Trojan.DownLoaderNET.710.14524.21295", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "10bf7f2a-6ddb-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697649814, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649814, "uuid": "a166dec0-33d8-4444-863b-29f4ff910007", "comment": "Malware payload (Mirai)", "value": "6ee794abf40b2482de5f9c0dea6b3800", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649814, "uuid": "e0e5ea5e-c512-461a-aaad-373cb9830b8d", "comment": "Malware payload (Mirai)", "value": "ba0ceb5eec3cb0615848c412074032b3bac27e0ed3d17cea8f90036b13d520b7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649814, "uuid": "ca62e05e-b00f-423e-919d-2e3caff35e1d", "comment": "Malware payload (Mirai)", "value": "0ec49d64b591e989d305cc16ce85d5d48ff8512a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649814, "uuid": "24e1e3a2-1870-4736-bdb4-28e160951c08", "comment": "Malware payload (Mirai)", "value": "1610a6a84df2d1ad22cc9bfa994c861e679e47e43dca73f449fdeb8b2595342972ecbfba6dbe1a2bf8bab2c03906d8d3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649814, "uuid": "87e7e716-fa89-4fae-bd4d-f61f29c705a1", "value": "T11CB2D0B48B945706C1B0B835A378CFA25A3B16E0D5F639362710D2BD9A9149633FCBC7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649814, "uuid": "8285ac3e-6058-4051-bcd0-bd714e99b2cf", "value": "384:4C9KXlJIDFUS0Mggks3aIrokYVDoDDRRKj55N7LB9U+Bht9eDhymdGUop5hu7R:4C9KQFH0rs3zWoDDRsjt7LB9U+BheDsg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697649814, "uuid": "4da376e5-31a0-4981-8e76-1f4f3cba9356", "value": 24536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697649814, "uuid": "9e5180df-4ef7-4430-9ab8-6d6fd255f453", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649814, "uuid": "bbb633ed-7974-47ad-8961-16736c71ec82", "value": "6ee794abf40b2482de5f9c0dea6b3800", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0c3ca1a-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697645411, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645411, "uuid": "a7a1004b-ede8-475d-8e80-872c7a4d6738", "comment": "Malware payload (AgentTesla)", "value": "ef16ba28035b57054f97bfeff17ad1bb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645411, "uuid": "57e097c5-3751-4828-9222-4842262fd8c8", "comment": "Malware payload (AgentTesla)", "value": "bb3b7c5bac9c95d161ae230b3ac2012f09ef594b93abe8510e9b995bcf53f688", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645411, "uuid": "b10bae53-2473-4140-88ab-543c6ffa1ade", "comment": "Malware payload (AgentTesla)", "value": "e179406541dd69adb937d845b57dea67beb1fe51", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645411, "uuid": "d8984c35-78fa-470d-87c6-2d829b682c89", "comment": "Malware payload (AgentTesla)", "value": "794df8ef7916a0ff91d5b00f8dfe11553164c26f47cbb6486f6112e21c4f569c6047f13f7e545f91a08b4d4371348058", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645411, "uuid": "f16962ee-b5f3-4d5e-896a-fb1d34af0db4", "value": "T1C8F4233CD614D0A7BFADE139A55E6760DC67D508A6CB2C2DAE6449490E7CCE92CE030E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645411, "uuid": "fe0398ca-293f-4d59-93b5-c604709d98d4", "value": "12288:RcnWb2j96VKtejBx5vJf2GLk1vosmzLB+e8v79GuMCHAOGSU8qDRzNQl:aT9sPjBroGmvosmzV58TnH9UvDRe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645411, "uuid": "ed3aca25-f0e1-4d47-9001-9b8377f854d1", "value": 723688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645411, "uuid": "020a6239-c98b-499b-a762-fb232eef788d", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645411, "uuid": "461e2740-8145-431a-8506-b89668273dfb", "value": "Travel Plan_Tanzania 2024.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b04be97-6df5-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697661025, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697661025, "uuid": "708b03cd-0836-45c8-8f6d-d3c494a26816", "comment": "Malware payload (Mirai)", "value": "ed195450ab2e6589b262307c012977af", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697661025, "uuid": "425a8678-41d5-432f-b571-64767d63d155", "comment": "Malware payload (Mirai)", "value": "bbfa2fbcee551cef931fcc75b468a67db150f25c50eefdd41bd9b8f170089cb1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697661025, "uuid": "6d0ad4f4-9592-44cb-88f4-bab8d3ef0626", "comment": "Malware payload (Mirai)", "value": "313a950054d897f1a226f722effef8c40e542954", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697661025, "uuid": "11dd898e-0f07-491d-a1f7-bf17f4f874ea", "comment": "Malware payload (Mirai)", "value": "7f85d8e64e6ee284f8f187cbc65168b31d210bef5aeece4e2186f983485f7eb23c957a58fbfcdd43356c4263003d4e37", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697661025, "uuid": "b7613c20-8ed5-4dba-a641-f702c962faa7", "value": "T143C2C08DE5543888CB2D8ABD798E1A303DD4A1D231DE87DDE70218CCDB2AD8B754D11D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697661025, "uuid": "6a9c08bd-4d5f-4d60-a3f1-882848d65ed0", "value": "768:X0EARl8oFQQgorhASKh77J1EwIaQ6hzJWN:XA78+goNASKhbmp6hS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697661025, "uuid": "19016a71-4b2b-4b9d-b2e0-6deebeabcddc", "value": 28016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697661025, "uuid": "499ee47d-5b22-4937-b578-5d5020bd78e1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697661025, "uuid": "db2e91b0-9fa2-4f06-be8a-3ecfad50bcc0", "value": "ed195450ab2e6589b262307c012977af", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ed11fbf-6dd8-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697648549, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648549, "uuid": "3e7ce166-c842-418e-a521-d988478c46c3", "comment": "Malware payload", "value": "d283e3fdf1f2a275da2041919e2a29fd", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648549, "uuid": "45df9ae7-1526-45eb-a1f1-9f48a136b0ea", "comment": "Malware payload", "value": "bc8b040947df20ec884ede4cc5ece724218056120ef75e54f581c594abbe2b92", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648549, "uuid": "50275bb8-948c-48a7-9a0e-6f1423bf4506", "comment": "Malware payload", "value": "a6d3872f25fe39066aa4901adc284ecaf009721f", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648549, "uuid": "e050aeb9-70f1-4b23-b054-23184f539442", "comment": "Malware payload", "value": "11c78a8ea8ecf207a3f1ef158acd46d1ded8fa2107a26265ddec2ff9036584eeae52a07fb6c74a511854f0967f6719d6", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648549, "uuid": "a3912369-d1cb-498f-bec3-4c00f45d862c", "value": "T1E035CB343979BC2043DBDA0334F14BA65CD9568FC5713A3B199AD423AA782C265B12FF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648549, "uuid": "8870530e-5cc2-487d-9b3e-2c3a07eace14", "value": "1536:IK6bKV6KTDPem7j5Y6kyyAXBHupPDY9HU33ZIm+lIWFS2ec+Gcqhafby8d5KMvmf:n4g6Kv2k5Yd4RHuRi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697648549, "uuid": "5f38d9c4-4a92-453f-a913-bdd9819b3670", "value": 1151650, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697648549, "uuid": "31ed3494-3fbd-4c1f-a6ee-3396a9ad0a31", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648549, "uuid": "69c937ac-dfc5-4328-9d6f-4fed3ddcdbe7", "value": "Data.hta", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fbfe1ea7-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697596521, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596521, "uuid": "20ab951d-8e63-4e25-9abb-68bf8036c4f4", "comment": "Malware payload (LummaStealer)", "value": "0ae17e02e4a1fe5fd2a6f1820e250be5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596521, "uuid": "f7d72645-37ce-42e4-ae75-f6869fec5c0b", "comment": "Malware payload (LummaStealer)", "value": "bcade731c2860b834ecf30f4835b3443577259f92f65ab8fbd5bbe85743de64c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596521, "uuid": "d30fd795-f0b0-4a42-9dd4-c20d7e5c2b65", "comment": "Malware payload (LummaStealer)", "value": "0d43e1678f9afdb776989759dccc9c02519f61ac", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596521, "uuid": "5ccd2353-32a6-470d-8b8e-db2fcfb03058", "comment": "Malware payload (LummaStealer)", "value": "b9ded84af7942e79a93337248cd47fc093160592dc075a434e30cbe1bb61ed8920c3e59696753796f9ad1d2e57763a44", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596521, "uuid": "424f08ee-5642-4a44-81a2-9f4154001b01", "value": "T14C252325D7DC4173C5FE2BF058FE07C3093B7D628D2C8B5A2B85865D0EB2A80413A76A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596521, "uuid": "507af0f8-fa18-409c-8581-1a38dca799ce", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596521, "uuid": "d26dd3cb-d3ca-4673-8537-3dbee7be6078", "value": "24576:lyClqiGtIywAANUs/2cKye53SLpH9zKkLxeZY3:ACl5uN8UM2cK7JSLpBKGg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596521, "uuid": "24db7cd5-072d-41ac-b262-e7c2d38fda0e", "value": 1030656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596521, "uuid": "3e50dac3-47f0-4032-b5b4-426f2a3c0152", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596521, "uuid": "566c00b3-2c2c-4e2c-ab42-77617b2d4ca7", "value": "0ae17e02e4a1fe5fd2a6f1820e250be5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c64daad8-6dde-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697651407, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697651407, "uuid": "bedaf503-91d8-4f3e-b586-d8426df2b018", "comment": "Malware payload (Mirai)", "value": "a58800c3364ad6f86a6d06da9e6e234d", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697651407, "uuid": "4bcfe600-e6cb-4c33-a30b-78419d1be2b8", "comment": "Malware payload (Mirai)", "value": "bd4bd48932c6778101eb22386d4061458d857ffeae7afde2eb6e8be002dece45", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697651407, "uuid": "3229affc-f029-4701-900e-66c25f9afe51", "comment": "Malware payload (Mirai)", "value": "98653e59b5cd7eae645dafd8de9f22b4b3a4289c", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697651407, "uuid": "e484c51a-a49d-40ad-93d2-68524e7aa3c8", "comment": "Malware payload (Mirai)", "value": "cc4f5ebee2ed9adf9d08d332c537debe450a988c5440fb2d1e2e52edf993cb9cff8b36e09e552c26930ed8c72c2cda76", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697651407, "uuid": "208ff1a6-63ad-4680-ad5a-86ab9e613287", "value": "T1AEC2E170A3AD1CB5C3500672F7B86ACABA530F7DF6FE2890114047BA7941D092DE99CB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697651407, "uuid": "bc5de83a-9031-4ffc-a127-186228e096f2", "value": "384:Aot/koxisa34beDtZwuaCBsk+G9lLSsLYSTFs9u8OtqlrNEa3L5/fNhymdGUop5S:A8soTAZ3alkXLvFh8nNE45/1s3UozS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697651407, "uuid": "1ad9b9a3-cf4e-4fa4-b3d8-b4904073df42", "value": 28176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697651407, "uuid": "afb8ac11-0be0-495e-8bb1-be4d494733a0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697651407, "uuid": "d05b1644-67de-4f93-b84a-0a38674404cb", "value": "sora.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "832fa7dc-6dbe-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697637550, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697637550, "uuid": "e659b65b-520f-42d8-b9d0-f28131aa642b", "comment": "Malware payload (Amadey)", "value": "3f3b733e3eb6b366bf35fbecb61ba4bf", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697637550, "uuid": "9ef0200e-e2af-47d1-8e90-a4234b63e920", "comment": "Malware payload (Amadey)", "value": "bded2dcd500421456a73fe9e9a3969fdf21ca0f6fabf3f88e621e8d0957ccc9e", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697637550, "uuid": "f11330fe-4152-4422-853a-6772b50ea4b4", "comment": "Malware payload (Amadey)", "value": "95991a3f13cfc693d45f230f6254244ff34e657f", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697637550, "uuid": "d33e7ff4-1999-4d60-939d-08424dcc05f6", "comment": "Malware payload (Amadey)", "value": "57739ca7e7dbfbafec593a4e9216ad74aa92714c078294d418377e30de3215aa7970371bb364729abac74fa29566921e", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697637550, "uuid": "7308b8c8-6906-43bb-a54a-68283e2f9e55", "value": "T157252312EBD96122E8B417B01DF723430379BD127D74875B1A91AA9E05B3E847837B2F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697637550, "uuid": "d49f1ad4-eb82-448c-95f5-f8171fcdbc81", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697637550, "uuid": "f8769a11-99cc-46df-ac20-f6e71f580219", "value": "24576:Jyr4OwWelmhP5yOYgssEc+yp/t+9m7NMYacs/Wzxvr:8kOResnBuc+ypF+s7GYac", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697637550, "uuid": "624fddf9-bac3-4d16-b797-6263d12b11f2", "value": 1001984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697637550, "uuid": "91f0192a-16a7-4bb8-8438-e25bab0c4954", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697637550, "uuid": "a1763769-d4d1-4e48-815b-37dcda185270", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "474d88d9-6db1-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697631866, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697631866, "uuid": "6a63825d-4e98-49f7-95e7-a17413d3b13a", "comment": "Malware payload (RedLineStealer)", "value": "6a450dd2ad48c501808c7281a5a68c4e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697631866, "uuid": "a3b4f78b-6d31-4ede-8dc9-85c77500cc93", "comment": "Malware payload (RedLineStealer)", "value": "be3bf76b38475ffd4c1b0fd00522e03ff849392bf85f24fc5e946b75b17f2064", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697631866, "uuid": "fe984d20-19d5-42a3-8406-620343f58811", "comment": "Malware payload (RedLineStealer)", "value": "380b1bbd417e17bc95e558df05fa7447618fb765", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697631866, "uuid": "ddbdc904-94f8-49e3-9d7a-9f7dcc8e3d88", "comment": "Malware payload (RedLineStealer)", "value": "da4fde1f364331d07df8a9f3a9dcd18c6f7e5a2d17495a4951af64f86f50ddd1b13a26bf274a2991088a8a2715a1d546", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697631866, "uuid": "a729fbed-1afa-4c8d-94f3-3696362b87e1", "value": "T1BA25230BBAC834A2CC784B7024FA03D709317DA2DD786766A756645E2DB32D47432B77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697631866, "uuid": "5841d78c-7ad5-4038-a69d-b93746c8e8f8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697631866, "uuid": "73e6c3b7-41d5-4bd8-819e-90bd7b4e2a2e", "value": "24576:DylFd99iQzCho5YuDS2unjYJncqaxzIkA87AarzeXPiae:WlFdOLypS2ukJnN78savd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697631866, "uuid": "ecd7a44c-a230-45fe-8af2-5751676e35de", "value": 1002496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697631866, "uuid": "4f7745cd-edf0-4808-bf55-acc0c06d15a7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697631866, "uuid": "0b7647e2-3bf8-48ad-a130-7a66170e297a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ef2cc05-6db6-11ee-8907-42010a9c0042", "comment": "Malware payload (Vidar)", "timestamp": 1697634080, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697634080, "uuid": "017586c7-e1e7-45fa-95a8-cf11ae0237ab", "comment": "Malware payload (Vidar)", "value": "191febed315d7c3a620b564e99e5f3cc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697634080, "uuid": "cd0e08e0-3fbd-4a8d-9d38-9f222ba62b6e", "comment": "Malware payload (Vidar)", "value": "be598baeed48aa13f42daed457b938ba19ee75c081a3571c582815822df7121a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697634080, "uuid": "935e8329-d46b-4b4b-a6e7-90da728ebed8", "comment": "Malware payload (Vidar)", "value": "ba0755a123f58cbea5e27a2806ccc8078d58df53", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697634080, "uuid": "6110b3c1-81fb-40c3-a2b3-2b971a66a8af", "comment": "Malware payload (Vidar)", "value": "5900b481d8033c8efb051e20455545860e736698c807333afd5f7202d3ab6eeb6d02f3b4f4496dc03738babe99bed1c4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697634080, "uuid": "b02464be-32c5-4bfb-a603-86a2aba3c9d6", "value": "T15B3533B37E7A358DC5A5DC74B77B19A1C26120E73D668C010849616DAEF7E2072F80AE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697634080, "uuid": "1b740302-26a5-446b-a64b-b58dd6109b0e", "value": "9d73eabc1296af162ac6ff5d06072544", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697634080, "uuid": "84c19f14-3f1b-4c47-b760-f8bae29c408d", "value": "24576:A4G/xo8crC7yRjvOwKS87o9ugbalGaRlnMMS:A4Gu8hyRjvKH7o8gbKbS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697634080, "uuid": "33e712f1-34df-4545-85c3-a0cdf9787256", "value": 1147616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697634080, "uuid": "a019673d-8d1d-4a2b-b32e-b378e9d60d8f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697634080, "uuid": "394ad1d2-e63b-4e85-a487-7a55ab1e22a8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "daff487d-6da9-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1697628678, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697628678, "uuid": "719c16e8-ef49-4281-bca2-68a21190ade3", "comment": "Malware payload (Stealc)", "value": "d3df8556ca7f9ac3cea35b3bfe11f55c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697628678, "uuid": "f2928c46-1fd3-4523-8a52-2998ecfce32b", "comment": "Malware payload (Stealc)", "value": "be6ccba3d6d28fc980265e94dc47d721551ad8d536bd9cf8ec92b54c0317f13e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697628678, "uuid": "64b5b8c0-4ccc-48ce-9492-9347bac13742", "comment": "Malware payload (Stealc)", "value": "0be5a70fe0729b54628fe28be7b8009478383dfa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697628678, "uuid": "715951fe-3678-4946-bd6f-5441f446d8d0", "comment": "Malware payload (Stealc)", "value": "c76a8604e35785494ec0e0fe815917578aec3de88e79500b72357aff7ef06a5e0492de0ebdef11ad1578e5ec1f7644df", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697628678, "uuid": "05639ee4-38d6-4387-98ff-220cefb93e51", "value": "T18C252311EAECD0B6EDF1577098F707830B3A7C609975826B7791E8190D73A90A87633B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697628678, "uuid": "49ea15f6-27ac-405a-a3d7-bc1f4a5f26ce", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697628678, "uuid": "79b6c02f-e2e2-4b9e-93d6-c1cdbd6e3bba", "value": "24576:KyLzRPPQTb4eQbYHZAukgN55KRAtV7ANvW7rYWM:RfRPPubYcuudN55T7EW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697628678, "uuid": "594a999a-382e-46a8-a088-64d05e2d36a2", "value": 992256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697628678, "uuid": "3fdbe91a-5992-447b-a04f-361e9a3ab8f7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697628678, "uuid": "c4d200e8-0a2b-422e-97b5-e2e01797fe2b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69c203cd-6d52-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697591122, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697591122, "uuid": "180d85fa-cf0a-4329-8495-4d7306713f8a", "comment": "Malware payload (LummaStealer)", "value": "0129c758d88a68feda0ca01e5a7d9597", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697591122, "uuid": "e0413c63-70ff-46f1-a4cf-242f121104d7", "comment": "Malware payload (LummaStealer)", "value": "bf6308d8bc662e2c17076214084ab0a6f900f65cc561f19e4a3ecd7ec4d92eda", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697591122, "uuid": "8975b151-69fc-490d-9a77-c88811be7d1e", "comment": "Malware payload (LummaStealer)", "value": "4f9859041b5754deb1a6333feb4b1c7ee63b9711", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697591122, "uuid": "cd13b99d-d990-43ab-b5a1-19265f86f948", "comment": "Malware payload (LummaStealer)", "value": "228979bb84c474f266c6272e3bea24f981030c3cbb7502f3d3bcfcc44cc04028b1ad86c12969b016ea1307592a0480d9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697591122, "uuid": "2eb81e77-9b1d-495c-9605-f54e0fe36e81", "value": "T179F41217A7EC4473C9B63B7198F603970A37FDA19E68879B2201184F0C73685AA35777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697591122, "uuid": "f705794a-a297-4ac1-8c0d-ef1c8e80d421", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697591122, "uuid": "6fc43943-e622-473f-8ab1-82445e3424a1", "value": "12288:aMrRy90IJfgCBk4vdkz/7bZsFjImLRl0rO5t9vDQgzkW3HRkItGWw5MotP7jrkT:ryLDWwdkznZK9lvNEckWqTb59zy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697591122, "uuid": "b8a9febd-c133-431b-a46c-e70134af9dfa", "value": 756224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697591122, "uuid": "56cfd469-3d08-4054-ab21-f9bc29f1e759", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697591122, "uuid": "f3cd03fb-67a7-4675-b2e7-706f55ee637a", "value": "0129c758d88a68feda0ca01e5a7d9597.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4f608f1-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697645365, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645365, "uuid": "f1f95e10-02b7-4f9f-8f80-f9f01764dbb3", "comment": "Malware payload", "value": "8c86d36bfbbb832431886449f98b7f89", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645365, "uuid": "31320e3d-d47e-4936-a5e7-1ef769a77dc8", "comment": "Malware payload", "value": "bfe5c2efb3590478e10a7eeaeff43a446a660b42cbb6a2f0b973be5cc10f619c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645365, "uuid": "1e7d9003-ec5b-4356-8270-ff7510e392d0", "comment": "Malware payload", "value": "ce5d1d43635f01a3414a4f4dc56d48e6e2979afa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645365, "uuid": "cdc323f2-f6de-416a-bbd3-8c8f326a8411", "comment": "Malware payload", "value": "2e3ee7261cf2c6e6717f0a8dd37eed07acccc58ae67a5f5da8a7d9245181215ce8d443d6c5d1b203e251f315b5b2ffff", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645365, "uuid": "e978f2de-0e49-4ca7-a1be-5c5a4194d0b5", "value": "T15174C52267A491D6F2FAFEF3DC630584E5B5B85EA805DE0F0644208D98BDB45ED1322F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645365, "uuid": "dc79f0ea-7657-474a-9460-9ddec64cd037", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645365, "uuid": "81788636-5998-4ebd-b6f7-d518f9dde417", "value": "6144:yOWI4e9apUeTe7dQE2LyAlHlmC5bayWr1jEVIE0/lY2p0XykXdAG7dljToDm:yOieYyQE2+AlH0WXykXdA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645365, "uuid": "05e1557c-d7ef-463d-9a6d-3d696add5622", "value": 366080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645365, "uuid": "6d60a14d-ab18-4421-9443-0bafcc1610df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645365, "uuid": "e6d1979b-c886-4744-ad41-26a94f6e2082", "value": "American Trading Inc. (ATI) - Products List.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "051f493f-6dee-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697657955, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697657955, "uuid": "67e8f15e-f509-4e13-ae47-1fc76d9ae5fc", "comment": "Malware payload (Mirai)", "value": "b6c54f96d0e06c74c40555f5813592cc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697657955, "uuid": "d3c90d57-1b23-49ad-896c-2fbe435a867e", "comment": "Malware payload (Mirai)", "value": "c05370fc79987dd3809d91da39b22b21b565a170f36be25a34b96c8b7a5ae2ba", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697657955, "uuid": "bd9c0bcd-81d4-4a39-a0ca-6cd3fb0149f0", "comment": "Malware payload (Mirai)", "value": "364eddb74742c1a29d2d36d7009fd4a862dd4a6b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697657955, "uuid": "3b3290cd-d420-4713-beda-23ff970b98d1", "comment": "Malware payload (Mirai)", "value": "1785c95e9354cbfe41635e266ddf0633138f3a95b1e59697484f29c13f884a3dda8b2ff2f4f04dadd0ee78a0d4285f4e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697657955, "uuid": "f1eed2a9-c8da-4647-8eda-818446b84706", "value": "T1D4B2E028B2496146CE08623EF56F65FAD574C2F3432E9403841CDEB6C143A3B6C3BA62", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697657955, "uuid": "abc8d03e-9778-4d78-8e6c-32ffc79437b2", "value": "384:MgBjOoJ6S4UTJskxuc3FSlwdL2kxOkTthgJV5MlYNPJx1+p8oesLv1RO:Rl6S4UTbxuI2w92k5TIV3cO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697657955, "uuid": "13459dff-fce2-4825-8545-815e4a3cc05b", "value": 24536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697657955, "uuid": "10bdc20e-e69e-4356-88a6-4e83c2dcc0fd", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697657955, "uuid": "923c899d-0da6-4ca5-a8db-4403d60f0856", "value": "b6c54f96d0e06c74c40555f5813592cc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44ae1cfe-6db9-11ee-8907-42010a9c0042", "comment": "Malware payload (Glupteba)", "timestamp": 1697635298, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635298, "uuid": "d85b7b10-4930-46e3-93c0-cfd24eaf2c7b", "comment": "Malware payload (Glupteba)", "value": "a856ef291297cdb54fca7469e38ddb34", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635298, "uuid": "4733471b-3c41-47f4-a8af-aced056d935d", "comment": "Malware payload (Glupteba)", "value": "c057351817aed450137d0445d192900399d35498d8523bcb52264edf7e56b54c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635298, "uuid": "6d0e26f2-cdea-4881-8a63-c7aba3d32c2b", "comment": "Malware payload (Glupteba)", "value": "b4ffa1f057a979153fab2a3056e2b83173ec7d9b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635298, "uuid": "d909d41a-7c82-49b6-99c3-0a4b56fb3a87", "comment": "Malware payload (Glupteba)", "value": "4c7b6a4101fbdb400cc91b81c11ee6556d0991622aa4c16cab23b8179e87c114d97c0d7dcdb69442cba5f5ae5579ed89", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635298, "uuid": "50d23fa9-e89a-4239-b7f3-9a4f74a9c7c3", "value": "T14A163311BA90A06AD817EF368141E9EB3A377C73413C509B2F9C6A7F5C713D256A0B63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635298, "uuid": "34dc912e-e675-43a7-a13f-018e2bcd24bd", "value": "44371442b035be4cbafff0985c627120", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635298, "uuid": "ee325dd7-7f84-467d-bd88-896a174cfea0", "value": "98304:e/4NFkXgOlyvqxbar6B5q1Y+yxd1ePqeS75QATiJTd79uQ:vM3lAqxbar66YLd1JeE5J2Jd9uQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697635298, "uuid": "15d0b3d2-0c1e-4771-8b9b-97c92fb4b207", "value": 4379536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697635298, "uuid": "7d405d47-450c-4bd8-9ee1-c2cb9d332563", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635298, "uuid": "96ce6473-b873-431f-ae2d-adbce6212e4d", "value": "a856ef291297cdb54fca7469e38ddb34", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eedca08c-6d76-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697606807, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606807, "uuid": "cb298cbf-be1c-49bb-9832-2aa24b614cad", "comment": "Malware payload (Gafgyt)", "value": "93dee6f9e45393eaf3bab7aca717dfb3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606807, "uuid": "dd23e46e-a72c-420e-aa08-124fea89a946", "comment": "Malware payload (Gafgyt)", "value": "c08bfc8bf0673b78ed9eee8ab186f3a4329958c28a0aa351289228db0feee466", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606807, "uuid": "0ff13b77-2f6c-4727-8d63-02049539491b", "comment": "Malware payload (Gafgyt)", "value": "b59ccbb618eec62b5adeacacfa184c5d8ab6aa54", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606807, "uuid": "ace5880f-12c7-42a2-8251-af58ca2db1ee", "comment": "Malware payload (Gafgyt)", "value": "e7bcb874bd24894108f3794a50ed771215b0b032263a9d9b6c699799c4333d5eb9ccf3c7ce47f2f0ec8c81b2206ef63c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606807, "uuid": "b3aa8775-e0fc-4d60-9f93-dc5f6d5c981a", "value": "T128E34909D7408B57C1E2277AEBDB424933339B54A3D733099A38ABF43FC27995E26116", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606807, "uuid": "822cdc33-2266-416f-9e1c-4fbdfbf6df8f", "value": "3072:ut8iFDKEfFN+Fa+1sWch7n1erM/9pUMbmQwfCMQiGW:s8iFDLf/+FaN9h7nsrM/9p5mQwfCDiGW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697606807, "uuid": "1af3209b-4f60-4dcc-a543-d886917321fc", "value": 150049, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697606807, "uuid": "feefa7c6-66e5-4960-abcc-7fc9c7a9994d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606807, "uuid": "934a26e5-98d3-4080-af6f-ba5305283404", "value": "93dee6f9e45393eaf3bab7aca717dfb3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d0aed84-6d77-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697606858, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606858, "uuid": "14ad783d-25a7-45dc-be2b-afa78aa3c807", "comment": "Malware payload (Gafgyt)", "value": "48bb46bf25f5634be8fd1207c95817f1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606858, "uuid": "871bd673-f076-420c-98eb-53741a35611a", "comment": "Malware payload (Gafgyt)", "value": "c122eea28a7005e93269092040c365b95609f5e3dd1faa13a08730db798a94b7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606858, "uuid": "cd2202db-208f-450a-8ac6-4a0a5421b1c4", "comment": "Malware payload (Gafgyt)", "value": "c209ede496cd3eacabcfd9c11df9a37e51b43331", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606858, "uuid": "2c60d450-b2ec-4062-8b5d-fe95a464f437", "comment": "Malware payload (Gafgyt)", "value": "ee02ad8e15d74ac63e4b2e3f5039a41719ea6519431be6113c7d9a7184efc109f08abcd31c24d3a1fc65960ac9458f8f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606858, "uuid": "cef7d161-0d89-45e8-9bfe-e6e7a9f11b98", "value": "T1F1A35B53532D0A87C98B9AF02DFB27F187AAECA012B25644950EBFC41773BB41056F5B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606858, "uuid": "64a42a4b-828f-47b0-8702-f5b14ede3e69", "value": "1536:DEg/+165BDtuS5Xap3SQuqomJd28C40W2t8nAJfmsCskFw3DW:DXa65GSA6q7Jd/omDski3DW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697606858, "uuid": "b01f2495-42e2-474d-868f-2e2b6a876575", "value": 103588, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697606858, "uuid": "19e72d4d-cd6d-4884-83f3-59b7a15df7b9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606858, "uuid": "8b4a96c8-5a4a-4454-b91d-8addefe575fe", "value": "48bb46bf25f5634be8fd1207c95817f1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fa26cfa9-6d76-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697606826, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606826, "uuid": "b497d599-6e8e-4899-8c3a-616bcae7809f", "comment": "Malware payload (Gafgyt)", "value": "4e7faaad236c5bee9ca9f3822b89257c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606826, "uuid": "fd51edfb-7f4d-4a09-b338-db08ba6ed0a3", "comment": "Malware payload (Gafgyt)", "value": "c271257f6d78cd832f81259bccdf4b39e3bbdbcca6c7c82979aec332b37cb622", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606826, "uuid": "ae965387-38c2-446c-a511-58428fde6d51", "comment": "Malware payload (Gafgyt)", "value": "615347c97a86cbb1cb3d3135c8b55f60f71f9bde", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606826, "uuid": "0fc65f35-85ca-4719-8a14-ddc71e1a1f38", "comment": "Malware payload (Gafgyt)", "value": "cd765bc6a060d2c47e054db1a107e4a28d687ab03184606d59faea544d200eac9a18327aff105d97825092305e2deacb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606826, "uuid": "2ec5586b-ec50-4493-9cb2-017a426c34f5", "value": "T172933A8785719EB3C042AA7925FB89740713A8225B0F1F68612D9BF8070BDDDFC9E725", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606826, "uuid": "96824ab6-247e-44f0-8dcb-0115c259acd8", "value": "1536:TeDM+Vlabe0Ff5soS4yfafTdfmoDs2tSYVm+:Tj+Vlab/DDfTdm0s28YVm+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697606826, "uuid": "038a6277-9f44-4c88-b5ac-c2d6f59ad1fa", "value": 96317, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697606826, "uuid": "562c7a13-ba7f-4fa5-be64-05c9746591c5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606826, "uuid": "18ac2437-2ace-4e33-89c4-da36cd6d3c6e", "value": "4e7faaad236c5bee9ca9f3822b89257c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "289bc427-6d80-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697610769, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610769, "uuid": "90313b6b-87f0-440a-b8d6-ba53fcf39d8a", "comment": "Malware payload (AgentTesla)", "value": "0d87cb15828bfc611420014a3db98f6a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610769, "uuid": "aac5a165-4bc7-406e-9538-b866ed43f87b", "comment": "Malware payload (AgentTesla)", "value": "c3820a16faa2878b05636b40e8571711ed71735a8fcc732c26a9d3ea357a8a5a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610769, "uuid": "5f9682ea-e174-4dae-9407-35a075c9a2f1", "comment": "Malware payload (AgentTesla)", "value": "5733b10ea4b44c18230ce1471c574ac53e44a808", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610769, "uuid": "2c6ef0df-ba30-403c-8b84-e5f14b7b7f69", "comment": "Malware payload (AgentTesla)", "value": "afe2164dae50866058cfa9d7c6c8477743e641314c3f3d78ed94766e87fdbc768f66854cd10588dd88638377db4cbba8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610769, "uuid": "d88e18c3-4d5e-4f1c-841d-a97f562b5af6", "value": "T108D412242369CB2EE0BA5FF94570E240CBF639126D35E11A0DC514DE1E3BF698924FA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610769, "uuid": "fd40442b-54fd-4aba-b1b4-8f888a2d523e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610769, "uuid": "b3f4bc69-c695-4787-b423-2411f1c59c17", "value": "12288:5zfqBqB71K6GMTWc38kLVMWM5PA6T1YrlkMPAqzv3634:5T667GMLNGHElkMoD34", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697610769, "uuid": "6aea9f20-0325-4318-a623-7ba67011ab9c", "value": 655360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697610769, "uuid": "4eecc31b-0a8d-4e45-a119-5406b32739f4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610769, "uuid": "55f8ae4e-10d2-4e7c-bb21-ceb482a7afad", "value": "Order Confirmation CI & PL.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "10ca651a-6d77-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697606864, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606864, "uuid": "39a8302e-523e-4359-b82c-6cdb484b0e9e", "comment": "Malware payload (Gafgyt)", "value": "4002b8d36cdbf23ec4582e8dfe06088c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606864, "uuid": "9e9e8725-24e8-476b-bfa0-391dc1a50dd0", "comment": "Malware payload (Gafgyt)", "value": "c3d1b1b157170ce55f9fa072f836abe76ba06f1c13573eb770e6491eafdae2ac", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606864, "uuid": "90e96f5b-5f26-4540-889e-8592bfae4453", "comment": "Malware payload (Gafgyt)", "value": "c9bd2bf59fc68c8314162d934c9336d183888392", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606864, "uuid": "6d3d35fe-8ecb-48d1-b5dd-2dbcec7fb34d", "comment": "Malware payload (Gafgyt)", "value": "c7e2dc67c4f09ce5f89122b379083fdc8d8b418f54575b858c1287e4bc780e4ed22ecc963df539808815f6044e5b364f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606864, "uuid": "23678b5f-ccbb-4ef9-8a28-97a021d2e83a", "value": "T1AAE33905D7408B57C1E2277AEBDB424933339B54A3D733099A38ABF43FC27995E26116", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606864, "uuid": "5690b7b3-a606-4b8c-9739-1081b273de35", "value": "3072:ut8iFDKEfFN+Fa+1sWch7a8oXV7pUMbmQwfCMQiGW:s8iFDLf/+FaN9h7a8oXV7p5mQwfCDiGW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697606864, "uuid": "828f74d9-ee86-4080-a392-1a9300283b4c", "value": 150049, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697606864, "uuid": "e34629b2-a763-491b-adf3-4d5435ebdb1a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606864, "uuid": "71822c64-90c0-46d5-91e4-9847b7aa951e", "value": "4002b8d36cdbf23ec4582e8dfe06088c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd858d4d-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (Loki)", "timestamp": 1697645379, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645379, "uuid": "87afb76a-dfa1-434a-8a59-a05c23b1f872", "comment": "Malware payload (Loki)", "value": "d8b4d7f78634174ff90e35704ce53d26", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645379, "uuid": "da7c1fa9-8ab9-43a0-8002-4a1f4336cd73", "comment": "Malware payload (Loki)", "value": "c430d7727c13405bdff5e40e65e6dc203b2e0294d7de0ba4a5bef64196e39190", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645379, "uuid": "ad4d8434-a95c-42f8-9c2b-ea07e1d5906a", "comment": "Malware payload (Loki)", "value": "3115f01c4a304248bfa2de8a03da07695f465d81", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645379, "uuid": "9c386beb-f2c1-487a-86be-3ca028325f0d", "comment": "Malware payload (Loki)", "value": "db5ea17ea86feb31535aeb9cd248e2ea253e12c92005f5e94fbddb5550e8e63eff5de259464ecebd47af6aa80b2f8f7b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645379, "uuid": "89365b95-a674-455f-942b-a348aa924ec9", "value": "T1FD052A3D19BD223BC1A9C6B9CFE5C827F004D86F3412AD6598D397A64357A8635C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645379, "uuid": "6a028aaa-52ca-49e0-ba22-2f31b170bad1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645379, "uuid": "5e8cb49c-f82b-4596-993a-92c829843a46", "value": "6144:4dljrLxRukM6+cHVPutFJ+hNEUY5D9ZJKqPuotojLhuAlVRCeJ98McyeGm6qjvl1:4r31+cHVPks4DBXutj7CeJtelDPu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645379, "uuid": "ce9dc54e-d823-4165-bbef-01847b657d9f", "value": 844288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645379, "uuid": "c3709b4f-a51b-4675-99fd-69dc9e5cf804", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645379, "uuid": "62d1ab9f-52c0-41eb-bc6d-c21c9cad11e3", "value": "TNT Express_87079376647.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01a10da4-6dd1-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697645493, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645493, "uuid": "533391e4-ec3d-442c-828a-33c7ae801666", "comment": "Malware payload", "value": "593632a92795607082ca4efadc20c312", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645493, "uuid": "b4cad76b-75e8-4f40-9838-3f754e2edb99", "comment": "Malware payload", "value": "c502e1c1d58f80114997aabccc03d7f756402e12e71156aa308405cfd96fbdd7", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645493, "uuid": "eb31c54b-1354-4613-a100-8d094d91779a", "comment": "Malware payload", "value": "4b259531f690a9949f5598d63888d7611d45dcd6", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645493, "uuid": "fa59c380-64b0-4747-8299-4dc2eb0f7717", "comment": "Malware payload", "value": "0fc4b81ee2e6c308f4f2712821ba5eb3f4af0175f5920fbc2abfb1160df465b218d7e5c877f120a692ab156ce7e493f8", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645493, "uuid": "7b65fd29-ee2e-4126-89a6-5b7d2ed234c1", "value": "T17D9228AA8F45151C893713E78DCA8939D472017F74044D357C9DF2E86B1635CBAACD8B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645493, "uuid": "cdc0a0ba-f10b-4c8e-bad3-26947ad31f05", "value": "384:35uYbTY5hZtnFwsr6xFYMXzA7oI/t2TonCe33Ag+XQuFW/tRUKqmenaYS0mJ8js:puYb+Nzr6VoV/pCKANtFWfUVaYSz8js", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645493, "uuid": "c20fa531-bef4-4e81-b06f-b236b79e1073", "value": 19596, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645493, "uuid": "3c49ac20-d724-48ce-9f1c-1aa3b7b0cf8b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645493, "uuid": "69c9ba7d-859b-47ac-be6d-44d2e6ab8908", "value": "invoice.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "190d2708-6d68-11ee-8907-42010a9c0042", "comment": "Malware payload (Loki)", "timestamp": 1697600435, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697600435, "uuid": "aad24e5f-9534-4090-b684-8f07b1953eb3", "comment": "Malware payload (Loki)", "value": "7b4839414be319c3d16a2216cc98e99a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697600435, "uuid": "530fbb05-107d-4f64-beed-7775b374e3c0", "comment": "Malware payload (Loki)", "value": "c7917d3ebb2c276113548fdfc4dec0b4db97145b9e687d3177248f1b675800fc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697600435, "uuid": "a1dd13d7-edd1-4ebe-929c-90326efa56d4", "comment": "Malware payload (Loki)", "value": "3bb41d4eb168d85b706eb7afa78193b3556e7aae", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697600435, "uuid": "5b13364a-e337-4d54-86d7-95bddeba395c", "comment": "Malware payload (Loki)", "value": "51bcc09b1abaaf3cd731cf0f789b1f9eda0ba47af576b457a4edb5479554ef0a24798d2a03acd19445ca847a2faf08a7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697600435, "uuid": "2d11b80c-2fa6-4516-a3b4-8124eae61783", "value": "T181052A3D19BD263BC1A5C2B9CFE5C827F000D86F3451AD6998D7A7A64356A8734C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697600435, "uuid": "4e8460c0-57c0-4b9c-ac6d-9cbaeee640af", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697600435, "uuid": "a0d2b960-15a4-4b20-9a13-a6d9689ac284", "value": "12288:njccn0WXynW+iY04NGIEqBQf/GQvCW0yrOjU:hnXynW+wBqGf/GtyF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697600435, "uuid": "67f059e3-4ddd-4ea2-b017-9a6923424607", "value": 844288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697600435, "uuid": "e047e834-aadb-402e-a6cf-ead6ac71d02b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697600435, "uuid": "4fab8df4-20c8-4da5-a5d0-4c5cc4c0459b", "value": "Updated PI & BL Draft.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "731896b5-6d9e-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697623779, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623779, "uuid": "5970d1cd-2abe-42c4-9aa8-96ba7462942b", "comment": "Malware payload (AgentTesla)", "value": "0c852d97619c03265df52a4ae79aa90e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623779, "uuid": "62938f91-bcb6-414d-884b-cb528f235556", "comment": "Malware payload (AgentTesla)", "value": "c82ea9d5e214ab6a8d1b9315803472e637a986308a0f3be0a39bf43c0465902a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623779, "uuid": "5d24df34-8b39-4559-a064-151f46d68f25", "comment": "Malware payload (AgentTesla)", "value": "1a45481fb5a05c9e34a995c1b82c9ed7e5bcc4b6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623779, "uuid": "c6ce47e3-87df-4a64-9cca-0062d1bc07ae", "comment": "Malware payload (AgentTesla)", "value": "7a583981a1f9ed7b5815e24586db120a06ea5c03790f7892f6ccf0e649119319380aaba367be6622a4ecdc246d05f674", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623779, "uuid": "df5c88f7-0ca2-4ca4-9415-ea98656713f4", "value": "T13DD433F5D0742C20BAC446097DDF690FC3428AE8A9D51A9720B3F5B065EE787C18B6F9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623779, "uuid": "84ab771e-e579-453c-81a8-eb1f247e9230", "value": "12288:GwJMJ8fAq0bPmPtbwcWglB3TcRVofvNubO4WxzvWnTSgNSG:TJoqImPJ9L3aVofvYbO4kWZNSG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697623779, "uuid": "b799ace0-7a53-495f-908d-50c80b25273d", "value": 643120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697623779, "uuid": "5fba1d8b-6644-4233-ba86-ff332cac8d4c", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623779, "uuid": "607c817f-b49b-45ee-81ed-368c7cef8c2a", "value": "Track#1ZFV29616840783936a.tar.xz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "274203f7-6dd7-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697648133, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648133, "uuid": "5872aae3-ee2e-4805-b775-3d54a5c78f04", "comment": "Malware payload (Amadey)", "value": "93d870778efe4e9f64d1e042d88428b9", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648133, "uuid": "eb38ed81-0874-41f8-8723-861d4564076d", "comment": "Malware payload (Amadey)", "value": "c850f2f4b7a299826feaeae2f00a02dc00857093fbd8abecebec61750985ff91", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648133, "uuid": "7d24c1c5-525e-4d6e-859c-2a8581b83442", "comment": "Malware payload (Amadey)", "value": "aad6882af102304bf853beaae17d7905b5b01976", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648133, "uuid": "09e384d0-4bc7-4c0e-9d0c-a336be6130bf", "comment": "Malware payload (Amadey)", "value": "ab43629bb176b5c29fd897807a982f3836e0b6f93a69aee862051afe4df5ed68f3593cbbfd6b516372917aabf152da13", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648133, "uuid": "1754a5c2-873c-4aad-b105-18899598d330", "value": "T1ED352342B6E859B6C9F5233050F606D31E35BCA99C7CD62B53CA7C9D0C73A84A07636B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648133, "uuid": "60388e74-deb5-4e02-b956-a98a4ad44c2c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648133, "uuid": "6d1fa2da-36f2-4ba2-a14c-09f0bba5b18d", "value": "24576:lyKteGOU7MBS5OplOGLA8T/PY4sB0pnITgVltq/hiX3qdh:AeeGOU7MQihLA8TXYtChIcVi/hiX0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697648133, "uuid": "c3ded8d5-f29c-4534-be64-69722e9f5dee", "value": 1089024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697648133, "uuid": "49620ad8-c0d4-477a-8467-8f2bed594bb5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648133, "uuid": "559cd2d3-5238-4cc3-9d88-480990f28762", "value": "93d870778efe4e9f64d1e042d88428b9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7883db1c-6d79-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697607897, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697607897, "uuid": "50c7aa52-5e81-4eec-bfa0-fcc7ad12dbda", "comment": "Malware payload (Smoke Loader)", "value": "0763c8ee42974e3d697d4ec3978c3476", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697607897, "uuid": "efd40427-c3d1-4c94-9cda-5a1e80e92177", "comment": "Malware payload (Smoke Loader)", "value": "c85d8ac6c322221c5b2bc9fcb48b7d4ab4d1ad5d3ffe4d4b8cac0cf7d882d71a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697607897, "uuid": "76406602-29ff-4812-a76a-cc50f127c6b2", "comment": "Malware payload (Smoke Loader)", "value": "f3f1bdd9939656a0363da6092ba917c30a293609", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697607897, "uuid": "29dbd224-e3c6-41d6-8331-25b55cb9a1c5", "comment": "Malware payload (Smoke Loader)", "value": "ea4986802c02569944dcc8d7eb07c6f981b982c2df286d52853eea01c49390a76f7b2d19d759fdb5135298ce32cec76e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697607897, "uuid": "815fe334-52d2-45b5-947b-d14ec8b8b73a", "value": "T17D35231277E89431D8B167785CFB43970A31BDA1C8F9EB2A5389D88B48726D4E07137B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697607897, "uuid": "5ac2f0ad-619b-4d53-9935-6a4a4282af1d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697607897, "uuid": "8ce5542c-cab1-4e73-a048-16cbea5758d2", "value": "24576:qyPryiut8Fi1KvPZWGNREqUlR2al90j1m5QBYs:x2ie8rHZbnEqMUal90Bm50Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697607897, "uuid": "ed18b380-f3b4-46ca-b8bf-c7b5b39dd3e1", "value": 1097216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697607897, "uuid": "4a9184e1-73d6-45e4-9df8-27a6c7adbac9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697607897, "uuid": "dd254421-ce2e-4e67-a57f-126323d6dd33", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a3aa6fec-6d70-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697604104, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604104, "uuid": "fd2b01d4-5a3f-40b0-a292-86c56c410e5f", "comment": "Malware payload (Mirai)", "value": "364bf0d192ef6d8494152cf577702ccf", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604104, "uuid": "ebdd1f88-d896-4d66-9e11-dfa2db837a0d", "comment": "Malware payload (Mirai)", "value": "c9239e7e168eef0b3d680954c6a4f285855f51d58a888809f08745486cba25b7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604104, "uuid": "d53c9e94-65b6-4c2a-96e8-af3961065bdf", "comment": "Malware payload (Mirai)", "value": "64932e38c3eb2a793f4f61ac5df20e659c771ed2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604104, "uuid": "c918cd5b-5b79-472a-8ae0-25eac0974378", "comment": "Malware payload (Mirai)", "value": "139d206d2440cae34cb5ba2e67bc4bf805e41b96182956fb3615e7735a9991a7068757f95a8c362e980091720d742ab9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604104, "uuid": "7bedc775-97af-4f75-b0a6-73e5066d5720", "value": "T119332AD6B402AE7CF89EEA7E80120E0BF53163555053073B67ABFCD37D321649952E4A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604104, "uuid": "0632cb2d-7874-4401-a17d-eaba9476dd6e", "value": "768:yPeiX55FVuYg7QK/8bVJYV9XQvus1gFHq63unWe/npgitJTz4eHQ8lT:ylp5DuYv+g6Fq6enpRgitJX4ew8V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697604104, "uuid": "99f78ae4-6381-48df-b8bf-9ec47d5cb813", "value": 52916, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697604104, "uuid": "e8f9b681-8930-43b4-97da-f13340f3819a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604104, "uuid": "85fcb28f-d130-4612-94cf-ee51f118b47f", "value": "364bf0d192ef6d8494152cf577702ccf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bbdb0abc-6d5c-11ee-8907-42010a9c0042", "comment": "Malware payload (IRATA)", "timestamp": 1697595555, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595555, "uuid": "0f7d4590-aa63-4c28-bddc-a287bdd6dd76", "comment": "Malware payload (IRATA)", "value": "50e1adbf7c5877392ca594f264e38e7e", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595555, "uuid": "1d593419-f247-4e3a-9de7-736e2bd4f087", "comment": "Malware payload (IRATA)", "value": "c9ba4702695baa9a7cef0bab24994ef09b9ed8783fdff184cf2b33c43dfcb823", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595555, "uuid": "adc10694-b14e-45a5-b69d-4e3877a98f56", "comment": "Malware payload (IRATA)", "value": "b52f1f6c995945fd4e62c9e492c82437df124e9f", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595555, "uuid": "1f7e4e5e-c6dd-444d-8dbe-423d556556af", "comment": "Malware payload (IRATA)", "value": "7d882c77849c68ddeed5218af250bbe4eea7465f0f236d2a07d2c0ccfdae02cf109cd1dd4aad158ae5dd370abd1b0d1d", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595555, "uuid": "3e32a352-6ef5-47f2-a4fc-d155b6e449b5", "value": "T13A36CFC7F799A95BC4F39332827657A551074C268B83EFC36D14367C28BB5C01E9AAC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595555, "uuid": "f05a3e2e-6f7c-47d0-bfe2-138badb84eee", "value": "98304:XgLCrgD/+9nYl3lVR5eUfJeuPSlX/4T6NdAJJ:M/+hALPeX/Sl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697595555, "uuid": "b9ec9aad-1338-41fc-bc71-2b44c14c3a0c", "value": 4937578, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697595555, "uuid": "114494d0-4fb8-4495-8163-aaad9ca93669", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595555, "uuid": "a0b55327-2f86-4b8c-8ca9-b168091e4971", "value": "app.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "942f6e89-6dd8-11ee-8907-42010a9c0042", "comment": "Malware payload (AZORult)", "timestamp": 1697648746, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648746, "uuid": "c2b6e3a9-f98d-445c-a1c5-be4515ca1dc3", "comment": "Malware payload (AZORult)", "value": "ee68a69607760dd56632a0045a7c87ec", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648746, "uuid": "f058d807-0a66-4f60-83cf-560987fa37c0", "comment": "Malware payload (AZORult)", "value": "ca2467a857a0732cfe8e0868ab28855abb4270c5b5979acc994ce32c3effc9c7", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648746, "uuid": "c2fb5ca6-b1dd-4d09-a8ae-5be0fcccbb04", "comment": "Malware payload (AZORult)", "value": "be24ba4e8424d77ee443365b7a2fd3671fe95622", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648746, "uuid": "35e20dac-1dac-4656-bc6e-355379443be6", "comment": "Malware payload (AZORult)", "value": "abd594e7a2dc83be89d9d13477d45226e66e2aec7fe372c0d0e918ca8a0333ad476182c7d634034ce5ac9d36c587040d", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648746, "uuid": "87536793-08c3-45ef-a2e6-46c40ce7eb2f", "value": "T12945122E7A80D17BDA9C4470B845446957E8FEACC3D48A477660226D383DB72CABCF47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648746, "uuid": "ef6164e9-c593-4c89-bd5f-7835b3d91335", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648746, "uuid": "0a54d856-f34f-4449-acc4-312f5f052a22", "value": "24576:MJJB+kZ1+sBAqeOdno9zXSiZQrH0LuxaGwAma0l+SfoPxlAM5f:MDqsBA7inop/wgAwfnlbfoZlAM5f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697648746, "uuid": "aac04c01-d39e-4284-857d-004f8d252c84", "value": 1211504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697648746, "uuid": "aa7ebd52-9129-4e42-b7e0-6069fc33693a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648746, "uuid": "ca931f3e-f5e7-4974-9975-99dba95dc794", "value": "HT1150009-Docs.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "312ff479-6d5c-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697595322, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595322, "uuid": "aa2a932f-6944-4387-8247-e2b56ef6c886", "comment": "Malware payload (LummaStealer)", "value": "8732dd505afbd20b03aa775d9b230bc9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595322, "uuid": "b6ac6d78-e529-4b54-95b5-34d51cac8753", "comment": "Malware payload (LummaStealer)", "value": "ca64aa6ed949423a1d5b11629c3a9c1db7a10c570ffe677e82be7a6dec120a5d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595322, "uuid": "c01af8cd-d28e-43f7-9bd0-dff5fad9d021", "comment": "Malware payload (LummaStealer)", "value": "08ece8249372289de7f3bd0e6e4b3ec54a5cde6a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595322, "uuid": "afa6cbe9-24ed-42dc-ab12-e42f1feac8d0", "comment": "Malware payload (LummaStealer)", "value": "504de44adc94972c5ee907ec1ddd481df815f543648b41325f715216f50dce0b4e0e4d761d3d0cf01ff17e9d52bebe4d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595322, "uuid": "abb6ee4d-3c05-45e5-9b03-61249b8a39a4", "value": "T1D234AE0174D1C472D9B3253209E4EBB95A3EB9300B65AAEF67E40F7E4F343C19631A66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595322, "uuid": "8a4339b7-51eb-457f-8eb7-a91da6cfa62f", "value": "e6c8a6ac2c39bf589d2a9a54b0ca583e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595322, "uuid": "03721811-a6f8-4144-b323-5a8ebe5356bc", "value": "6144:VAhoKC278Zlfx4nfKKH/VObYXAO3M9I45W:VAhVolfx+LnxwW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697595322, "uuid": "3e21175d-81ea-4519-bc58-2f5a1d889cca", "value": 252416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697595322, "uuid": "5f007d45-a9e1-404b-98ea-45561bae0236", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595322, "uuid": "6c35b670-c7f4-4751-a810-329fb18eb168", "value": "8732dd505afbd20b03aa775d9b230bc9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27ea498c-6dd8-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697648564, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648564, "uuid": "521090f8-8100-4628-bd6a-e04bb3c696c9", "comment": "Malware payload", "value": "228ea7b32efa5a8f1ce1c14656c5e25a", "object_relation": "md5", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648564, "uuid": "10b9dd8f-a095-43f5-9fb8-5d22b5d4de17", "comment": "Malware payload", "value": "cac4a39b38f8090252a6e66221246046f269288a7f682b19021de07da6190f6f", "object_relation": "sha256", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648564, "uuid": "d21ae760-2eb5-4d28-83d7-4f5633b319b6", "comment": "Malware payload", "value": "434446f828ea48a32ad7536cb8871fd056ba0253", "object_relation": "sha1", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648564, "uuid": "a107702a-ddbd-49d3-9053-b1663132a26a", "comment": "Malware payload", "value": "8a33739ee22f52b7188cfe611da6f83c8be5c30939f974995fc05b2c8d31c2fb315dd75cf97e7798d0f86fe76e1a65a7", "object_relation": "sha3-384", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648564, "uuid": "d2ec51f1-5a04-4a40-9a27-fd1973590f09", "value": "T1D721BD0517EA1B69C2B25F7B58BAF313C536BC81D867CF2E42C4128C5464520A9A4F3E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648564, "uuid": "9562a442-c0bb-4070-8a07-576863d94a8e", "value": "24:881sAcCRzcq3JBkr+/4v5ws4fNVOoa55U8UZUmfWhm:8uWo3J9Lf2o4evqr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697648564, "uuid": "5e53bfb9-8182-487a-ba4f-ac95f6ab2ffb", "value": 1133, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697648564, "uuid": "ffaf3977-f904-4731-a980-efabc2492ec9", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648564, "uuid": "a352213c-6d31-4e04-98c4-a8308bfdcbed", "value": "DoctorReferral.lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f3cdbb9-6dbd-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697637007, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697637007, "uuid": "2b39ac7f-6236-4d2d-9435-aed05553dd29", "comment": "Malware payload (Mirai)", "value": "8d6524054267c3c2fc4ba8b1c87c885b", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697637007, "uuid": "c813703e-79aa-466c-bd95-2cc290500e54", "comment": "Malware payload (Mirai)", "value": "cafa77e7f228719843e6c428e7c101c259e2954e80b9f9ca2ac75447e897946a", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697637007, "uuid": "877ca8dc-f497-4bbf-b113-b48832ef712f", "comment": "Malware payload (Mirai)", "value": "81aec012b9da4439f41525540a39b7c313f30614", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697637007, "uuid": "e73f6a53-966b-4d94-84eb-0fe1633c9fe7", "comment": "Malware payload (Mirai)", "value": "c0bf9f813f66afcab121753b80ced2123ed307339f30f663ca96f6968b07a8882ca3d331067d41c4e1c518a6f01ee682", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697637007, "uuid": "06598f12-11ac-4b5c-be33-df67990d64e2", "value": "T178832981FC41A622C7C11777FE5F018E371553D8E2EA32079C285FA03A9F95B0D67A5A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697637007, "uuid": "f3c4c33d-3022-42c2-b348-abed35f96206", "value": "1536:NySHwrZKkRozEsK3SU33eZtU5SWmyPeTriW/SnvL:NySQ9Ko283w9yPe31KL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697637007, "uuid": "63f01374-21d2-42f7-aaad-0284b79c3d18", "value": 87172, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697637007, "uuid": "a922e44b-29ab-4752-b509-c9626184efe2", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697637007, "uuid": "1f49f540-56ef-4eb9-bd73-2b709163aae3", "value": "arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2517e931-6dd8-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697648559, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648559, "uuid": "c75db839-619d-4291-b1cc-80433f35430a", "comment": "Malware payload", "value": "f1928a3f167c4473f562d9b7cff9a155", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648559, "uuid": "a2bbf14b-74ec-4c1f-bcfc-178f4df23356", "comment": "Malware payload", "value": "cb359bb4cf12998dc5faba0a02a6edc1d107aa47228ef7a70408dbc94eb1e324", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648559, "uuid": "eee6042a-29fd-40d6-9e2d-2aba62f8dd72", "comment": "Malware payload", "value": "a8d133cd6a220ff5265468ebedfcb5cad6bb7112", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648559, "uuid": "1274cd2f-e335-4a89-a7eb-ef5e9c58b7aa", "comment": "Malware payload", "value": "5010caa067233428fa6e28ba8a7c19cd21c78c39e2961ee8dd55c06b72b5ae8bffa5cb12bca8d1ced44afafe6e94c899", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648559, "uuid": "48df1109-4cae-4146-a905-1d970bcc5d4a", "value": "T1EC41DC011BEA0B29E3F35F7758BAA7228937FC85DC26CB2E01C0124814A1520E9B5F7B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648559, "uuid": "8a1656f2-cb76-4ff6-99ce-7598f07ad619", "value": "24:8WkD1e667zcq3JBkr+/4R5ws4fNVOYdd79ds55U8UZUmfWhm:8Wkp+3JzLf2YdJ9Aevqr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697648559, "uuid": "3f11b230-8773-4a46-ad30-8961ba504ad8", "value": 2015, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697648559, "uuid": "708685d4-474d-4a18-813f-6fe5a88dbfed", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648559, "uuid": "2f3b1c13-0292-4170-bd0c-979d72c1edc5", "value": "LoanDocs.lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c10d1a9-6d88-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697614211, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697614211, "uuid": "bf4c2ee4-13a9-4fe9-8725-efd9054cc810", "comment": "Malware payload (AgentTesla)", "value": "ba231a28a6d8f09a6510a68167bb7e2e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697614211, "uuid": "cd84ccab-2035-4d9d-bc38-5813862d14dc", "comment": "Malware payload (AgentTesla)", "value": "cb42b7fe8e4b91d233ed1755f6ac5e83d6d2d44f1320a55c88d034cf566f658d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697614211, "uuid": "2552a3b8-c63d-40ef-bf93-9b202a677515", "comment": "Malware payload (AgentTesla)", "value": "4cd889590bc080bbd1eb5e13e7c00621b4b17ca9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697614211, "uuid": "d037b673-c1cd-4fcb-be7b-52ce1f1a4526", "comment": "Malware payload (AgentTesla)", "value": "e2d5291fa59b106201b8e97bbe62d6f44f980a294a06d69a0d93bfe37594b2284f84d5c09e7654855ac265307b26a373", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697614211, "uuid": "46f15ff7-dfb8-48c7-a06e-93c778bf832a", "value": "T194257F3D29BD223BC1A5C6B9CFE5C827F000D86F3452AD6598D397A64356A8735C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697614211, "uuid": "794e5d40-e56b-4242-8dc3-1fb7135332f0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697614211, "uuid": "d207b31d-de0a-4a2a-bb44-480b29a9e187", "value": "12288:eWLYUvSKmwFcP7nceuW/sUB5aizW9EjFylkcNrrm:RYUVmV7cRW0UBFzl0lnrr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697614211, "uuid": "beea0e10-a92f-43a8-a619-9c632a9bbddc", "value": 998912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697614211, "uuid": "a742f1d6-ade6-4a1e-99d4-15f235aa2539", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697614211, "uuid": "589cc124-d8bc-4e4c-b336-d1cbdf43f4d6", "value": "SecuriteInfo.com.Trojan.DownLoaderNET.710.7393.16571", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "847f79b8-6dd1-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697645713, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645713, "uuid": "073ba272-c062-474c-9b8f-91ca374ac1c3", "comment": "Malware payload (AgentTesla)", "value": "21967411d6c2047f0398a19f14fd0ce3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645713, "uuid": "d508d3b6-3da7-467a-ab4e-a9a319ebab76", "comment": "Malware payload (AgentTesla)", "value": "cb6fa67a9123f512508752ef44aa9eb0861b57393ee37435574fb3d1b7e062dc", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645713, "uuid": "88c7706a-80d7-49ce-83a0-7800a6b7770f", "comment": "Malware payload (AgentTesla)", "value": "a7b4504049a4f700f702322804de0543f3543944", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645713, "uuid": "42ba3b7a-a159-41e7-8cdb-8e13bf241bcb", "comment": "Malware payload (AgentTesla)", "value": "eb1050ec5ced6e2d10ca7b4f7e6454899004dc516dde784952437707e1a8e166f6efb1f15a6784cb927431ecd44dce99", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645713, "uuid": "59582ab1-34f6-4542-9150-a87acc45364e", "value": "T1E0553333C76A8CA0E174AEB6A3EA0CEBCCC4DC3FBBF641D145D954063E08D799685612", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645713, "uuid": "709a2b6e-507c-42e8-8ad3-640b50fb1f5a", "value": "9d73eabc1296af162ac6ff5d06072544", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645713, "uuid": "a8e7575f-bd5d-4fba-88af-a147cabea8d4", "value": "24576:WSjaXVwmc73HCkZvkbKxkO63+T7gzhc2DXdlTtWj5VBszqTBXLYA1hzGs:LjaFijikZsGxkO63W2Zu5Eql7DC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645713, "uuid": "6e641994-d4d0-4f9e-b3f1-0da8d9f88bc9", "value": 1371648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645713, "uuid": "94b670a2-92fd-45e9-9555-375df1af321b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645713, "uuid": "7754bc2d-3abd-400e-a456-8f06bbeebc36", "value": "QUOTE_FOR_Lindenberg-Emirates_UaW5mcTtv.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "739cfe71-6d49-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697587273, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697587273, "uuid": "c16b01be-76c5-4d45-9367-1cf66118b865", "comment": "Malware payload (Smoke Loader)", "value": "bf685d714351ce0b14f79284f9f5b946", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697587273, "uuid": "f74fc1db-2db7-4e0a-b6f9-60f5ff7b516c", "comment": "Malware payload (Smoke Loader)", "value": "cc45e1788e5bff3ee10134539c0fdcb4ad37aa0897c7c56d8006983b09094cfb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697587273, "uuid": "275db731-3d80-4067-8df8-2b0aebab08a5", "comment": "Malware payload (Smoke Loader)", "value": "0363619c3f84ce84543f9a19ef14095572990b0f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697587273, "uuid": "43ed76d4-d828-4c6b-b782-bb2647ffa6a4", "comment": "Malware payload (Smoke Loader)", "value": "7cc6f6544799d69a6a24a6b3c174e7b4242321d3d337cb0f32e0ab3bac101af642d7e17f4c68e49ce0b8f3bfabf99ca9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697587273, "uuid": "337b2a5a-27ef-41d2-a9b5-adadb3369a73", "value": "T12A35239773E95032E9F5277029F702831D29BCD158BA87AB9355A8990C723C1F17A33B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697587273, "uuid": "2bd2e5da-d4bf-496d-b53d-80070e90681e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697587273, "uuid": "045fba09-f9a9-4fdd-974a-86442b5e8727", "value": "24576:DyGfdCK8yr2vstY7XibMiAtjPPFP2eqFziz87cpyj:WUC1yZtY79vtzP9mpiY7P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697587273, "uuid": "e84518bc-a5a9-4252-be05-b4057a360b08", "value": 1098752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697587273, "uuid": "9d27c397-a595-478a-a4d1-d7e8e02aadc8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697587273, "uuid": "04be61c9-0190-4398-b31f-cfbd7cc08939", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96fc84aa-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697645314, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645314, "uuid": "e4804ffd-b824-4bb9-bc2d-89ba330e7a42", "comment": "Malware payload (AgentTesla)", "value": "1937b5bf92b35c58a508120ec9f8beef", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645314, "uuid": "92631428-0af3-430e-9deb-2a26f4d59d44", "comment": "Malware payload (AgentTesla)", "value": "cc465603dd6618ce3cdd9d48e4deafd0be34700468bb037599c62231bd252271", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645314, "uuid": "3bbcee53-780c-475b-8c47-fe42f98d5a7e", "comment": "Malware payload (AgentTesla)", "value": "61fa23dc73ae3b7cdf10d19d7a9546d6fa0522fb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645314, "uuid": "851a9886-b9cd-4992-8be6-d048ee556f1d", "comment": "Malware payload (AgentTesla)", "value": "9330bafd4b2fee2b448171c9ddd0f8dc52fe3c4bd1b274ec61ba8fa63682231c9dbded1d2f97bce315bdb5115981e7ca", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645314, "uuid": "3d43122e-cdc4-4b10-9366-305829c09248", "value": "T169A4CFA37E8555E2E3C40F36C1DB45628F65EDF1A763E60B308E33CA0663B5A5D80A17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645314, "uuid": "de51e855-561a-4c82-a31d-0c3277b023ed", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645314, "uuid": "410d80d2-d3a9-40a4-9ca8-10c2be6d7eaf", "value": "6144:DJNG7ZI7O/++mYIhX5Ao+XOSj8txkqL8nwBcjrd515ibsXlWFwxhOK1MR9hai4aV:DJQ3+folA7HkwSi8WFm71MzIa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645314, "uuid": "801cadb0-2c0b-4f3b-aea7-4af21bd1dfd8", "value": 474624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645314, "uuid": "4581dd4e-3fc3-4927-abd1-2920f6539b5e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645314, "uuid": "a80ca485-c202-4e52-bdc5-89b257f5de50", "value": "PROPOSAL\u00b7PDF.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0eb7c46-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697645358, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645358, "uuid": "91845d7a-22fe-4a16-81ae-54073322b5ef", "comment": "Malware payload (AgentTesla)", "value": "e31682011bb9d9bd9b367e9d645dca3b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "isbank", "colour": "#75DA16", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645358, "uuid": "66cef648-b864-4d69-a4de-685d504eea61", "comment": "Malware payload (AgentTesla)", "value": "cca8056faee51cc307d49154de2dcd5e14a7cbe86f90c54582788ce7b46aa4d9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "isbank", "colour": "#75DA16", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645358, "uuid": "1cd587f7-a25c-4ba8-b315-72790843e56d", "comment": "Malware payload (AgentTesla)", "value": "f55c9a5b6f4ad4483394bb3731537d2ca3e1f9b4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "isbank", "colour": "#75DA16", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645358, "uuid": "7ccec66a-e6c5-46f9-a05a-9adc2d3f9bd0", "comment": "Malware payload (AgentTesla)", "value": "11343569f419e501949ec75e495e8fbfbffbfcb3187093c4f1db73f4fba4c99968f79561cdb3a880d1fe9ca73c68bc73", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "isbank", "colour": "#75DA16", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645358, "uuid": "7278d51a-2562-4bfe-a7f2-f140d9a1ca21", "value": "T1E205497D1DF98227B978D6A6CFA4C432F061D6EBF9625D2AD0E746818702803B4C71BD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645358, "uuid": "0bdfcd6f-e392-4c2a-a838-a0bbdba9d775", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645358, "uuid": "0d1bcc95-5d23-498e-aac6-48722c366760", "value": "6144:7Xmr+U0Ym5//De4sqXQxXe1JsJvxvEUyhrOmcvQXWFl6rOQ1FFxNkQMs6AWSVTJn:7WSAmleGGXJqDEvnYTbOQC3SVDB7f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645358, "uuid": "b8266077-592b-438e-ad60-2198a9f10779", "value": 866816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645358, "uuid": "c091d130-f9dc-4f4f-8989-480199573f67", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645358, "uuid": "d01b5fbd-3749-47fb-a38a-c722b65bd8ab", "value": "Is_Bankasi-Hazirlanmis_Dis_Ticaret_Islemleri-18.10.2023_PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9fa93f5c-6db8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697635021, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635021, "uuid": "5b368d9c-c48c-47fc-9de7-8c97810d928e", "comment": "Malware payload (AgentTesla)", "value": "0e2b9e4fa1f20b593dbbbad08b3cfa09", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635021, "uuid": "136912a2-94b7-4a8a-a64e-345e1a6e4ec7", "comment": "Malware payload (AgentTesla)", "value": "ce62f5d0db7ae82c428b93e4ebc2c016c1da50656399e1daab91c528b8c482f9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635021, "uuid": "96847c55-6aeb-49a1-b904-4861aa04b2eb", "comment": "Malware payload (AgentTesla)", "value": "d8d5a0cf2be08393a42cb10c068da3ebdc24da5d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635021, "uuid": "2ddc9b3e-c6a9-4670-9aa2-3506f721ed7f", "comment": "Malware payload (AgentTesla)", "value": "33a12045bd2086da993cbfecd36b6bab4de14aa18843fb990b303c6669af17302a0472fc4b760213734da89c7d191db5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635021, "uuid": "e12e9454-8532-46f9-a15f-bdd64ddc4a23", "value": "T1BCA423ED93246557E829B614F31AF5F32C191A18B472E6A2C4ABDEF10AC30FD41734AD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635021, "uuid": "105cbe40-6945-469f-99e8-ffd0f977a22f", "value": "12288:PVTfcxirhYseoZP8xCaCWwONhoB0liBtJkWNixa:VcItVeop8QDJkYDkWNWa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697635021, "uuid": "b23a20da-8226-41b2-bf63-2bd5b85e3195", "value": 484528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697635021, "uuid": "ae630ce8-70c7-4583-a7b0-813d4d7f0aaf", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635021, "uuid": "39f2fc58-7d6f-4d72-9635-0fb0bf84c07d", "value": "708e198608b5b463224c3fb77fcf708b845d0c7b5dbc6e9cab9e185c489be089.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "13cf10b9-6d53-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697591407, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697591407, "uuid": "97f1bee4-aac1-473e-ab41-d70456e16eda", "comment": "Malware payload", "value": "fac4274c5da46acb94411794b8288a05", "object_relation": "md5", "Tag": [ { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697591407, "uuid": "18f26520-2ff3-4302-a775-892ae2563739", "comment": "Malware payload", "value": "ce842483585f7efb3394021930a06e67734a76d293fce8fa58f9bc32b6546d1a", "object_relation": "sha256", "Tag": [ { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697591407, "uuid": "c8561c3f-f98d-4293-8a40-eb145bc787f0", "comment": "Malware payload", "value": "2fda1deb1d4eebe33542e4aaca210994a05d11bb", "object_relation": "sha1", "Tag": [ { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697591407, "uuid": "4c17661b-b1c2-4169-8cb1-523473ab13b3", "comment": "Malware payload", "value": "a4a0329ac9fddd34f46b8e34e9876d9636fd827bad5ca613394ef42dd36a6cfec290a012ec4f3687283a263342111a25", "object_relation": "sha3-384", "Tag": [ { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697591407, "uuid": "d7c5348b-7e64-4db7-bd3d-4668cfb58427", "value": "T1ED02C2D662541A9BD10032B84C431DDF7E470EB3E008B414F2C1B4BB0A9CDCC36E01D1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697591407, "uuid": "164f6ffa-679e-499a-afa8-eefb92fb51b9", "value": "48:CCCCHKyCCyCCCCCCCCCCtCCCCCCCtCCCCCCCCClCCCCCCCCCQCCCCCCC4SoCCCCQ:cS1N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697591407, "uuid": "9f56d207-10b4-45e4-bbea-e511910025c8", "value": 8237, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697591407, "uuid": "9c764e6d-b2a9-498c-b1e1-c452bec19909", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697591407, "uuid": "a1f832ac-bcfb-41b8-b7f2-5143bb84c0cf", "value": "c19a883a77b885b04554f980fc0f3df6eea9adc3ea2a84db4ef8d6b7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42dacac1-6d62-11ee-8907-42010a9c0042", "comment": "Malware payload (IRATA)", "timestamp": 1697597929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697597929, "uuid": "e53fbc4d-950e-42f5-b26d-87b7162b106d", "comment": "Malware payload (IRATA)", "value": "7f306786f249b6a8fe7046167a7407a3", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697597929, "uuid": "aa64b99b-a87a-4f30-8c79-ca526a0c97aa", "comment": "Malware payload (IRATA)", "value": "cf5e3005ceb49bc813f98f3fe16a6c7c83cf3890bd24e7e4dbd9eaf105b958ba", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697597929, "uuid": "4dd6ee77-fffd-4713-9d52-6ca4947fc98f", "comment": "Malware payload (IRATA)", "value": "9c1f4eb5d6653b61a5780385940692f22bf9c5ce", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697597929, "uuid": "2c0b4b09-fbae-40d9-8fae-6f8f43a65e99", "comment": "Malware payload (IRATA)", "value": "1702a14e7b1ea022674b5f0657e1636acdc83cbf3741c84c76aa98d435fd21b59110a8d6001db15bb286c8b00fdd5b55", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697597929, "uuid": "0d7b6711-2e67-4f7c-9a69-90cb46171313", "value": "T163A533CFF3158522C5E7E67757441393497E0D829E23A90ABAA873F90777AF8930A205", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697597929, "uuid": "cc7f8108-4723-4963-8f52-195cef4674f1", "value": "49152:AEfTK9qhs94smKJscA0f2Dwtp+vTBxpxAfg/OAgqmkcxsxFVOMvJLp2R:AGTRhdsjAVDwyTXHgqmy3J8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697597929, "uuid": "a9ddbb96-729b-46bf-9d4a-f0a0b77839bf", "value": 2239707, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697597929, "uuid": "2cd93c33-79e1-4ba3-9805-d635e2c7f5dd", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697597929, "uuid": "15ccfdc6-5ce6-46f0-9c47-56b04eaf9b63", "value": "saham.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76212a05-6df1-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697659433, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697659433, "uuid": "9ac9bf21-01d4-4dff-be70-862affdd2c0a", "comment": "Malware payload (AgentTesla)", "value": "d68228fbd8bccfd3305cf1349d5e4c22", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697659433, "uuid": "76a621b1-4b63-4302-bcd0-b288b10aaac0", "comment": "Malware payload (AgentTesla)", "value": "cf7d6cbc7a96896a60640f293bb9e3aad591556cbffdab459b2e52f89f89865e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697659433, "uuid": "86941ca7-a579-48e0-8b85-25425582b1f6", "comment": "Malware payload (AgentTesla)", "value": "285c70803d606cc3878ae1479bfb116a3ae7e232", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697659433, "uuid": "5732cec9-d1e7-48ff-b7d7-e36d80b41bbf", "comment": "Malware payload (AgentTesla)", "value": "c5311e8d754b388cd9354926e92a7548b7b16631e13cf4e4cec8a9cb9bf4469c0adafdd165ed3d300d96cfeb81218e38", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697659433, "uuid": "7743356a-04f9-42bf-a493-f9c7dd3f7907", "value": "T101156B7D1EF98227B978DAA6DFA0C432B062D6EFF5625D2AD0D742418702903B4C71BD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697659433, "uuid": "e0571db4-0290-4d8e-a505-cb4128d4e264", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697659433, "uuid": "83d164dd-4dea-452e-a6a7-9769b4732da4", "value": "12288:M8JxMYtLvJuiGQI5zGMLK9rkt9WDp1IPySFtTNDfizc:pJ/pAFzGM0MiIZFtTNDf0c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697659433, "uuid": "e9ff0236-b141-48f9-9df8-73e1396e18ab", "value": 954368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697659433, "uuid": "86028381-9594-4241-ae50-3c82c76e2ad5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697659433, "uuid": "bf490829-73cc-48c6-b71a-67c70a446d2e", "value": "SecuriteInfo.com.Win32.TrojanX-gen.1019.32361", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1dd8d35e-6d8c-11ee-8907-42010a9c0042", "comment": "Malware payload (CobaltStrike)", "timestamp": 1697615905, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697615905, "uuid": "c0ba204b-e9c3-4f20-a7ff-60d2a80c1ed3", "comment": "Malware payload (CobaltStrike)", "value": "9f46751cc0b2a616e2731c9c74ce980f", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697615905, "uuid": "3293ef4d-198a-4d72-8269-3bf86d548850", "comment": "Malware payload (CobaltStrike)", "value": "cfaecfea53a947e1d3f1e56aa7f62b2507e1b785df789ddb5619f025f8dd954a", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697615905, "uuid": "0367d497-9234-4978-9be4-0ca9045fae0d", "comment": "Malware payload (CobaltStrike)", "value": "c6e5e32cf96702be5cbc338afc1edfa400640f50", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697615905, "uuid": "87b79a38-572f-4afe-9e13-09c260f5e3a7", "comment": "Malware payload (CobaltStrike)", "value": "760e7138a9e40cb7725d17b57e75a9bb56a831e74ed2bc257fa1b6d9cb290b1f8d1ba8dc96cd8e4c8a52eae58b550187", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697615905, "uuid": "dff4877e-df8c-49c6-900d-35ed99fa4246", "value": "T16DB312368D68BFCC85BF596D51F1C972140A5B5C42DF001D29F36EA01FAF41A89E62C9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697615905, "uuid": "4263aa65-0975-4474-80cb-7c80b0868636", "value": "3072:7cWW/i1av5vTZt0Ix/nBuXGAkdsBMs/Q2mfhI:77Ii1eDxx/n33MTQ2H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697615905, "uuid": "6e27487a-d6cb-4fc6-90f7-bb38b463976c", "value": 107498, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697615905, "uuid": "23194065-5bcd-46cf-b5ea-3c282ce79dd2", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697615905, "uuid": "5d982576-c5df-454a-ba40-6eebb255ff24", "value": "480c5f297ec7d30d21449ab950f6dd3cdfeb78c591b5e3450c2d6027f8be2e72.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25d90d12-6dac-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697629663, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697629663, "uuid": "b018008a-fe68-4d39-b802-0ad96464d316", "comment": "Malware payload (Mirai)", "value": "b7f6745b2c772d5473d2fb5bbfb05a80", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697629663, "uuid": "06fd9685-cbc2-4799-ab47-fccf0402b7db", "comment": "Malware payload (Mirai)", "value": "d03fe5299e0776d6f2e8b0db7ee07404afe3a76dd7d44200248c81ef5a752b88", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697629663, "uuid": "fc94dce1-820d-4e8d-82f5-af223d047718", "comment": "Malware payload (Mirai)", "value": "31b2f37027c2fa8b5e5096ab6d169033f7599ef9", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697629663, "uuid": "3eec9584-c6ff-4199-95dc-818a8ba17e4a", "comment": "Malware payload (Mirai)", "value": "a7855daa4064215d62d5019187c21ac47c41c0d1feeb09f477d6c38024b4871c073baa22d9e17c1965a6668be409f070", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697629663, "uuid": "bc6d940c-e76d-4afd-b086-978ce14a9852", "value": "T17182D0A123923958D321CF7D3BE8340B8058891771695B406DA0B609D96FB309CF9FFE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697629663, "uuid": "bc2edb75-fb7c-4e74-ab14-454ec86373fa", "value": "192:KXs4Lyi82so2yzXtb1MQFGKVeKJRT6XXmBrdIQG2tdaOqGM5V6LsDdvrY6jdE7F9:yb2eX3zAKuiNPZRwwqdvrrduMXbCAkd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697629663, "uuid": "4491cfc3-d94f-42f5-822e-beb0266801cc", "value": 19040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697629663, "uuid": "513eebc8-48ff-4229-ad40-36a865413554", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697629663, "uuid": "b1723f87-5369-42d3-aee4-b96d5c336e74", "value": "SecuriteInfo.com.Trojan.GenericKD.34055387.16695.17922", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6abfb99-6d98-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1697621396, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621396, "uuid": "97ca77ad-a3a3-43d1-92be-6d7344c5c985", "comment": "Malware payload (GuLoader)", "value": "f984df11389c0024a8f193eff46e5d1a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621396, "uuid": "bb91aaeb-b85e-4c0b-9c9c-58b08a9746ee", "comment": "Malware payload (GuLoader)", "value": "d085167a693942acfead1ad132bf92780fd394075cb86bba71a1739ee2d569cc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621396, "uuid": "2aa20813-9a61-4d0f-b1a2-c29670be66cb", "comment": "Malware payload (GuLoader)", "value": "d1ebc1b3074960006fc2d4c3dbcb3eccdedb1aa0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621396, "uuid": "19691024-f39d-4c13-b3f0-9c9a4a797e3b", "comment": "Malware payload (GuLoader)", "value": "a893d5ecdd999a1ca19e736a1192dbc51ab0ba6ea928d5434067ebc104c5ed83d84d26a4349ce015d4bdad1a7000fc11", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621396, "uuid": "80c22410-5450-41e2-8c7c-1c889d33fd51", "value": "T14DA50241F059E69EF82E90B5F827D5F3444AAE49D5688E2F31423F2A35F32471236A37", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621396, "uuid": "6c5f3678-19a0-4c8b-a141-e41dc31da4c2", "value": "0293eec0b5432ad092f24065016203b2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621396, "uuid": "bd061f29-ab34-4338-ac15-8423f20fbfa9", "value": "49152:9UhZjcwuQZLDgMBAB4XOrGrWv/c/kTW3i/LS5Llx:9UhWmZYAAB4XOGrWv0/kTn/LSd/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697621396, "uuid": "162f8839-bcec-4e42-8239-50ae27c10b9a", "value": 2127536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697621396, "uuid": "48f790fb-6bef-4e43-b71c-c90a1fcac04e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621396, "uuid": "7abc14b7-a5b9-4a0b-9a22-cfcb99d69e97", "value": "SecuriteInfo.com.HEUR.Trojan.Win32.Makoob.gen.10665.8895", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6f1a300-6d7e-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697610149, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610149, "uuid": "3b4477c9-7a34-4cf8-8e78-59fe7749f4fa", "comment": "Malware payload (RedLineStealer)", "value": "4036dad04418ef2e74ce84887a40c781", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610149, "uuid": "39c668c3-627f-4183-aa64-15322f774815", "comment": "Malware payload (RedLineStealer)", "value": "d0a1983023ba858abd30885631c353f063ea1ea4deb47b17d1d36e8ca8ba2ebf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610149, "uuid": "55a90f6b-cf09-47bd-a44e-e365a4eca923", "comment": "Malware payload (RedLineStealer)", "value": "64aeba86eec3c360396b498fc07bf1e4a272b3f2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610149, "uuid": "3eb0290f-d28e-46dd-92b0-6677248c3397", "comment": "Malware payload (RedLineStealer)", "value": "afd78df885b12cfa963b89330521fd7c3f1a0b3f229af43f1440b0de180d7cd455f212e51f675f06253633749e62d869", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610149, "uuid": "fb146e35-c260-4439-89c4-e620cdf23c8d", "value": "T1203523431AE84873D8F12B7069F913831E31BDB19E784B5F2388D6895D616D2E83973E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610149, "uuid": "37368bdb-0354-4345-84e6-811f14f2991c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610149, "uuid": "e85b4659-1dfe-43f4-ad29-768cd576afc1", "value": "24576:0yxroW9WYY6lUmDrPamdE6IPAZc4dVPTDANw21xUl:DxB9FdlUmDraG//Zc0VrDANw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697610149, "uuid": "1993eb15-976e-4d3c-b0ef-b200d231dfcf", "value": 1099264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697610149, "uuid": "88c1c6b0-cf02-47d7-a733-79a19852b303", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610149, "uuid": "7c13f1fc-78f0-41ae-9116-9f341a60702d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d084c36f-6d4a-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697587858, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697587858, "uuid": "b4a660af-0d34-43a9-b06f-876282fde757", "comment": "Malware payload", "value": "8e51a7b836735e85a832b57507b6bcec", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697587858, "uuid": "a8eca6f2-dc78-4b31-8e51-d2817f4df47d", "comment": "Malware payload", "value": "d0b9301bf883988468e36ad7ca85069ec3b4f96946b9935a219af6020ae9062e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697587858, "uuid": "1a6f56b0-d0fa-4ed2-a0a2-d13bb3295acd", "comment": "Malware payload", "value": "c0416a9f727180daa333649aa579e3abda685de3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697587858, "uuid": "ae7620af-5147-4469-8535-eb819d903bdd", "comment": "Malware payload", "value": "1b3266defb0c79351844c51f97d1225e443373f52cf626458fef335f340ab85868798a2534892510ebd78fcefe5cac81", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697587858, "uuid": "bc280da7-94e7-4299-b1e4-731a27a4f832", "value": "T18FA59E1276D1C0B6C26F0331991EB36D76EDAD700D34419B76D4BE6E7EB08826A28773", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697587858, "uuid": "ef146f58-c0e9-48bd-926f-c48f95ed5b7c", "value": "f50cd1e0ac9da96d5d78fe67de0020cc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697587858, "uuid": "edb03845-a891-4d3b-bce4-07a7967c797e", "value": "49152:DJcSUd0Xzzaa6XFeMT4vogc2MQOZD0pXkEr3ybjvABUySwktRUeY1vJ8Cs:i0aaqFRTiJ6QaD0pUtRySnt+eY1v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697587858, "uuid": "99393ab5-7785-4aa2-9358-29703f0a667b", "value": 2116096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697587858, "uuid": "664b976c-8228-40b1-913e-175021175d13", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697587858, "uuid": "b32845d2-fa99-4b64-90a8-0f03f584fe5f", "value": "c0f6908a6ff436f2e07f5cbcaa6de35e36ba2829692c65be6f6380b6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f9b3808-6d7b-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697608795, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697608795, "uuid": "56e2215d-2376-4f45-86f1-af548dd13776", "comment": "Malware payload (RedLineStealer)", "value": "740bfc5d45eecb10279cfd6459b0def9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697608795, "uuid": "d3589d0e-3dc9-43f7-bfea-43e07a4910ed", "comment": "Malware payload (RedLineStealer)", "value": "d11428ed15b72d9f6445b9827dd8fab711a9c7365560399e6ddbe83915a0183e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697608795, "uuid": "93c8bb0e-60cd-4a0c-a566-4d2c82b69e85", "comment": "Malware payload (RedLineStealer)", "value": "88b640e23cfa6d80e2a42eaa008c5aa78ac4e064", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697608795, "uuid": "fbefce28-4f63-4969-b100-8ca3520151d9", "comment": "Malware payload (RedLineStealer)", "value": "45df745289ba7e7ee5efcd6fead7da340a5901dd11d25886b6985542f285121da69a5aa1cd177a29607fcb63367d2c16", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697608795, "uuid": "f11ef175-c6df-4771-a149-918502ed269c", "value": "T1E235235297E85137D4F5077088F607830B3ABCA19C3897BF6785A5860C329C8E576BBB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697608795, "uuid": "38873bc6-f54c-4ee0-b11b-dc454758db9d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697608795, "uuid": "f6091cc8-8eb4-48ca-929f-f1eabf8586d8", "value": "12288:dMrty90RseEzEkvJtpFVtPwUrU5eEhOf0Gho0gyPwstz3mGnJYioA/nn+kWxdqjn:oywrEdZtXbE4f60PPnZmG9/n+kCjHM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697608795, "uuid": "8ab93ff6-b1f1-4228-a76a-8cbe2a34617f", "value": 1097216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697608795, "uuid": "986702de-cca3-416d-aed5-40bd5c391737", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697608795, "uuid": "e3430d3f-f6f0-4154-9d00-8d30da56dfa2", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1903d8e1-6d85-11ee-8907-42010a9c0042", "comment": "Malware payload (DarkGate)", "timestamp": 1697612891, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612891, "uuid": "2c984578-b1c1-4a42-9435-8b30621a26b0", "comment": "Malware payload (DarkGate)", "value": "5d04f41fc9f1b6c802f6927e2fa12882", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612891, "uuid": "6a11bf8c-3540-4a9a-88b6-c32f65968360", "comment": "Malware payload (DarkGate)", "value": "d2dcaec93d82105a85aa59a8c4bc3fb68cd84eefd9bac9caec917a6554ef63fe", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612891, "uuid": "9eaf0865-bb8d-4829-b5d4-4923b2c0193d", "comment": "Malware payload (DarkGate)", "value": "d015e659770dce7cf6587856fc108c7d67fd8536", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612891, "uuid": "88aa9e4f-8f72-4a19-97ae-cb4f3a02f22c", "comment": "Malware payload (DarkGate)", "value": "396cb0838895b2670b83049baca343ba22ea5c9b6299d7ab9fa535aba77ca1877a9130e6322ba82314397aa2f236fc5e", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612891, "uuid": "193a8126-c6b3-4750-a5a7-1d56604068d5", "value": "T140446276B2232D2A475751A3662E0207713A251FAC04707E787DA6DD6FED84C207FBB8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612891, "uuid": "4c094752-3286-4b60-a19e-d600df835e81", "value": "1536:6AIMFFdYMxAcEQDFXiAIMFFdYMxAcEQDHAIMFFdYMxAcEQD7AIMFFdYMxAcEQDtp:6EY8BFXiEY8BHEY8B7EY8BREY8BM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697612891, "uuid": "4c0053fc-21f3-4406-a44d-eddc41840650", "value": 260285, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697612891, "uuid": "00189dbe-bf10-408d-93c0-b47018d53a39", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612891, "uuid": "1dc08865-d5ee-4ab0-81fe-e58804d0d72e", "value": "Navigating Future Changes 2023.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fa0eaa2b-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697596518, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596518, "uuid": "b4c0ddc4-6abe-486c-8ee3-7b6b351ddca8", "comment": "Malware payload", "value": "b45b23782bf54925e932ec9c9a59b962", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596518, "uuid": "11a91437-6ab1-4da6-9057-f3eb61ca87e1", "comment": "Malware payload", "value": "d3b19283934b81a4a30843c15fe98fc2e28493e0a60a2ae4d790a421a2e4a6c6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596518, "uuid": "e2869187-ae48-4178-a0d7-910cbc98c0b0", "comment": "Malware payload", "value": "9feb718b581f4a587b911df993dfea64b96453e2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596518, "uuid": "32798652-e0d9-46ab-80e8-76e2ccffd8b7", "comment": "Malware payload", "value": "2ac51e591b394a92d5b46b9e927193315649714dfd2df55bb02f2437342138e8f0df0daf76d9f61ab233dce0eb1d5530", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596518, "uuid": "a1c09568-bb9a-4c5c-a5e8-b7b8bf269bb3", "value": "T146966D42D3BF02DBD461A4F0329DB233A77596A403545BE7E88DEB4AF9602D4CC77682", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596518, "uuid": "f9922105-5871-4557-9758-e33af6df5966", "value": "24576:1L4ZVN0sfT5HBj1k2SPa1n1poKlyNTKWWZ8ChNSJUnTSXQ:1Lq0sdrz1n1blyBYNSmnTk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596518, "uuid": "25bd4460-2c87-447f-9d3d-4cce80dfad47", "value": 8810496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596518, "uuid": "31e09643-ec33-478b-8259-444d99921153", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596518, "uuid": "8cb49ff9-aa45-4679-af18-b6f35135c536", "value": "SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.30455.24528", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9642ea32-6dd2-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697646172, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646172, "uuid": "49a1dc5d-0485-42cf-b0fa-9da0805f8796", "comment": "Malware payload (Smoke Loader)", "value": "f9c6a6d743fe5aed835c98a1743cf132", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646172, "uuid": "2ef2744d-45cd-4391-b5cc-492a5e5a203a", "comment": "Malware payload (Smoke Loader)", "value": "d3bff8ee2566c13a391cec24be134d3d04ee65b87529e1c98caf93b5b559fce4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646172, "uuid": "d25c8c32-687b-4da7-85bc-8dba8961d6ab", "comment": "Malware payload (Smoke Loader)", "value": "46a76bc98c7a8e65508dc8945c43efeb64619246", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646172, "uuid": "f6a19b03-5249-4002-a57b-e17257dcaccc", "comment": "Malware payload (Smoke Loader)", "value": "0c163d2d46debe6e07a9d0065810bcd357691c0a2963436d135cff280324a54bafc626f4614e5a65ee1eea0b823a3b2a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646172, "uuid": "b6959e9b-c206-4b80-a1d3-041dd4637430", "value": "T150547D0363A1AC65E52A8B328D2ED1A4373EFC91DED5779A33646F2F08711A1C662713", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646172, "uuid": "b438b95c-acbc-4a47-8147-6895e7aa9e3c", "value": "3438886e6009a26e0534b002f5a2db0a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646172, "uuid": "634eeffe-b4f9-488d-a086-a42b03c886e9", "value": "3072:4l71R4KeMCxlZ34ePs49i2HuvfDPfNktrHUt1EsMk/aP:g4KeMCl34efyfDGtrHUNM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697646172, "uuid": "0b77d57c-67b3-4a99-8aea-3a10b1a4620c", "value": 301056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697646172, "uuid": "97e6f6e3-c816-4bd6-8135-d695f71559d3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646172, "uuid": "2d95ee97-fad6-4238-872a-11b68da9a77e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e0163ba-6dcc-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697643474, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643474, "uuid": "e655e466-c772-44f5-801d-e26527a47400", "comment": "Malware payload (Smoke Loader)", "value": "a1c2a53b0b4f7004c0ab4e7b71824cb1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643474, "uuid": "0c97feb5-7975-472e-8697-1a181352d8f9", "comment": "Malware payload (Smoke Loader)", "value": "d3ff42e30d8fab9324a80f08e50445a1fcf72fa2cfe410043785bf4ff4c637ae", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643474, "uuid": "8db65a0f-d740-4fb4-945f-16bc41429cfd", "comment": "Malware payload (Smoke Loader)", "value": "d7b35120e2211e5a5b695e51fea436f86bcc422b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643474, "uuid": "213006a9-6bc2-4fa2-bfe3-18664e8ba2e4", "comment": "Malware payload (Smoke Loader)", "value": "82faa468cf8fcfa07a3206b0e1c48d58884ea1cad4f0bdc1783b807e449dd08ed2909948529ced5a6cb224c358b08074", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643474, "uuid": "98993296-89cf-49dc-8c79-df70b03d5b00", "value": "T10544D0117AE0C436E0635A355830C69A2B77FCB3A87585CB37983E6EAE712C05B65F43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643474, "uuid": "aaec0c00-4b92-4434-93fb-aa5a3a2372ae", "value": "16611b6b96a67ea5066ae4525e5da85c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643474, "uuid": "53c488a0-77b9-4748-a269-9940627a1a87", "value": "3072:DDBN2CXyCVEGyG/Y5gfCfc2Wf2N//cLS3G9DsN96EpiTQdDB:hgeyCVKG/Y5gfCfc6KSEsN9JhH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697643474, "uuid": "16fcde36-8c69-4ddb-a9aa-5625ea5830f1", "value": 278528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697643474, "uuid": "af1a0820-e232-4071-a8ee-1d1bb8553eba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643474, "uuid": "ef06370a-0fef-4426-8001-878a042430c4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a1abbe5-6dcf-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697644756, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644756, "uuid": "1d8f6133-4821-4a87-afdd-d10fec32a08b", "comment": "Malware payload", "value": "2bd9cdc5791cc1999421dfd3aa695417", "object_relation": "md5", "Tag": [ { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644756, "uuid": "ab75d03a-41bd-4edb-90eb-d8353c3d0645", "comment": "Malware payload", "value": "d553f7bba5e6af2e2666aa79aac834b1b731b94efb2a2b9f7471ae540043ce44", "object_relation": "sha256", "Tag": [ { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644756, "uuid": "20bd877c-7795-4519-8e90-f3415c916220", "comment": "Malware payload", "value": "da76c87aad9a32771a6519ab20202e7ffd5a6281", "object_relation": "sha1", "Tag": [ { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644756, "uuid": "3f9d3a76-1e4e-4306-9498-fa500aae87ee", "comment": "Malware payload", "value": "b3a01b8902aac1a14c3a57ccf0e74fca5753f90b00c6364882920c57957a852fd72810f107a4acada92f67edb135f6ce", "object_relation": "sha3-384", "Tag": [ { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644756, "uuid": "f438c473-2011-4a84-8c7f-fa21c9a7ee49", "value": "T16DD3E11972B1E49BC28398BF0DCCD2FB1B097C95CD96C60B3280B79E1972187965773A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644756, "uuid": "84af946a-044e-4203-b6b0-1bd0ffdba9c2", "value": "3072:yjT48aswzcgBbqoJjT48kots+3ztA23JR+/Gfawk:iTgswzcOPxTSYF3ztAsJRsGfa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644756, "uuid": "32d47a2f-8d78-4886-bbb2-15dc74eb6dd0", "value": 141312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644756, "uuid": "9462839e-d253-461d-a108-9e98da2c456a", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644756, "uuid": "73156d1e-0dc7-4475-9f6f-99458daa7254", "value": "Documentos.xla", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7acf9dff-6db3-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1697632812, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697632812, "uuid": "f988a244-72b6-47a8-8bf3-2c21760451da", "comment": "Malware payload (Formbook)", "value": "77aa300f7678cf44ee7f0775b73d1fc4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697632812, "uuid": "485028df-66f6-40da-a8f6-4976b10c187b", "comment": "Malware payload (Formbook)", "value": "d566a5a84fd3148976960bd8b6c39f6a9dde3601b2f58ff81d743a9dba291249", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697632812, "uuid": "767e36b4-bcd6-4a4a-94e8-9c2c07a4ae21", "comment": "Malware payload (Formbook)", "value": "246758cb711efbc4c4f2907515358ee8782c65f0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697632812, "uuid": "aea1ad98-ed2a-4da8-ad04-5735e410a096", "comment": "Malware payload (Formbook)", "value": "32ba6df3be0ca2a0bf87ed0510fde5174ac345046faeb3b927d2a88dbd3a906dee9b9dd67ee389cc830ddb76d4b1db93", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697632812, "uuid": "37106b68-d875-472b-b230-19a9a4637044", "value": "T1D8841290FDAA8A62D89393310533F5921FB99C312694A3471384B96F7DF32D19A0B35F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697632812, "uuid": "1018b3fb-d83f-42f1-9560-0e5a0932b71b", "value": "f4639a0b3116c2cfc71144b88a929cfd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697632812, "uuid": "d564cc1b-e5de-462f-98bd-e6e4c3dcfad7", "value": "6144:xfL+oqPY2WFbg1WOPgjO5vK3nnThTn2B61PPA6zMhKBabRe/6GyBZ7UMyddkOY0C:xfLKYDFjOKIQx2BIA6pcwCGyBGdaQ8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697632812, "uuid": "5c5d2e83-8c1e-4005-b7fe-4767c1f32b63", "value": 390125, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697632812, "uuid": "2dae4c41-7730-4de6-af77-292bdefaf9d8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697632812, "uuid": "07efe248-1be1-4fc2-af41-1ba7f6445c6d", "value": "PMP-INS-93-2436-IN-1017.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7720c0c6-6dcb-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697643113, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643113, "uuid": "aaaf31a6-1e8e-4496-b44a-5d66c5b31000", "comment": "Malware payload (AgentTesla)", "value": "d82d9a9600755a1165b4679e529f08ba", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643113, "uuid": "56bb7ec0-4ced-4bdb-8b3e-28c237ea6602", "comment": "Malware payload (AgentTesla)", "value": "d572d76bc4cbc0096f999a10f7996efcb014e3e433b05a9a8a25a34acc280d1a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643113, "uuid": "1c28ed14-b863-4d6b-b557-280b889a337c", "comment": "Malware payload (AgentTesla)", "value": "bc44a68d215aa7c8c20051cb7d2c1f2506fb7f25", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643113, "uuid": "bb002c17-8f7e-4a65-8bbc-a28bddb29085", "comment": "Malware payload (AgentTesla)", "value": "2af4c7d3be89cc59e7da77997f7cb17c454fc6ee2e61db076664e5b0f21348fb287dbe03c9e46071c20ec7df6dc0aee6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643113, "uuid": "31b8456e-ebaa-4d4c-b5a7-399992402fe4", "value": "T19BE4012D63A82F2BE2B557FE0030154043F5191A5A34F3985ED294EF2CA2F19DF92E97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643113, "uuid": "5e9f6c54-95fc-4924-8273-bba8a810183e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643113, "uuid": "2a3af084-716d-4aae-bf54-7ce57d5b7a0d", "value": "12288:LJX9KLbX6KoX6hCwROMeHH+vERPQ0+0jpiwawOwT1vhfzNBwLxaGEs:LJtOS6hCvn+vEqSjpiwazwxvhfzNShE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697643113, "uuid": "b7a988ed-ebd8-4ae3-8355-d5b6093dfae9", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697643113, "uuid": "c67c5420-ed95-4b31-92d8-f83254f407db", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643113, "uuid": "17934396-4942-4784-90e3-ef46a0e2bcc7", "value": "Shipment Import Invoice & Clearance Documents.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95e3d9c7-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697645313, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645313, "uuid": "7488ecea-02f2-4ef8-bc1c-660bc75b0c87", "comment": "Malware payload (AgentTesla)", "value": "d5fabb8aaaa8fd784f53fa81b0614dfc", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645313, "uuid": "2db40fc9-31b1-41e2-b0d1-6c7d2aac9402", "comment": "Malware payload (AgentTesla)", "value": "d79a768e106b5c09d20e48704aeb15f5accea32c5e05d1693ff26f0d3a45374d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645313, "uuid": "c1e635c9-5178-4565-9576-62cb510215aa", "comment": "Malware payload (AgentTesla)", "value": "e4764b4109564bda22b270d77e4c2aceef5cd26d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645313, "uuid": "c5bd4352-de72-40e7-90fa-3c1d1c4a5e18", "comment": "Malware payload (AgentTesla)", "value": "995a950410f6365ad10375f7554246486285151117d9a14ef2042c59c38c27d3080c7ca9ddf937e7e5e0b427987061ff", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645313, "uuid": "12c68b86-1fdf-4018-aa72-db6ea22e1b00", "value": "T154257E3D19B9223BC1A9C6B9CFE5C827F004D8AF3411AD6598D797A64353A8735C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645313, "uuid": "eaf0dfc5-24f8-48bd-b6e5-e30044569f62", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645313, "uuid": "9061b733-59f3-4450-95d8-60a6e601e558", "value": "12288:+LA5EVE5vy/1gx1lKtw9ChUHUUiRmoQe+ss4cE5lqmArl/l0/JXGzw:TME5Wixv3cUHHAQea45lqx/OR20", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645313, "uuid": "c60f35a5-8d64-4c98-8dcc-ea02a9258c58", "value": 1001472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645313, "uuid": "210f7d6f-cfa4-4007-b5b4-7277d6a6ea1e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645313, "uuid": "cd44f928-b57c-43cb-9879-6fa04c6f8a5e", "value": "18.10.2023 Tarihli \u0130\u015flem Dekontu.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87548b5b-6d4b-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697588165, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697588165, "uuid": "696388d6-3d40-45f6-8eec-130c17278074", "comment": "Malware payload (RedLineStealer)", "value": "8391651c15b352427ff78bc4930a2dce", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697588165, "uuid": "9073f933-1a0e-4006-91b6-e97fe15acbff", "comment": "Malware payload (RedLineStealer)", "value": "d868f7812bbff2429a7c8be5c2c57cabbbb4e489d30f6e5526ab2f6eca1d5f02", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697588165, "uuid": "1381792b-7741-4755-a8f7-cd00098b6d8a", "comment": "Malware payload (RedLineStealer)", "value": "97663cd3f2c08c7d2a6119d324b0a9623290123a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697588165, "uuid": "901c7ba8-831b-4eb5-8ffd-cb685c1243e7", "comment": "Malware payload (RedLineStealer)", "value": "b63dbf9418dcb3a319811a1ec20e0011d26f810f3b3fe8be880cb8c1a7bf572b91556de58ae053611df1c687166bc4fb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697588165, "uuid": "1dc7c060-2541-4d38-8bbe-966fcbedf35f", "value": "T128352303A3E985B1DCB167B018F713931A31FC629E38476B3B9B954B1CB3680573676A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697588165, "uuid": "8b2fb811-c727-485d-9f56-25af2c36bc54", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697588165, "uuid": "f402bcf2-4644-4311-93ee-be899cb17561", "value": "24576:GyFV+VPabBEbIQcw0HrKdPKFY/5ysWWwst:VcPabMOrK5KahHH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697588165, "uuid": "b15ea029-35c3-40e7-9e7d-83d9945c8728", "value": 1097216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697588165, "uuid": "fdbaf857-78f9-44b5-8d25-4ebc4b3dfd8c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697588165, "uuid": "69850e89-2af3-4f1c-bce8-c67465920284", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e62f0e7-6d92-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697618617, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697618617, "uuid": "0437216b-0691-4930-a7c0-fe37365a771c", "comment": "Malware payload (Smoke Loader)", "value": "4319f53ecd019e664c77d47de86f3c06", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697618617, "uuid": "cf3714c4-7670-4272-b8ad-f206e61e7d93", "comment": "Malware payload (Smoke Loader)", "value": "d9863b00fa974650e4ca2cd97302833bd2f293da0ade3557177b05ab24c04ed1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697618617, "uuid": "aeda38ac-2dee-4ca4-9c2b-428c3eb72861", "comment": "Malware payload (Smoke Loader)", "value": "276d673ae70b49501ecf81c9c1bcc45638d3abc0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697618617, "uuid": "f481a5b6-6e8f-4f36-bfcc-b58bc3727943", "comment": "Malware payload (Smoke Loader)", "value": "4f1c82fb50e1c6efccf68e8c2ec949e2f043a2b27dd4b7278277bf8ccc4f60f52db0ff9ac685e186188c9f818046e906", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697618617, "uuid": "0b8eae45-33b4-4c85-aa94-fe51f519a30f", "value": "T1ED35231372D45432DCF1273419F613CA2A39BCB2AD28A72A3BC5E95A0D727C5E83535B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697618617, "uuid": "5c50df2b-fdab-428f-b8d7-00d663260bb6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697618617, "uuid": "96bc0f48-75b7-404a-9971-529d12b93fdb", "value": "24576:JyoWplQe5Iv6WmGQVZfSZtPoZ464eHTGEbJ/0DeZE1:8ooQeGSWYVSZJo2+GEbJ/N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697618617, "uuid": "aab3edca-8311-4d45-b155-5dfc965b54d6", "value": 1093120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697618617, "uuid": "940fc73f-238a-476c-90da-dcf699aa6c6c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697618617, "uuid": "7173dd28-6231-43c2-8d19-c367b9117142", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a3f8e78-6d80-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697610772, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610772, "uuid": "a610387f-473c-4d1d-96f3-0adc721a73a6", "comment": "Malware payload (AgentTesla)", "value": "4177d5cdfe9612c4a007f893af79650c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610772, "uuid": "73df3c99-8e26-4f39-af12-0b68b95b31a3", "comment": "Malware payload (AgentTesla)", "value": "d9ec62ac7b4bbb82bed90e2061362a28b2c9c03615d349fac22e83580ce7a3fc", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610772, "uuid": "9914e6ca-52ba-4959-9562-cce3d0da0418", "comment": "Malware payload (AgentTesla)", "value": "6613e2c5815e448cc433ba32e09eb0554deb4cbb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610772, "uuid": "6ebd6e68-11ef-4faa-b105-85695d785026", "comment": "Malware payload (AgentTesla)", "value": "fe6924b5b545b2e0e53df6b7e5854d0f79c6dcef60b86d824dc2c8cee824ce192cd4d4d67ca8b924dcf833764157c627", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610772, "uuid": "008ba925-e253-45a2-b412-0f8b09655c29", "value": "T19EE412A433A98B1EE47B57B68070F142C7FAB502AA72D1991DD008DE4E77B94C214FE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610772, "uuid": "53f1e394-24dd-4587-89e0-02ef95c08097", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610772, "uuid": "1f5a10c9-593a-4a13-871e-c01b05f969cf", "value": "12288:KzfqB6VksR5YCIYgKJKRwE7umbd5jeTBYJY56IfBrSctS6qpN:KT66RRFIdRdu+d5juYJYJJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697610772, "uuid": "20f5c5e4-5064-4587-8256-050e72836e3f", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697610772, "uuid": "ac9d0c85-f45a-456f-98e7-78b21dc209e7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610772, "uuid": "f7efa583-3710-4c67-941f-dd02366f3fe7", "value": "MV TBN - SHIP'S PARTICULARS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "728791db-6d5c-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697595432, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595432, "uuid": "14105147-5790-456a-8588-0762b1c41e70", "comment": "Malware payload (Gafgyt)", "value": "440f1122ced291006ffbadbf86ae2c62", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595432, "uuid": "dc53ae23-77aa-49fb-90f5-13264cef30f6", "comment": "Malware payload (Gafgyt)", "value": "da12a5609b8fe1b6e8fc790e56429589e0bdd69d6348186f3e2e60b0ed6ed9d7", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595432, "uuid": "2644593c-dcbd-4c6b-b610-a503bc54c4ea", "comment": "Malware payload (Gafgyt)", "value": "40436700b7f0c8717ae090122c8be1c7d7da382b", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697595432, "uuid": "6f54692b-6352-4d00-8f8f-f5ba05e52da2", "comment": "Malware payload (Gafgyt)", "value": "7faff6be62c23c928ec9bf68741d1d7fe77eb4486c68507990499694a2f829ab57ec753fc416835682fe006fdd20302d", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595432, "uuid": "411c2d31-84c1-47df-a75e-e5a80a128c2c", "value": "T1FE934B23B452C6B7C48787B51BCF9A15AC33B4BA0B72324673E87DA42F128D95D5AF40", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595432, "uuid": "f14dd688-96b6-4b9b-8e73-07b65b7783ea", "value": "1536:GI7i79zbP7Q46tEDn6Ja3kan7PdLc3OZ3a1WphTddddd5CRgm9HiVrHjDFZS5j:GuCXP8raDea3fTdLc+p+WphrjmFiVrHA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697595432, "uuid": "95b10de0-f472-4dfd-b3dd-ebdbe27e7ccb", "value": 97272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697595432, "uuid": "06221d17-0b71-4af1-a21b-c1ffd908e35c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697595432, "uuid": "704628f3-f143-4c87-8f2f-83f8082a0a78", "value": "Ayedz.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2be6a907-6d80-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697610775, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610775, "uuid": "cef21b3d-9e8d-4f83-81d9-e5fe27705179", "comment": "Malware payload (AgentTesla)", "value": "7defe0f0b55ab4d8159f557efb29add8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610775, "uuid": "2a7c5786-55b4-4dd1-9395-0bf9f7b7f700", "comment": "Malware payload (AgentTesla)", "value": "da82895e37da077e8ab192cb2a42e1502a88ef0299d3ffb1825af6dd2c096239", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610775, "uuid": "981d7f67-ee90-4801-91ca-21c6bf3b39f4", "comment": "Malware payload (AgentTesla)", "value": "dd492824c4be8b94e9a1a00b66c46fd914493ab6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610775, "uuid": "9ba2c583-89d1-4065-b6fd-00b27ca2f014", "comment": "Malware payload (AgentTesla)", "value": "cb494575c7d0155342344cc81db7a9275dfffb08c6f8e54fc06ab883ec8e53aa5ee345e606bd55e7209a14ff6c62b21d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610775, "uuid": "64f705ed-2a54-4de7-85c9-5e0250d4cd67", "value": "T1F1E412A133B89B2ED47A4FF78031E720C7F229179A39D6592DC418CD4B2BB118564FA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610775, "uuid": "e05a294e-080d-4ca3-9319-123b5d853757", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610775, "uuid": "35ebc122-521c-429d-ac9c-3b62acbcb00f", "value": "12288:bzfqB0ZUiRQjDi1oDjA3x8x9lksbTP2JjoK8NMMuRQrthL3H:bT6Cuiee8x9TPAjMCzib3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697610775, "uuid": "ed888da5-b0ac-4873-90f3-392fc0724eb6", "value": 671744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697610775, "uuid": "c31e394f-a305-4335-bd6b-40699d0db0b3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610775, "uuid": "e0742712-0a85-414e-86d6-15edd24693bd", "value": "Payment Confirnation_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b1b7ee7-6dee-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697658018, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697658018, "uuid": "88fb32c4-660b-4eb8-af81-5410f3fa3e2a", "comment": "Malware payload (LummaStealer)", "value": "b6cdbb2ca854c7fc842983e2c996fed7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697658018, "uuid": "7a232cdd-bb14-4844-919c-7c5274e09d00", "comment": "Malware payload (LummaStealer)", "value": "daa48cf972cd739ec12dedc7790e96cdbdbb3140e6154a5952b105549b01cb88", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697658018, "uuid": "498073c2-d9f1-44c9-8d56-3773c58e9beb", "comment": "Malware payload (LummaStealer)", "value": "fe55327572814af8e81faff4b4928a9d12011e7a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697658018, "uuid": "803f30de-eef5-4291-b4f8-4419186e41ee", "comment": "Malware payload (LummaStealer)", "value": "5b1f795f08aa2cd151493bf366202a6f8e28e6a478ff7b2cc19f8160e2b708ea7f4a7486d95df0c141764c498a743a39", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697658018, "uuid": "5da6afa2-88f3-498d-965d-5b519a354676", "value": "T150257D2138818135EEF710F647ECFA3A469DD1B0071A16DF16D85BEEE7206C27B32696", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697658018, "uuid": "f8a7718d-076a-4c86-8e1c-edaf4457745e", "value": "9b0aa150c770a62666d246af48611e04", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697658018, "uuid": "4c74dd93-bc47-40e4-8e37-df7400597c4d", "value": "12288:mB0NTIw5LJMRpznU+WeC9g1ixFxq/aifnjot9Pu7xbBlu5SQwyZyL9rB:meJMRpznU+Weqg5aifstgBbys9rB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697658018, "uuid": "56239ff7-e0ae-45fa-a124-86dc081b962a", "value": 989184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697658018, "uuid": "d20e4068-3d94-4cc1-b596-ddde81f68ee7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697658018, "uuid": "5dcff3d7-3029-4bf5-a3a6-278e988ad2a5", "value": "b6cdbb2ca854c7fc842983e2c996fed7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0761d76b-6dd1-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697645503, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645503, "uuid": "add7694f-aaf0-4bd0-8817-dc716619d4b0", "comment": "Malware payload (AgentTesla)", "value": "72772009608a899b1bd4f0da3450b70e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645503, "uuid": "27cccd69-3568-4b31-85e1-c96a69740c5e", "comment": "Malware payload (AgentTesla)", "value": "daf050ba6e318d8c8ff6733b838a7ae1007b66ccb467aaf0dfb9de81209c0d73", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645503, "uuid": "05ff54c0-e1ad-4589-b87a-b612b0d38ad2", "comment": "Malware payload (AgentTesla)", "value": "f3c107f1329425e469b3695064023bb7d84bba3f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645503, "uuid": "ca57bef0-94c1-4203-941b-82bd52888265", "comment": "Malware payload (AgentTesla)", "value": "7c746e92590f18f20767a34ce42cf01c86862a333f4d28d2d3bd373b3eabf67db930617df917f06a3ac3d86a7a230717", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645503, "uuid": "ed2f9c97-d97e-4e9f-b904-39b1137ba021", "value": "T10EE49D477630542EED00C639A4E6CD2082EBEE595BE1D10934C8B66D1BB67FE8F135C6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645503, "uuid": "dbc15340-0bf8-4fd5-90ec-95a289590247", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645503, "uuid": "5714e495-7c2f-4355-b64f-edc160f4e5ee", "value": "6144:XJgqQjT3YAcBBbVKchjESHIwWOy8ujmjhag096deDmnOGeaYI9F9JK:XyzcBDvoua/6de5GdYI9F9JK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645503, "uuid": "199ef56a-b3df-4c4a-8c69-334b45cbbe4b", "value": 721872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645503, "uuid": "e8cf0465-be8f-48fd-918d-7c075701b4a6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645503, "uuid": "cdfddbba-a399-47a4-b789-a3da4b2410f9", "value": "QUOTATION_OCTQTRFA00541\u00b7PDF.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d68dda4d-6dd0-11ee-8907-42010a9c0042", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697645421, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645421, "uuid": "8d64e8d1-c6b4-4844-98be-f1d7e6301e09", "comment": "Malware payload (SnakeKeylogger)", "value": "004667e1a9cb1ee8de89d34330a3d6df", "object_relation": "md5", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645421, "uuid": "35769f82-5f6b-4a73-af0f-c9bb39acb7dd", "comment": "Malware payload (SnakeKeylogger)", "value": "dc79a6058912f81a0b7f112dc83902fc482c9d7be12450c6911028ebd66a1bce", "object_relation": "sha256", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645421, "uuid": "f0ac2a92-9af7-4281-b1d7-a07c1634bac4", "comment": "Malware payload (SnakeKeylogger)", "value": "43563c2cc91b1070c064a7668e27dd9498a8954c", "object_relation": "sha1", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697645421, "uuid": "fcc45317-0217-47f8-8694-9cc8037c4a62", "comment": "Malware payload (SnakeKeylogger)", "value": "c8344fb6290b74c61c874354e67a2c1c2cd21ea1e954f67e9f5e348340d26f6c3beab022fe529676a17e621a75760e2e", "object_relation": "sha3-384", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645421, "uuid": "0c0a51f1-22f3-4c56-adfd-3f182ba386b5", "value": "T186143A322902FCD5EB7F1EE4605439921CA83C6BD7749158FDC80AAA78EA244DF19DF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645421, "uuid": "612c79f5-b76d-49c4-8590-704e445d18b6", "value": "3072:mPSEKR8itPqPiGjuyLAfOjRBM/JgQMHMJJActNlXrX:mP/KR8SZggG/SJgdOJ/Nh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697645421, "uuid": "351de0d8-bd76-4aca-9486-dacf2db3a671", "value": 193835, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697645421, "uuid": "438ba807-726d-4c94-a71a-f85f22e1bab6", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697645421, "uuid": "073181c0-6cce-4a42-ad44-c9ef86a18bcf", "value": "Img-scan161023.lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de51124d-6dce-11ee-8907-42010a9c0042", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1697644575, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644575, "uuid": "b5246600-5b53-4da2-8649-96722f80f2b8", "comment": "Malware payload (AveMariaRAT)", "value": "e06400b7d89f642a4f244b610a431483", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644575, "uuid": "7690380a-821b-44c4-abcf-a500346800bf", "comment": "Malware payload (AveMariaRAT)", "value": "de7e963004d7af7e85884bff9483fed1b0d0249bf56ff08019b9df9b02356e17", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644575, "uuid": "dd6c5f88-d548-485c-9646-f4fca6e4a274", "comment": "Malware payload (AveMariaRAT)", "value": "902d06b472f66ec64eec2c23befd001f7ab42e7b", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644575, "uuid": "e5ef8c26-f9aa-4dd6-b8f9-54fdd35f0265", "comment": "Malware payload (AveMariaRAT)", "value": "903446d8b7c0fc978f77876a3fc27560c568fac2b12f130eeeed84bfad573822b199afa488ed9ae845088e7c451cdf5f", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644575, "uuid": "aa930ba1-9e3a-4fe5-93d4-46ef5586e996", "value": "T1BB74AF417AD1C433C8A3213581D7E7BA8A3E3A110B5D9ADF43A60FBE4E383D1E663565", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644575, "uuid": "a60262dd-7b04-426d-ad62-48be0d7acba2", "value": "e6c8a6ac2c39bf589d2a9a54b0ca583e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644575, "uuid": "bb4a84cc-b9f4-4ac0-87bb-76ece7ce4685", "value": "6144:NOOSyJYoczPdxMMU/E/58pMcAOlmeBSoIJ/4+jhXL:N7hOPdxt7MhSnv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644575, "uuid": "318909ac-195c-48f7-850a-e1cb6d73563b", "value": 369152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644575, "uuid": "a8e901a3-59ee-40b1-b5e2-8f0ebd42aeac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644575, "uuid": "e7ec1fdf-bb1b-461b-b358-f87c488ae209", "value": "e06400b7d89f642a4f244b610a431483.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd25287e-6d69-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697601248, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697601248, "uuid": "fe3693f6-e68f-4225-a94c-311a8640a7cc", "comment": "Malware payload (AgentTesla)", "value": "d08792fa3031b847d0fd6bd56d10ee93", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697601248, "uuid": "068c64bc-ba04-4900-8980-8d4ca152467b", "comment": "Malware payload (AgentTesla)", "value": "df239887fc79b6383173c139c8b15dc8279eb9a78e2f526646e45c14ff888b33", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697601248, "uuid": "de06371a-25b3-412a-8f5c-e0f0749baad3", "comment": "Malware payload (AgentTesla)", "value": "b110a23993d0dbf65a886260e3b470d9862d7cf2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697601248, "uuid": "b3fe685d-1e89-45c0-8148-50e7fbd71d62", "comment": "Malware payload (AgentTesla)", "value": "4a2628d04c4ff004d37aaf0bcd50cc52069d89b023667ed4d1597c1deaae8b83076fea9685d1cece6827dfbc632fb9e8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697601248, "uuid": "2ac9e26d-6a6e-4f90-a657-4c758b60979d", "value": "T1ACE4224572BDD723E66A93FF5D3060206BFA7623A5ABC7C84F5A31CB491E7408928353", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697601248, "uuid": "5d16c6d5-0ae4-46a5-82d5-f76e9c0da225", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697601248, "uuid": "dad2a1e3-d6f1-4bdf-b9f3-d5c557263b53", "value": "12288:CBLXmsrJM1ankBHxbAtcEI/vbWyF+EWnuCJDKCvofXnKla/oTGzCS:SLWiMTlAyXOhQUR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697601248, "uuid": "794b6cc1-75eb-4c10-aeb6-76274ea71a8b", "value": 662528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697601248, "uuid": "fc53d1ae-b13a-4f9a-afff-615c9869fc16", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697601248, "uuid": "1e448b1d-ac95-4e63-85e8-8082fb53808f", "value": "d08792fa3031b847d0fd6bd56d10ee93", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "faf6ace8-6df0-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697659226, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697659226, "uuid": "05decb46-7be8-484f-b8b7-41ef0a5d3b35", "comment": "Malware payload (LummaStealer)", "value": "2c1d44e8ad9067e940192daad5d2f936", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697659226, "uuid": "82370f24-aeab-4989-9bd7-0eb3dd6a968c", "comment": "Malware payload (LummaStealer)", "value": "dfa0d9ce256f9eaa029de86119dd0ba890f8614e179fa2ec0644aff18cc0701e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697659226, "uuid": "64d7ff72-9800-43ce-8f49-217de2168dfd", "comment": "Malware payload (LummaStealer)", "value": "4b71fafbff6109f57a7a42347d9707a98f777369", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697659226, "uuid": "7c8bb04e-e3ff-459c-83c1-5e8d753c91c7", "comment": "Malware payload (LummaStealer)", "value": "583ff18f4157b556d178725c4b87a724e8289ee0ded587588f2c17157f039a5d530583330ea6ce558c122ab8ed5d7b32", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697659226, "uuid": "a14f6e28-4093-4626-8332-6bb8a19052ac", "value": "T111E3AE11B5C1C872D57318310D70EAB18A7EF9300F54AEAF23B81A7A5F646C19939E7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697659226, "uuid": "bef9d73d-bd2c-43fa-9d3d-f29556e8a12b", "value": "28c7c58d6ab216358623ab8e3b898f92", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697659226, "uuid": "c8165bd1-9f3d-404b-bd68-1d76b73f6373", "value": "3072:aM7nJUcNtd2e3bfk3W5iOMVGDTZNcgujzYQRv2Ra+AN5bCjjMrbQI8TJn:LZEe3bpi5aaYNA11y4PQI8TJn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697659226, "uuid": "ce44cfdf-6e7e-4126-a0fc-851e872eda89", "value": 148992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697659226, "uuid": "2142ac94-186d-41ec-b99e-dc262eb41f61", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697659226, "uuid": "badee395-4d3b-487c-bcb1-3b2a40a4a1a2", "value": "2C1D44E8AD9067E940192DAAD5D2F936.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ad0cb08-6dd8-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697648542, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648542, "uuid": "8317d5a6-0518-4897-aa89-95a8ae1368ec", "comment": "Malware payload", "value": "47df4a5b54308e693f2e6550d29a979d", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648542, "uuid": "007ba286-6f43-484f-b15e-b4fd42d78218", "comment": "Malware payload", "value": "e10ef1f9e740bcec7d7a7649cd0a7bd93302252cbbefd07122e556888bbcadbf", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648542, "uuid": "10977920-bfd9-4e18-a949-a480405fd4a7", "comment": "Malware payload", "value": "395d6ef6f803f2683fc6c638496d0f2769431663", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648542, "uuid": "cce5e592-d343-4a72-b8d7-49f659d545d2", "comment": "Malware payload", "value": "be27ccf619ee216970e795c9f07712a2c1d07eebbe14abb89b00412679fbd78be5643570ebbbacfecca5dada28c90498", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648542, "uuid": "f92e5638-5c53-49d8-a231-fbd748271d57", "value": "T1EB35DD3439797C2043DBDA1334F14BA65CD9168FD5703A3B199AD423AA386C265B22FF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648542, "uuid": "e2559c64-e074-449f-a28f-ebdec0dac712", "value": "1536:05X2FbOC40SBcpgRS1BQZ4SkfPPxT46cJLIm+lIWFoP3Q2oPq61NWcVBrVG/F5z9:05X6bdUogRSTQZ4RfHlhO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697648542, "uuid": "437354e1-57f7-4f7c-85e2-216ebeb2038d", "value": 1151942, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697648542, "uuid": "5a6ed07b-f87e-49c6-bdf1-f7ad211feb45", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648542, "uuid": "49baac8f-65df-468d-b067-d5cad5f1a937", "value": "Source.hta", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42886c5b-6dcf-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697644743, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644743, "uuid": "dff84266-d0df-44ce-8266-f294a1339c0c", "comment": "Malware payload (AgentTesla)", "value": "3a2fe2aa681adcaba9ee7bd90e595943", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644743, "uuid": "237473b6-b8e5-4247-a995-83097bbceb3e", "comment": "Malware payload (AgentTesla)", "value": "e11267997a1f7dc89e641638c9fdab1ca22cfc2a44f4d057adaab016c5641638", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644743, "uuid": "7dec66e4-b92f-420a-aee0-3eb0532d9506", "comment": "Malware payload (AgentTesla)", "value": "29a9057171ab37b738a34abd2d9414e994e7c0f7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644743, "uuid": "e3c7314d-c3df-4e50-9933-338196ce6121", "comment": "Malware payload (AgentTesla)", "value": "ef7599c2958686babba26f8c788954d31f4bbe5065100b7333f672f72653c635d7c390fc07e8a089ba9bdf4a80697ee8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644743, "uuid": "380c38d0-812b-4428-a032-3514d9dff2ab", "value": "T10B45D003E940CB83D41D83F56E930EEA1F1ABF15E9926ACB11567F4F3A70762095B21E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644743, "uuid": "87d30607-d7dd-4f62-af1c-c4151dbcd090", "value": "24576:1ZyWw6VY3bVGfgZyHw6VJ3bVo0lf9BQeQ8ToRbpg38Qx:fi6VY3bVnf6VJ3bVpgebTypAz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644743, "uuid": "48026d50-2554-4151-9218-adc942b905ee", "value": 1173504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644743, "uuid": "67edb7fc-aa93-4600-adf6-17d8eb60f856", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644743, "uuid": "30ef8c39-ea77-457d-9129-52302c6ff09f", "value": "PACKING LIST-#-COMMERCIAL INVOICE-E2023-002.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09bec6e0-6d7d-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697609429, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697609429, "uuid": "a605365e-b561-4863-82cc-de3368df0a29", "comment": "Malware payload (Amadey)", "value": "3c25087d3e07d44e2b10100481edd6f8", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697609429, "uuid": "d93f80df-1d98-40e4-b818-8870967c0f3f", "comment": "Malware payload (Amadey)", "value": "e22bfd5f9f7790e34c6e3efa9262e549d6fef09678f4020fa82d4738edc1630d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697609429, "uuid": "480309b3-eec1-4521-a318-01d056b179c0", "comment": "Malware payload (Amadey)", "value": "d285b07801e57acbeda5be82ab1b085869eefc48", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697609429, "uuid": "f72ac8d3-e347-4aab-a42a-afd839cf0c65", "comment": "Malware payload (Amadey)", "value": "498bb66b7a32de4c8e1f7af4ae3c9d7c5b99c6d1b06cabebc5db617a963cb7638259e48c5dbbdea39da5cb20e6228a6f", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697609429, "uuid": "faba5c35-b7df-4549-8c38-927b49f4222d", "value": "T1E8352357B7E84922D9F1273148F353831A36BDA39978836F5391D95F0C33689A035B3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697609429, "uuid": "bb4d8dc0-a191-4f4f-8ee5-6b9df8b36d56", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697609429, "uuid": "81b156c5-c0cb-4a85-8ff0-46514c83c8d6", "value": "24576:YyhMTeKm3kc+4/FroEdPVg233mIBzmifmUEz+x:fijOku/FB5VhnzBzmif3Ez", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697609429, "uuid": "7222abbf-09d7-406d-917a-df68596472aa", "value": 1096704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697609429, "uuid": "87deccac-2d93-411f-8e93-a9765caee2df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697609429, "uuid": "d00f4749-eb19-4a10-b055-14d1f3cd33cc", "value": "3c25087d3e07d44e2b10100481edd6f8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5daa0820-6d9e-11ee-8907-42010a9c0042", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697623743, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623743, "uuid": "12d33444-db22-4084-b3bc-ec179e30993b", "comment": "Malware payload (SnakeKeylogger)", "value": "26da835f1bc9b3389a2f21460a923da4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623743, "uuid": "0569f814-30e0-40c6-a69a-eefa4fd4d06e", "comment": "Malware payload (SnakeKeylogger)", "value": "e3a38aeddcd6a3526af9adc0778d9c329cacbd2792969ca56556634609170207", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623743, "uuid": "6c7da6a7-3b01-43b4-bb3f-84962966be68", "comment": "Malware payload (SnakeKeylogger)", "value": "160ad3ca38776ebbf41324305ea4aa38a52f7147", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623743, "uuid": "3e7a2035-da4b-42bd-80c7-46010d23f259", "comment": "Malware payload (SnakeKeylogger)", "value": "c573f7bc47870dc727c8131c77ce5e618a71d7222eb68e837f8edea1802ba405e50b3e8073dfdd2284a2910096145a5f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623743, "uuid": "418a0a1d-5005-4cd1-be5d-9943eaccef17", "value": "T169053B3D19BD223BC1A9C2B9CFE5D827F000D86F3461AD6598D767A64357A8634C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623743, "uuid": "b5a5f1b9-4e43-4b08-866d-221d520e8e99", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623743, "uuid": "c5e393ea-1d91-49e8-8c41-85eed4a96706", "value": "12288:VY2fYXXL4VLICxUUINZQlXOxMV04WLSqS/Qrcpr:3jxUUIXQIxI97tJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697623743, "uuid": "2dbc574d-8dac-4f8a-a2c8-737170ae80b8", "value": 873984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697623743, "uuid": "4c0e17a3-218f-4e69-9402-c7c2b39c7c1f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623743, "uuid": "6c016c06-9c10-4c81-92cf-384f56e17fa0", "value": "08A347B6-6FB3-4B5E-9A49-9EC1E49DF8F1.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0a49c50-6dd3-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697646753, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646753, "uuid": "f57906b2-8885-4e12-babe-05b4d668d452", "comment": "Malware payload (RedLineStealer)", "value": "25813f360f547bff729222f12f229e12", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646753, "uuid": "ae4878b2-733c-41ae-bf7a-295f6c93cfc7", "comment": "Malware payload (RedLineStealer)", "value": "e45b3ee9e98fbf06f2738e3a0d4b584079907274dec7df8b5062799da8487546", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646753, "uuid": "b51c7a95-54ba-41e0-bd7c-a52db369bb3b", "comment": "Malware payload (RedLineStealer)", "value": "4d4a8af539a6e7c7e48b464622d45e7eda038c88", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697646753, "uuid": "95cb2a14-6a36-4805-b99f-07f114bc62b9", "comment": "Malware payload (RedLineStealer)", "value": "929b406666589f23598a24179cf7a9988e7025c76ef9c962658aaf141e8e308c528a6318a7787600c54c7ab98322c0c1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646753, "uuid": "368bae6b-e873-422f-8d20-290906efab54", "value": "T133152313A7E45176DCF2A77108F603974B367CA14C34DB5727469A6E0CB29A4A83333B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646753, "uuid": "747a49e1-483b-4007-95a1-c740bcf04dfa", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646753, "uuid": "7e209c89-b0ba-4b37-8113-cc9163c031c7", "value": "24576:zyJMBkBn2IPoYZJb5avygZEabzUgmUHz04y3Q4hOV:GJMwn2FkWK8EaU3W046dh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697646753, "uuid": "a1e63f12-4231-46ef-9a04-9727c6194e79", "value": 895488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697646753, "uuid": "2b67a9b5-65f8-475c-88e7-b1a6c84c34f1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697646753, "uuid": "da41cc8f-8abe-4f61-8677-aa1eca7652ce", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab1d2803-6de4-11ee-8907-42010a9c0042", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1697653938, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697653938, "uuid": "ea17aa68-c145-4517-b3c0-f20b708f92ee", "comment": "Malware payload (ArkeiStealer)", "value": "7d1de0f4457203dbaaadebcbe0b59304", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697653938, "uuid": "935af9e7-81a5-43e0-8c58-a32daad01224", "comment": "Malware payload (ArkeiStealer)", "value": "e45e33544c974aca1b6ab540f49ee7989d73a632778fbe1f5dedef0c49d6878e", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697653938, "uuid": "a5a41a64-5780-48de-b4c5-092d4756fe54", "comment": "Malware payload (ArkeiStealer)", "value": "49aa5297ff5dad0cfaf2e1b7bb5208753e1bd104", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697653938, "uuid": "1778658e-c896-49a3-a841-c2dbb395857a", "comment": "Malware payload (ArkeiStealer)", "value": "b364b0bc7dc38bdaa9cf5183bcd8bb6a38f3202584a6425e7fbe00bb1490d75b8bdab869822f8566b0a9ad8089fd9947", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697653938, "uuid": "33899823-2963-485a-acc3-2d53bff63ce2", "value": "T17284F121F690D072CAB76970A4B0C9A22D73BD365974508F2798193C4F707E2BBBA317", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697653938, "uuid": "76f2eba9-326c-4715-b683-48ca1557ff9c", "value": "a688f4ff89153401d76c899e5ed593af", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697653938, "uuid": "3371a661-0762-4b15-b603-7455957fb493", "value": "6144:zpLXljxiQa4eEsejLBxjXFanz7c2jWHZcEHlcexxXkh0P6g0piM:VL9xi4eZIB5gI5cOhxxXkh0L0UM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697653938, "uuid": "819ebb3f-6fcc-48b2-b506-c0713a64dc4c", "value": 394496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697653938, "uuid": "2f695a9a-2c57-418c-b32d-959ef306a029", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697653938, "uuid": "c5dec852-4664-4e42-a31f-994125bbcb4f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f78b860-6dd7-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1697648147, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648147, "uuid": "d090c719-7450-4bcc-b8a2-ff9a0aa5d87b", "comment": "Malware payload (Stealc)", "value": "c1d8b5abc9b374efd41ce7b38f2ccb74", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648147, "uuid": "ec8f189a-fb0d-44d3-85d2-3b723f879a82", "comment": "Malware payload (Stealc)", "value": "e464434d9d2ddb77617855e55b691b402396f140522c11e1f24cad53f22e11cc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648147, "uuid": "93bf50fd-a0f5-4fcc-9ad7-687e8364c579", "comment": "Malware payload (Stealc)", "value": "a56ed2a9a980e7e9da8ef08af2480f9f3b00ac50", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648147, "uuid": "9b87ffd3-dd5f-42f2-b649-cf5406eaee16", "comment": "Malware payload (Stealc)", "value": "a32515d0a5e48a8ecdff831985d4daba96404a5658b683730bbb619e888a746aead977932fd1944f9a8653fc775e8f01", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648147, "uuid": "c3bc4547-8e8b-4030-a274-7d4ba89688e9", "value": "T1C944CF20B690D832E5A369354430C6552A37FCB2BAB985CF37843F3EAD312D15B66B47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648147, "uuid": "269f1a68-a53f-4481-81fc-c6e636a43b4b", "value": "16611b6b96a67ea5066ae4525e5da85c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648147, "uuid": "2e1098e2-d4df-4b39-a654-7eb297ba29ed", "value": "3072:xSDBNJkfypjt/GK6fDwATklWWWdjL90fCQGmHN5cjyQ3uaB:x+EypjJGK6fDwDoLiQy5cjyQ35", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697648147, "uuid": "c9a9ff5e-4ce8-4395-836e-1ea0a3d3be75", "value": 268288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697648147, "uuid": "822ed0b5-c40d-4cff-bea8-2564a6169bba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648147, "uuid": "03ee228b-52d9-42d3-bbb6-9d33264a01f6", "value": "c1d8b5abc9b374efd41ce7b38f2ccb74.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "614e4ef0-6d64-11ee-8907-42010a9c0042", "comment": "Malware payload (MarsStealer)", "timestamp": 1697598839, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598839, "uuid": "91a7ff83-aea5-4227-ad41-9d423ecc4045", "comment": "Malware payload (MarsStealer)", "value": "aa612a8294609836b715ff422ae53c88", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598839, "uuid": "ea20241e-3d03-45e0-b0ca-ac5abdde06e9", "comment": "Malware payload (MarsStealer)", "value": "e492e754d16513e79740513a765cee3f729f8bf27995905f58f73bd78d5d7ba7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598839, "uuid": "768bd4e4-94e1-4df4-aa7b-e08e28fe6003", "comment": "Malware payload (MarsStealer)", "value": "1c0d17516e241e8af260e426e0b857c40b156832", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697598839, "uuid": "6edba0eb-62d8-4a4e-8840-aec5a7f61c72", "comment": "Malware payload (MarsStealer)", "value": "2bb14056cf4d16608bed7051d4c485e08796ce26fc2c52bb67fe92c59e53785d3bec705746e0d67f538613568eed957b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598839, "uuid": "2861dd27-44cc-4753-ac96-d67d4961e804", "value": "T101443B1352E2BC55EA164B7ACE3FC6EC761DF551CE4ABB66221CAB3F14B0172D263210", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598839, "uuid": "096bc32f-2e86-4e78-a9da-2225bb7363cb", "value": "3aa2edb93873da388f3710ef0ad5dd79", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598839, "uuid": "892af36c-ff56-4c6a-aceb-3a8cdcf7f7ac", "value": "3072:k1pzMy96wtruqa+RPSim38lAcwloNqSQ+5AKtna9nfrWy:apzl5ruqa+RKF305BgrrX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697598839, "uuid": "ac510c30-148f-415d-b3b8-e0fa59b99541", "value": 275456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697598839, "uuid": "92152ac5-5adf-4639-bf75-6c7c00a5ca4a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697598839, "uuid": "734b7dc3-0820-4f7d-b01d-9a85ed236128", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f7928aa5-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697596514, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596514, "uuid": "78964265-0505-42e5-9cdd-a1619b25e649", "comment": "Malware payload", "value": "f2a870cc0aa2bf792cda15417627a015", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596514, "uuid": "4cd05e91-c530-486d-af71-3e7fdc198175", "comment": "Malware payload", "value": "e49f5d4a64665712eb8f9868ee753b19f2a1e44c78031de6345952d29ac9ebab", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596514, "uuid": "e62d5f3f-b8a7-4f27-916e-ce8e15a536ca", "comment": "Malware payload", "value": "e410aff7fd2a13e10831bf0adfa8e6a238f513bc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596514, "uuid": "1cc61c19-c9ab-46fc-92d4-d8db50c996c6", "comment": "Malware payload", "value": "8ae130180b89ad0edc55f196b6b6b465bf398f06ad22ef3e475f279ebf24e4b9a062d4c66484a46c0fc2c990a9a42fdc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596514, "uuid": "8c534cb8-ed3e-41d8-81f8-86a70e722c94", "value": "T156332A13F811C47AEA3B42B2061DEB305521D6AEE023C97297EBD4115EA6252FF5C33B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596514, "uuid": "8bdab48f-2c85-44c4-976a-3c544ad3e183", "value": "1040ffff1c63fe42b8e4ba146ed34297", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596514, "uuid": "a7215d4d-67c4-49d4-9bcd-2e9ae3b43e2e", "value": "768:TqIomfRhNl4twE+qM74lPs1wSfEPHIFs6cO8qWpxjW7twN0h8cvDfISDuO:TqIlhz4WbXEPH5qW2nh8K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596514, "uuid": "7ab8686f-3052-47bb-8ff3-ac350b30988d", "value": 53760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596514, "uuid": "ca4b1077-b74c-4c76-9bd4-8a6f8f649c5c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596514, "uuid": "acb5993d-a3ae-4d16-b1ea-4d8e7ecc9c12", "value": "SecuriteInfo.com.Worm.Small.19970.4171", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "041b5a78-6db9-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697635190, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635190, "uuid": "5e4ea307-c6a7-467f-b734-230268ab0c5c", "comment": "Malware payload (AgentTesla)", "value": "050408a7ec8e1c0ef8a7e417fbccc299", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635190, "uuid": "6371c9ac-108e-4b9f-a724-9aa420a6e565", "comment": "Malware payload (AgentTesla)", "value": "e6b6f23895185671a91e377fb4a48b3cd934092daf0409559e0f5c7f22949c5f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635190, "uuid": "e12f632a-5e0a-47ec-a3fe-31c60d777419", "comment": "Malware payload (AgentTesla)", "value": "4ff82f1b130eccacdc2aec9f1a2b7e33f13d2166", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697635190, "uuid": "9a525d44-aee1-4141-925c-6573cd4bc167", "comment": "Malware payload (AgentTesla)", "value": "e91a3bd6f091e6f44dcb205b04c970e53c3e6b321266d49ea312cc77c3836589e4b1d99a601522e59b835124bd3896ab", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635190, "uuid": "645c6743-896c-448f-944a-fa5fa8c74c9d", "value": "T1C035A13D19BD263BC1A9C6B9CFE5C823F004D8AF3421AD6598C797A64356E4635C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635190, "uuid": "228b6d78-e7b6-4853-a7f1-9b58af393b02", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635190, "uuid": "72981e36-83c2-4965-bf2b-083236e62661", "value": "24576:Wq4b2Kli5RMogF1BwzGv+awW65giIK/e:WzHoUySvUgiIie", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697635190, "uuid": "902628ed-8d62-451d-b3a2-252a87bb0c30", "value": 1110016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697635190, "uuid": "25233b55-14cf-45a1-812f-dba7886b42f2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697635190, "uuid": "32b2f95b-3fac-4565-b1ff-68ca21dba5a1", "value": "undergroundzx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fada90f4-6dbf-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697638180, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638180, "uuid": "62ac3d81-5396-4fd4-aef2-1a0df46c44ff", "comment": "Malware payload (Mirai)", "value": "bc696e1ab7cd2e85824aafb04b952e05", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638180, "uuid": "2327e39b-0862-4327-988e-68c09f8f5055", "comment": "Malware payload (Mirai)", "value": "e7b636f64f4909517475dfbd25cee564e7b89031fe650571942cf85e56bb3532", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638180, "uuid": "39585dbb-9efb-4232-9e12-567f9d0c3a07", "comment": "Malware payload (Mirai)", "value": "3480695cd1546b18e96ca34733980963655d8889", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638180, "uuid": "11a7e148-f5f8-41ef-84f2-4bb41c68092c", "comment": "Malware payload (Mirai)", "value": "9e3adce65046b1343859e8d01c9a7070b327c08d29a54e8d7b47d16470c1837d25c9e13da7c67d7ee4eb983ec87d6f1c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638180, "uuid": "901ee299-eab3-4d10-a613-be5087b1fe50", "value": "T139932986BC419A11C6C61677FE2F108E331257ECE2ED73138D245B707B8B91B0E6B95A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638180, "uuid": "2bd8eae0-649c-48c6-bd7e-9bd975012eb8", "value": "1536:XhnRcUWoXufJ4Au8YKzvk4J5zVMcOPaUl9aFmLbRMIiEg188Qxc/5SYG:EUW+lAuGhhMRS0awg188Qxc/E1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697638180, "uuid": "b6dcba6b-9260-4796-91ea-941162ccf7ab", "value": 95476, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697638180, "uuid": "999690b4-59ef-415b-8112-ed426a524e31", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638180, "uuid": "457d1b06-75c0-4cfa-8b79-87ec9beff275", "value": "bc696e1ab7cd2e85824aafb04b952e05", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c4ecb1bb-6d76-11ee-8907-42010a9c0042", "comment": "Malware payload (Gh0stRAT)", "timestamp": 1697606737, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606737, "uuid": "64338e90-a698-4e83-9398-8898c7356ad6", "comment": "Malware payload (Gh0stRAT)", "value": "2ce02849cdf1a8a03ad9d173cbc9eed7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606737, "uuid": "4a02c4e1-dba8-4062-bbcc-1713b388e89a", "comment": "Malware payload (Gh0stRAT)", "value": "e849725c5ee1b8b0e85f396531c06fb09d46576d1e8ada8e1c02dcb740b0b129", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606737, "uuid": "b98113df-576c-4b6b-95b1-6cec61304c23", "comment": "Malware payload (Gh0stRAT)", "value": "44df498c188171cf3a347460c108f8f1eb07c4f2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697606737, "uuid": "2db1e1a4-89bb-455b-be5b-c28ba18757df", "comment": "Malware payload (Gh0stRAT)", "value": "4ec2d0420900719b899d664df99c3205bf00a7211990f983c453be4f4f9860f81e4e9674931a00514d8f2fb27f6bde80", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606737, "uuid": "bcf46655-e3e8-4e82-a1ce-55c249805d57", "value": "T1062633282596C798CF8593B836F91CC6CD277BECE065A2178F4B9FD1533625E48F8A04", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606737, "uuid": "23a76a0b-95f5-4e91-b113-7e650e689275", "value": "575ea90c069471216fa3adaba586119e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606737, "uuid": "0cebbd90-51e5-4e15-9be5-87d6aba5c845", "value": "98304:roQmMSITPneWuF8VAkgPxTYvnYkZWjEqd6c+iml:kQmMJTPvCPxc/YknA6cml", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697606737, "uuid": "01f6be07-9731-4b40-a9ae-42ebc3d45793", "value": 4722982, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697606737, "uuid": "ec097ddc-9d12-46d9-8241-ffb48f394857", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697606737, "uuid": "5364a482-2436-44ca-bb2d-d3d47108149d", "value": "2CE02849CDF1A8A03AD9D173CBC9EED7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6f84230-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697596513, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596513, "uuid": "4b44f459-9a46-46e2-8ef6-f56e9492b23c", "comment": "Malware payload", "value": "c20bd09cd8af871179104616de758f38", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596513, "uuid": "7affb303-531a-4f9e-a265-ceda4c2dde41", "comment": "Malware payload", "value": "e88b6f57f30d93648363adf5bcac3998cd0b58e64ab9df24ac40246ca562cdf3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596513, "uuid": "50620a10-8a5d-493b-be26-222908cbdb55", "comment": "Malware payload", "value": "70ccc9aadc0f1dd0e35a66f08da83557b0a87e53", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596513, "uuid": "515d84c7-5f05-4f52-ba75-0da298dcc31a", "comment": "Malware payload", "value": "4262444ecbd6eafae2c07c3dea415c106f49e9b091abc8c6be269749c627e51e7570c566acbcc2d1a1646931804ac65e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596513, "uuid": "dd0073a6-1380-4157-96b2-7469d7008844", "value": "T153F12B93EDA288B6C55DC9BD5C498934E5322A317AE2E2D36FAF580DCC251804BFC712", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596513, "uuid": "8ce36dbb-869a-4cc3-ae5e-caa821e3b761", "value": "192:noxfRq8HebguuREnZXbzNbotbFtZKN8lryIle:w3HqsREnZX3Qt02g2e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596513, "uuid": "d48816bb-f40e-471d-9cd0-50cdbde5cc70", "value": 7786, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596513, "uuid": "a579f33f-d37d-4d1f-b7b3-46d4ad3d6d84", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596513, "uuid": "a5812b4a-0b15-418c-91e1-a1a231810216", "value": "SecuriteInfo.com.W32.Qhost.0CCA.tr.1201.29373", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60fdde54-6d9e-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1697623749, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623749, "uuid": "82e3c6ea-4b54-4706-b023-9e3d039915f2", "comment": "Malware payload (GuLoader)", "value": "b222ec9d71e1845f16439172858f6157", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623749, "uuid": "5d3098bf-a801-49d7-ad3e-0ad6b1524e80", "comment": "Malware payload (GuLoader)", "value": "e8b3e7e06a128ba49662757349cca00a6ffcc46146e978d467df2dfa159bf8be", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623749, "uuid": "02a38eab-7522-43af-b177-0d44f7246e25", "comment": "Malware payload (GuLoader)", "value": "c94373fa67e3d294072815b55b91d1c42e4bb684", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697623749, "uuid": "148bfc3a-0f96-402e-b5c2-3cd1c0d55d31", "comment": "Malware payload (GuLoader)", "value": "b13e0b40837a072e2bbb390760d75f97c5cc78bbb9c824c75e05a195364ef154b6db3aa23b0eb02faf5bb0bcdbba6759", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623749, "uuid": "7a0d3689-aeb7-4959-a9a8-34134133c02b", "value": "T1B81523744D67CF2F4FAE75BE8A27218DED14B5C0031C2CCE36141E2867A3196A1ED29E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623749, "uuid": "7c84bc5b-2229-40a9-b342-28aca75cca71", "value": "12288:eMh7Ftmh+KBYHfttzwR5m79YS0RZR37pLn+Sqkx09MvF96Z07hlJH2Il/JHr:eMh7zm0KAftFwRpfJ5BnF96sJFl/x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697623749, "uuid": "88987edc-edaf-45be-8817-cc0fb8a7c8f1", "value": 959668, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697623749, "uuid": "8acde274-1ba2-4721-9788-ae3ab1714bcd", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697623749, "uuid": "4d15a95f-8a0a-4915-8d86-eec2e969e044", "value": "Certificado- FNMT_1.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f3cd9e3-6d52-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697590970, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697590970, "uuid": "7a2990e4-eb4f-45a5-96be-7f20b6f1b447", "comment": "Malware payload (Smoke Loader)", "value": "39214588dc31d4253dc71ef656dd036a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697590970, "uuid": "db1136da-9db9-4a38-b36f-c7dd8fd47dae", "comment": "Malware payload (Smoke Loader)", "value": "e8dab83e0627637dc09938933500b00379e78a00038918bf47d7508246686bba", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697590970, "uuid": "88c2c042-28c1-474b-bf9f-39bb2c0b5a7e", "comment": "Malware payload (Smoke Loader)", "value": "f50ae1a5434777cca1bb12241a92acf1d5aac976", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697590970, "uuid": "c698ec4c-1251-4ae2-9f14-46bca748b11f", "comment": "Malware payload (Smoke Loader)", "value": "9712adf1293a4051711cbe28aaa383970c7e5fd97159b992f7f78911c7d36e29a489b94b0b6944994cdb76fbc70b1df0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697590970, "uuid": "2aab3a90-7e91-47b2-af13-acf49d74a29e", "value": "T19D3523935FE55867C87017701CF602831E31FD61EDB88BAB22A5F85B0473289757A36B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697590970, "uuid": "0b7f8667-ebba-4758-9f17-1eb436d30152", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697590970, "uuid": "d77f6229-7e85-4515-9281-2e45ed695031", "value": "24576:tyX8Q7dbfpDfeGjJhUfyFMPCyVbfCnaJEqToJyGIzZBDkF3:IsGdbFNjJhJSCUbCnBqcJyf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697590970, "uuid": "a3cf6195-4ec0-4bfd-a448-283943e9ee25", "value": 1098240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697590970, "uuid": "d08a831b-2a1e-4001-91e5-9dfc76366fba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697590970, "uuid": "9a069e94-6b3d-4c29-8c07-e2c4831ec8f9", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "082eed73-6de3-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1697653235, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697653235, "uuid": "471ac087-cad1-4172-a0e7-959125cffbd3", "comment": "Malware payload (GuLoader)", "value": "c49b60e0f009adbb49bdb941a0916c96", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697653235, "uuid": "24ff0e69-58a3-4ce5-9d4e-38f1cdf4cc5b", "comment": "Malware payload (GuLoader)", "value": "e98c2a23773c119832ed676f14fb6b76a50b357927f9e1659c75a0ced72ee9cd", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697653235, "uuid": "c7fb6732-9585-47bd-9e6d-cbbb5e9fe928", "comment": "Malware payload (GuLoader)", "value": "93595aa3544c414fdb77c780b3a3c0625482b054", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697653235, "uuid": "cd271134-e1cc-4410-bbb8-35e9320df8f2", "comment": "Malware payload (GuLoader)", "value": "d10b7648ae4f2218853e6f831f7398379f04aaed13f05c85e6032782f56fd6c6588c60ef91716bfb6a0a2168f08cb9c6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697653235, "uuid": "5f9bd8c7-97f9-4270-9ee6-32cfe797ad28", "value": "T17F2523473D018191ED7712719C2EC1A01F525E6EBC89C6CFA2D17A1C68F7EA346EB788", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697653235, "uuid": "1c25f1cd-dbe6-4c06-970c-78580a4a8778", "value": "6e7f9a29f2c85394521a08b9f31f6275", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697653235, "uuid": "a92056bc-690c-439c-aeed-3e602d705dbd", "value": "24576:FTqMPCpyLp0cnzhTRfX6ahX1DCb+H+JKjZMWSr:FTZPCAN0cnxRXhXNCqpVM5r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697653235, "uuid": "2a328a6f-e5e2-4586-b9cc-7cee22a41917", "value": 1047464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697653235, "uuid": "c51e33d8-d2cc-4aaf-a89e-65d6cd6781b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697653235, "uuid": "017a7286-57ae-405c-8310-f5d5710bd3d2", "value": "Certificado- FNMT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e18ed7f5-6dc8-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697642004, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642004, "uuid": "c05f03a5-9b58-4888-9a9f-09c23a93f763", "comment": "Malware payload (RedLineStealer)", "value": "9ed45bca6e32ee5d59063beed239c124", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642004, "uuid": "82381b98-378d-4634-b98f-6f85ba348bcd", "comment": "Malware payload (RedLineStealer)", "value": "e9d6ddaf1fb2b2ccffc9da08350fe052821b36211b8822b0e7c413638c1cbbbe", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642004, "uuid": "3cf9ea0e-d5b1-40a7-9c75-29702dd6c739", "comment": "Malware payload (RedLineStealer)", "value": "9460a73ee43284be570e9cb3ea4b0eed38c0d656", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697642004, "uuid": "eb0014d2-0bc9-400c-8a83-a6ad8983eb3f", "comment": "Malware payload (RedLineStealer)", "value": "971db52ca92b89c6b4b82eaca539be3f625b0ba37869b71d8c05c1a8176b16027f8f6f0018b269ac984b6164a80b0b5b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642004, "uuid": "6ae17ede-552a-4a93-ad0a-42a844f31f69", "value": "T100152207A7D850B3DCF12B7009FA03975B31BCB199B8936B5A554D8B4CB3690B634B2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642004, "uuid": "e2de20af-5b23-487c-be21-a4835da08caa", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642004, "uuid": "6631cb36-1b3c-43fd-ba84-f3c86357899b", "value": "24576:8yrcY0iUiwkVmxnZQStnGhjXpv1efLnkBkbPD:rrcIgkmGSVgjdgznkBkbP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697642004, "uuid": "227e2605-ab65-4533-8636-11f4b5c7dd2b", "value": 905728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697642004, "uuid": "06a31962-7aab-420f-a48d-564edbcd84e8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697642004, "uuid": "f389bd28-b6f1-47bc-8400-294cf94d77dc", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "612b01e8-6d55-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697592396, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697592396, "uuid": "14fd5f65-a070-4b8b-b135-554f90368e9d", "comment": "Malware payload (Smoke Loader)", "value": "9204f8c22eda8b99478482f01ef0a440", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697592396, "uuid": "92686da6-5fa3-4f01-9d34-ffbfcf9dc7b3", "comment": "Malware payload (Smoke Loader)", "value": "ea324a2f2037b226e5f1b59cdc2a75751d0ec1304c87ba0c867651ed4277cf60", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697592396, "uuid": "25d47c97-e6f7-49b8-9eaa-02a02d23e87b", "comment": "Malware payload (Smoke Loader)", "value": "69c928513620c13df66e0f0ba850ae0245851f55", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697592396, "uuid": "be43a3df-de04-489c-976b-4f2e3fca66bd", "comment": "Malware payload (Smoke Loader)", "value": "491093b7871e1c9d05143dd8116d8078e5567448a48fb6631cdcfe919617bf2bd331a5343a00b63e2e64e2c7156eb23f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697592396, "uuid": "7a9140a6-8126-491a-af4d-b8461620f278", "value": "T1FE35230177F85433C9F1677008FB03D31E3DBDE189B9D79A2796AC2958B1188A87936B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697592396, "uuid": "417f1d41-245d-4e74-bb18-99884408a12d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697592396, "uuid": "6751315d-5af2-4a46-adf4-0a61408d7f17", "value": "24576:8yPNJY+f19wbQ1DqALtPqxArQBFw8st3Ri9uasCJT5GdE:rPNJ9f1ac1rLJqCM7w8sxRhN65G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697592396, "uuid": "eac71fe9-208f-4ef1-a9f9-c1ec22ee73e0", "value": 1097216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697592396, "uuid": "121be88f-7900-4161-94c8-d0d7e6024f5c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697592396, "uuid": "d51122c2-69e7-4347-bfc3-7e2537ba44d3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd2bbd07-6dce-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697644627, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644627, "uuid": "21abceaa-48b8-426f-bbe3-b2bfd6b04702", "comment": "Malware payload", "value": "07669366f0bfd84eae09cfd03885605f", "object_relation": "md5", "Tag": [ { "name": "0bj3ctivity", "colour": "#C6102D", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644627, "uuid": "80107699-057c-43fb-a712-66bca33d7a4d", "comment": "Malware payload", "value": "ea901a2ff3f0fae90d2682bc8e47517008f8ac7500406bfe1453e6b5e7e270df", "object_relation": "sha256", "Tag": [ { "name": "0bj3ctivity", "colour": "#C6102D", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644627, "uuid": "5abf4d3b-cdf8-47bb-a1eb-fb4dd29d479c", "comment": "Malware payload", "value": "21bd49d4152c763b91603aafa5a365e9d56ee242", "object_relation": "sha1", "Tag": [ { "name": "0bj3ctivity", "colour": "#C6102D", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697644627, "uuid": "4e0fe34f-e6af-4b73-94e8-a3e715da5937", "comment": "Malware payload", "value": "0ba10c519ddaa588f5cedbecb2a388afa761c32c9235145466e05206d587ffc16b0e80a2601c7f58c2edf3b9d63b433c", "object_relation": "sha3-384", "Tag": [ { "name": "0bj3ctivity", "colour": "#C6102D", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644627, "uuid": "e057abaf-2b92-43a6-bdc7-976aaddbe405", "value": "T18584AE1036FFA4DCF273BB530BE9B6D98F6BFBB2161A915E1504030B8666D40CD96A31", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644627, "uuid": "19bbd9d0-de63-4fc5-b982-1c9ad238b899", "value": "1536:Eo9TKD0x56EgEoe0FdGTFdb6Rqr66dFgF4FdyJc:JngEo5gxRRr66dFLB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697644627, "uuid": "7a9f492c-5ee7-4eee-9db7-e320045ded69", "value": 392070, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697644627, "uuid": "ec43f001-5814-4e7c-b641-29fc10c3294e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697644627, "uuid": "4a259a25-9aaf-46df-a4bf-fb0560dd36f2", "value": "79.110.48.52.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "21e50231-6dd8-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697648554, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648554, "uuid": "bcdf0de1-485a-4ca0-9ce9-89d2c9aad910", "comment": "Malware payload", "value": "68d882119544d4bca5d03c88f3ae624c", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648554, "uuid": "110b4d5b-b80e-4296-be4b-47957e554046", "comment": "Malware payload", "value": "ebdf4965a47b5835eedee2c80f33b8d0c5174f07274d55644153b37723893af4", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648554, "uuid": "e8a3a809-e670-48f7-97ed-5e353355f347", "comment": "Malware payload", "value": "4b14f07262351e2995d77794d15b3e044f3436ca", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648554, "uuid": "70d0b7d9-895c-4006-8017-a59015b85442", "comment": "Malware payload", "value": "232c58d2f32f9f4004670a40e3d740e7e3b0b697ac6e257df0b31d26ee2b2a60d1a1b39a80389c1ba667b23a6844f3f4", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648554, "uuid": "8bffe2be-a34e-4ad4-9de5-582dff162a2a", "value": "T10F94BE22F2B1921EE5E28935DE6463F063B2A8133A22D35ADD44D5D9782D7D7CEC00E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648554, "uuid": "fa3e46fc-e1aa-4e87-b973-50afef396d67", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648554, "uuid": "1c651ae4-86fd-4ed7-be6a-c225d44c4ccc", "value": "12288:elUk9gjDntGmFh2nvPtbFE157elM4XuKX1R5PtsCN:EAj/0vTeelxX35PtL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697648554, "uuid": "a16c2f08-08a6-4afc-924c-5035aea061c4", "value": 412672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697648554, "uuid": "4e48935d-98a6-4968-8605-88c7c5d5e295", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648554, "uuid": "550029b1-8c22-4868-b444-8f22fa3a804b", "value": "XBL.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc829a7c-6d7f-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1697610615, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610615, "uuid": "266c3b74-4697-49f7-bfaf-d623bebfc30f", "comment": "Malware payload (Formbook)", "value": "5d7ba037af21afc33c5c830a64977b05", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610615, "uuid": "051bad62-a8d6-47f8-a2de-90e5c7e49cca", "comment": "Malware payload (Formbook)", "value": "ec6ee7d5f97f7e5e14602ffba790f130f500cf94fe4f1806ad98d453c5ac9f31", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610615, "uuid": "28a4d8cb-b80e-4fde-b063-9502d054fbe1", "comment": "Malware payload (Formbook)", "value": "bfe1e38e79ecee5cb3052eb8374ed4248bb71af2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610615, "uuid": "9917c7f3-609f-4e53-8edc-fdb498e29388", "comment": "Malware payload (Formbook)", "value": "ed33d9715f265aa5eb026e868f93bdba1062822290ca00655ee9b92693b89ee66646a182ee3002cd58825498f64edf2b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610615, "uuid": "733b141a-3381-4feb-a19d-109dcfe11fb0", "value": "T147256E3D19BD223BC1A5C2B9CFE5D827F000D86F3462AD6598D797A64357A8634C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610615, "uuid": "531397d8-937d-4555-8a44-d8926814c36c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610615, "uuid": "ba8708a9-24e2-42bc-a571-aa6da9f5a382", "value": "12288:G+Ihk4GrRqkwYZizBKQ/kr42dVyBgK0Qwg1X+aX0c+TRvHEMiF6:SmPqbfdX/2hyKQFtATfX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697610615, "uuid": "7f8d30c8-b160-446f-b838-313d9e07d776", "value": 982528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697610615, "uuid": "de50807b-6af5-4f94-99c6-f15cbc11c077", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610615, "uuid": "caf5d59d-4e24-48eb-84ee-903fd3ea6b4d", "value": "DHL Shipping Documents and Notification details.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff65f15d-6da4-11ee-8907-42010a9c0042", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1697626592, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697626592, "uuid": "dd873428-0250-424b-a940-59024aa3c576", "comment": "Malware payload (ArkeiStealer)", "value": "d1e40dfbae57e5f3205117f5c9d64a76", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697626592, "uuid": "bb159355-24ac-40c1-9e13-43a400771a8e", "comment": "Malware payload (ArkeiStealer)", "value": "ec7770a2cfa4cbffac72f98538eb541a67b18dc04658a3d6218a7a060ffed38d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697626592, "uuid": "18f435da-865f-4584-9829-89ceb59ac285", "comment": "Malware payload (ArkeiStealer)", "value": "2cce26d3fad51f0b836db6c9afafff6eac08a29b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697626592, "uuid": "14bc6f56-d19e-406e-ba5c-202d0232483a", "comment": "Malware payload (ArkeiStealer)", "value": "cd3fefc237cab611316e21190a356ab2c63a13957f78896444383ca2ddc3e238773a54e9c6c8558847661e0deab98277", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697626592, "uuid": "e6b34ef2-3ba7-4c54-87a0-35ae73183558", "value": "T157648E1AB384E436D65349359E59E3B35BBE7C712929D007FF8816EA7DF06C29A20307", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697626592, "uuid": "4d899133-55fc-41be-a340-ffdd49082bb8", "value": "62d315482935db63b6502d6a5f04722d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697626592, "uuid": "720adfce-694b-43da-887e-e0b8f26f66e8", "value": "6144:QUNdslLON1aPsi5chCRXmI4/LusZbXm+QRALNVJCofhOqUZaBMYUB:QxGwP/OWOxXm+4AdCo+oKxB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697626592, "uuid": "3de77ff8-e3c6-4742-b06a-7d25bf9ec9ed", "value": 324096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697626592, "uuid": "aa28b5fe-c423-4082-a362-da1b21b77e6f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697626592, "uuid": "0b8dce11-6262-483b-a258-9cb24be56394", "value": "d1e40dfbae57e5f3205117f5c9d64a76", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "589c5f1a-6d85-11ee-8907-42010a9c0042", "comment": "Malware payload (Gafgyt)", "timestamp": 1697612997, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612997, "uuid": "91009731-d20e-4954-99d1-ebd0fcb57d33", "comment": "Malware payload (Gafgyt)", "value": "cad94d2dda999106b720ed24073c87f4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612997, "uuid": "d4d02741-e901-4cd4-a389-765944d7a9b8", "comment": "Malware payload (Gafgyt)", "value": "ecc82ce3638f3009c102b4941d6b5660be10c583f7641d303fc5a01ce5b37a86", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612997, "uuid": "c9d95af0-5ccb-4d14-b2a3-7148f74e102b", "comment": "Malware payload (Gafgyt)", "value": "08fa3ada58a752534ef84d48dd24d52b34e8f05f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697612997, "uuid": "5444cdff-a1fd-43fe-8710-694e5fd28667", "comment": "Malware payload (Gafgyt)", "value": "cdc7fe5427991b9faa1797154b00cea540da96bf9472d75a301b6924763e8517ec9acee7522ccf06cbc5c1ac5c81f090", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612997, "uuid": "bddc7463-856f-4736-91e2-b7462d8c250e", "value": "T1A5730949E552C6F7C4821BB20297BAEE0766FD394E7A9E49F3083CF49B724D83919311", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612997, "uuid": "8914b3c8-d500-4d29-a89e-47460d77a752", "value": "1536:xEYv6uAYiPvoVjRWS7kJySRkLWFC/9hKt3iFCw2TVoZOLZ5:n67YiPvoVjRWS79SRhw/9hKt3Bw2J9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697612997, "uuid": "628aa813-a564-4872-ad78-40986634172c", "value": 75548, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697612997, "uuid": "4bdd77b1-217b-496b-af74-5d607b29ce1e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697612997, "uuid": "20c66c1c-de9f-4c12-9ab1-eb8401d02412", "value": "cad94d2dda999106b720ed24073c87f4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a722bb22-6d74-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697605828, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697605828, "uuid": "cb1c642c-ead5-41bb-8e72-ebf2326afba0", "comment": "Malware payload (LummaStealer)", "value": "4618231059dfa7daad6186aa11c74005", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697605828, "uuid": "a7b57844-0441-4938-abed-fb7cb1715303", "comment": "Malware payload (LummaStealer)", "value": "ed04a87226726f238d6c089c53427d03c2bcb7dbcb7601d3460ba8b33c13b66c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697605828, "uuid": "d0c179f5-046f-4f10-8f17-bef5f1d45530", "comment": "Malware payload (LummaStealer)", "value": "215a9566427228fbc10684f032a3ab665faafa87", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697605828, "uuid": "385f0d6e-12fa-4f1e-ab75-f8724ce213fe", "comment": "Malware payload (LummaStealer)", "value": "387d8f64842866ece450cdfe587a24f24683b0043de7ea68882837eea227dc855cfd7711bcc0b3ba254f2cd460c5def4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697605828, "uuid": "59198040-9410-45d8-ac83-cf2f80e13d5d", "value": "T1EB34AE0174D1C473D9B3253209E8EBB95A3EB8300BA599EF67E41F7E4F342C19631A66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697605828, "uuid": "8512ca91-3e7d-4bb7-aee7-8a94e6aa7c3e", "value": "e6c8a6ac2c39bf589d2a9a54b0ca583e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697605828, "uuid": "2dfa2821-60c5-412e-98d3-e6b3371611d1", "value": "3072:DhECUTEnUnWzBZJVrwc3qKSjxlnVcTGkRBiVvxOI+Qv2RRXmbteAg0Fuj+fKJ6hh:D2EUWFpqK4xUGk7avoQvCAOafs6D2kr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697605828, "uuid": "d4827ed4-04db-4b0f-95bb-4037f84515ec", "value": 252928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697605828, "uuid": "48338e33-dc93-481f-b2e1-01642caef3e8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697605828, "uuid": "7bf89331-13ac-460b-b615-8e0f51005d5f", "value": "4618231059dfa7daad6186aa11c74005.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c4877ae2-6db7-11ee-8907-42010a9c0042", "comment": "Malware payload (MarsStealer)", "timestamp": 1697634653, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697634653, "uuid": "39fafc86-991c-4bef-8784-9e38ff2a50fc", "comment": "Malware payload (MarsStealer)", "value": "ba7716a27eb9be7cd9231b67abcc3ff7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697634653, "uuid": "935470e7-8315-4fed-877a-635bdb258f21", "comment": "Malware payload (MarsStealer)", "value": "ed9d5c9235e713bbe697a37bfa7660f8cb72ab01c99b39bfc67e648961f059b8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697634653, "uuid": "70aaa190-2b2b-4fe8-8d4e-e3decd69543c", "comment": "Malware payload (MarsStealer)", "value": "afdaee2302dd83dfd21ed6c3f89f23117353b5d4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697634653, "uuid": "efb50e6e-52df-4fae-a5e1-6c88d3554073", "comment": "Malware payload (MarsStealer)", "value": "e47c5d2a0c4c7038362bbf8801d29109097e098314b4198017c747c97c9b19decc32936602505dbab06b630f1d7ab7a5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697634653, "uuid": "55509668-2594-4369-aa12-36b0c5b5e61e", "value": "T18954C021BBE1C432E5A31A355870C1651E37FCB2EA7945CB37A43E2EAE712C15B65B03", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697634653, "uuid": "01b28099-5c9a-4092-b3e0-301e21691857", "value": "44371442b035be4cbafff0985c627120", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697634653, "uuid": "187919eb-fbfc-4f1e-ba4c-ff9645173a92", "value": "3072:6DBNNq/LyvVEl0GXY88F58JJHaK91AigBHjEEJztz/iRJZ1kjT7kV:2nqTyvVXGXY88F58L5cdBHj3zUJZu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697634653, "uuid": "fbc7f3eb-bb89-4034-9cff-7c56479fbd89", "value": 279040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697634653, "uuid": "b0406f9b-ff5f-4e08-957e-e8b0cb110d4f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697634653, "uuid": "4757d5b2-822b-41e3-a3f2-9b61778f35cf", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7498059b-6d90-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697617769, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617769, "uuid": "c83aee34-d0b1-4d4c-a232-3f9dfd2d03bb", "comment": "Malware payload (AgentTesla)", "value": "a2adc0e8f68c3829e6ef779d361b6cbe", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617769, "uuid": "9f3df58e-c7e8-4e9c-8110-2c0850e42c3e", "comment": "Malware payload (AgentTesla)", "value": "f194c468d6650ca2579c1adfdb03ab2bfd5d0f6a0c324e97d5651e1514ea93b5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617769, "uuid": "def00f2a-18a8-495b-a16a-703f2cb4be1c", "comment": "Malware payload (AgentTesla)", "value": "4bd8f2d795bb445eb4e6c0aae7a15d5d7e421bb0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697617769, "uuid": "20cc772d-a8cd-45f1-b84c-5b3d44950015", "comment": "Malware payload (AgentTesla)", "value": "1b6ce07a426734a35c12a931df983cedd638c222a53ece5ac3c820bf5e17a246d04c64323a7f45213cfb2cc5285ba156", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617769, "uuid": "605ce787-13f7-471b-ae87-fedeb840de32", "value": "T122257E3D19BD223BC1A9C6B9CFE5C827F000D86F3521AD6598D797A64353A8635C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617769, "uuid": "067c80f7-d33f-43dc-866a-7f5bbb5aea4b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617769, "uuid": "c497a24e-7ca1-4b68-b445-7ed1aa13cd5a", "value": "12288:XVcDVm9p3ZEPejHVZnmUYMPheMJxkHHB2iEY6DwLJR1t/ouEw:4mn3GPS1JpYShFxkHh2vhDY/1ts", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697617769, "uuid": "2fd34c11-3342-4e69-b5a8-31484bbb13f6", "value": 989696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697617769, "uuid": "1d434df8-7d18-44ef-9251-216f67ce4774", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697617769, "uuid": "38b506be-4fc4-45d0-a970-ba0c6c524077", "value": "SecuriteInfo.com.Trojan.DownLoaderNET.710.30162.3936", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "441b07fe-6d6d-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697602655, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697602655, "uuid": "927652c9-0760-4f28-a48f-2ce89bfef33e", "comment": "Malware payload (Smoke Loader)", "value": "f7af559acb28a6f371c3edf2750d2432", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697602655, "uuid": "a82c29da-0fe2-41f6-9262-892d2b6c932b", "comment": "Malware payload (Smoke Loader)", "value": "f1adfc111c7f912630950c8c3321db0a54c7af6f4a67c0c317dc19f377398ae3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697602655, "uuid": "5094b032-5a1a-406f-b7b7-187ebf93aa5f", "comment": "Malware payload (Smoke Loader)", "value": "56c827976afdcaa50588d8d2a92b937bde9d2fea", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697602655, "uuid": "55ab91d1-70e1-455c-a4d0-2f8b84644150", "comment": "Malware payload (Smoke Loader)", "value": "a75b7f7d4595fe67faf0aef4f8f3f0bc1b7fb1672ca6373a806a3e5a81834f69d9a15a02f65ab5850219077405579cb9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697602655, "uuid": "3c25f6c8-0f78-4d42-8327-27d4a01376b8", "value": "T17F3523027BF85472C4B527304CFA07831F3ABD965D39932F2BA4BC9E05B2591A43976B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697602655, "uuid": "39d00573-c00c-48d0-860c-04eac6c98be9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697602655, "uuid": "642cd6d1-e096-4db6-a815-608bf24f3063", "value": "24576:cy6utdaKg98NBfydcXE7qjPI/qNCfXszNXk/64zcdsp0:L6uaPKOcGqzICYXshk/EM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697602655, "uuid": "0c462586-ab5f-4898-927b-e5bee707f03c", "value": 1093632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697602655, "uuid": "1b8a6446-824f-4d2b-8c1e-ddd6b38dbd0d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697602655, "uuid": "90d98411-8e4a-4742-8fb5-f3905271c27a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d656103-6d80-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697610777, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610777, "uuid": "3f47d59e-bbfe-4604-a30b-69b335fa0601", "comment": "Malware payload (AgentTesla)", "value": "94c19a35210d356074c3cfaa1ea92350", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610777, "uuid": "c9931af5-ee88-4d4e-b4ff-0a2dddde622b", "comment": "Malware payload (AgentTesla)", "value": "f1f7dcf88e6ca4fa8165311d3920015410923574ed2f84decec634adab432063", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610777, "uuid": "e4ecead5-d9ca-45e4-a980-ec5d3a566d52", "comment": "Malware payload (AgentTesla)", "value": "c0ee6ed414e3a3a3b6c02ebb73dfcb761e276b3f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610777, "uuid": "6e4fb56b-219e-4f8f-9e5c-60652a99d4ee", "comment": "Malware payload (AgentTesla)", "value": "a26986f0c654254971ea25442498f15e33b00c5c146130983d1be713ccc46c1ff0876ede54dd3530bb70c0c94260267c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610777, "uuid": "d8aed8b6-cc3e-4c36-8445-26ec7a190af4", "value": "T199D4125433A4CB2EC47E5FFA8122E650C7F5780A6A75C61A1DC114DE0A7BFE48924FA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610777, "uuid": "3758384a-07c8-49c6-943a-66cc71f700d8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610777, "uuid": "2fc67ef6-b34b-47d9-a734-0a46a3664371", "value": "12288:VzfqB+9TPTn4j+sBqGAbf54AZ+W0AouwDjPUM4JiCtg2q:VT6+FEqsBEN4K+WjwpIg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697610777, "uuid": "cfe04f3a-f1a8-49d2-84e5-120979c59ca9", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697610777, "uuid": "cd1604e6-5569-4bd6-adba-cebf38dcf1c4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610777, "uuid": "6ecc9cf1-ee44-4c14-ac53-65312171c05b", "value": "IMG.00HJEIY PRICE-QUOTE SSG 0874087.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "732d572d-6d77-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1697607029, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697607029, "uuid": "8f3c3413-b2dc-4a24-b277-152e33f2e42b", "comment": "Malware payload (LummaStealer)", "value": "8cc36ffb6e5e7842edea48cb7c18b777", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697607029, "uuid": "579afa8c-2f64-406a-90e9-d13b9109fd3a", "comment": "Malware payload (LummaStealer)", "value": "f38fbdbd43cf15158eefbbfdd197f66ccb775a5b7bdf3fe054505ce9762f230b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697607029, "uuid": "ca0fe267-8e65-435b-9950-8509e7cc3f8a", "comment": "Malware payload (LummaStealer)", "value": "e77987f80c8eed762d92e1f04ba68128b3ea8547", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697607029, "uuid": "8c5b89f1-71c7-47cd-af49-559e42513a9d", "comment": "Malware payload (LummaStealer)", "value": "911541864ed148a95e124c8b1626847248117e9e4833c0a5ff7876c4dc5ab770a865ce3229ab190bf6f31b28fe5c9aad", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697607029, "uuid": "add90bec-866c-4b4b-b174-fea7c45ba0b2", "value": "T1BC449E01B4D1C432DBB2253209E4DBB95A3EB9300B955AFF67E40B7E4F30AF19631A65", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697607029, "uuid": "49b26d19-1ec8-4ce3-93c0-f885cb0d746c", "value": "e6c8a6ac2c39bf589d2a9a54b0ca583e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697607029, "uuid": "4c99ae62-8e1d-4593-85e5-dedc476c5287", "value": "6144:GyWDbk0YCz29xyMUa0/JcpsrAOEK5jI9v/wptV:G9qw29xvITxtV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697607029, "uuid": "405299d8-d618-4c8f-b224-dce69829941a", "value": 255488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697607029, "uuid": "66699395-b1c8-433e-9348-d709cc142cf8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697607029, "uuid": "70d0a840-3adc-419c-b0fd-ab51c74d4de9", "value": "8cc36ffb6e5e7842edea48cb7c18b777.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ff404c5-6d70-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697604098, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604098, "uuid": "22394fe1-4fde-4df4-9469-dada071ed7f7", "comment": "Malware payload (Mirai)", "value": "318fd93ff62adc05e3fc841ebddddad6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604098, "uuid": "3430d746-6e87-4170-9e65-94713404c37a", "comment": "Malware payload (Mirai)", "value": "f41d598ef3efd887c92b560a1c1f60c3f93878fe8d0260f8dec9ea1e65a03ed6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604098, "uuid": "864cc830-cb89-4064-8468-1d1e1fca00bb", "comment": "Malware payload (Mirai)", "value": "f4c006ed23097f9022bffcd2d7c4698ddd008140", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697604098, "uuid": "13704b88-0e4b-44cf-b1fd-07f1d80ee7d8", "comment": "Malware payload (Mirai)", "value": "6ebef3e2203733d5b23e4812006a0673763945f98c6ef121106559962fa1b614308076074184ece3d42b61224a061ac8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604098, "uuid": "f0cd1280-d21d-43a7-a919-c07a1ac04b2d", "value": "T13A339DA6C4B9EDA8D1184A74BE258F789763F100C6632DFADA048B559043EFCF5993F0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604098, "uuid": "ac0e0c6c-b738-4387-bcc1-135612017236", "value": "1536:Ya3Fwt1i9ToZwKfs3VHPt/qKPEBnoCvB:YiF7K/f+VvbPEBno", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697604098, "uuid": "db793376-0fd6-4961-93fa-9ecd63e834ec", "value": 51520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697604098, "uuid": "eb93e15a-bdac-4fb8-917b-ad1fcacec5f5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697604098, "uuid": "425ffc29-3fdd-404f-ba89-9dd074d66106", "value": "318fd93ff62adc05e3fc841ebddddad6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e65fd211-6dbf-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697638146, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638146, "uuid": "53009b14-8050-4bb9-ba25-0976e0b9aab2", "comment": "Malware payload (Mirai)", "value": "aef93ee4a3e9ae2953d3b04c68f0017b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638146, "uuid": "3d2f23fd-926f-4e3e-b6c5-a06d2fa5de3a", "comment": "Malware payload (Mirai)", "value": "f4bd6968f9422eea727b31357b6328c371549d0daae30771f40c427f349134a9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638146, "uuid": "94c073e6-3c98-4da3-bf46-f79c5bfaf95a", "comment": "Malware payload (Mirai)", "value": "235b5f94777e8f30aa1e13c901ae790085b3a772", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638146, "uuid": "2a67dbfd-cd3c-4f73-94e9-c8dab454cdc8", "comment": "Malware payload (Mirai)", "value": "777b50132eb4d9559b727c7896f324a1440c5118e4a4b9043af539ba9ddc299b45ebda36fb93d38924e6ae2979efdd44", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638146, "uuid": "8ae00a9a-394e-4ac8-adde-c6dd17ae5e24", "value": "T12CB3C40ABF610FF7E8ABEC3745A92B05249D550B21A97B75B930D828F61B60F19D3C70", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638146, "uuid": "7e1ebec5-5b5c-4485-a25a-85b4ae577332", "value": "1536:g9DYWFx+xx+AaEPiJMR2jk2EkZ+BzYcjKoOvDBgplbngVZ14hvG:gqWFx+xUA0KR2hEkZ+BZpZK1+v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697638146, "uuid": "739b6fa0-0411-4f19-9fae-3f3d9783dc0f", "value": 108960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697638146, "uuid": "97e2ceba-31aa-4f3d-b714-4de8af976f11", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638146, "uuid": "b2cffcb5-d3f2-4d1b-94df-d84d443ce9b4", "value": "aef93ee4a3e9ae2953d3b04c68f0017b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "004144c5-6dbd-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697636901, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697636901, "uuid": "30c72cc4-6d57-4234-9b4d-a22ccf2f84a1", "comment": "Malware payload (RedLineStealer)", "value": "b0564cc3c8e40b671cadae38dfcf49c2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697636901, "uuid": "9cb38b5d-ccaf-4e5e-ab7e-429dade1d35a", "comment": "Malware payload (RedLineStealer)", "value": "f55b9f7a1011222ad2e7803993690520247b549ef8a27e7a3996a958c48fa21e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697636901, "uuid": "134aaa67-951f-478f-a5d0-bcb55daae9d0", "comment": "Malware payload (RedLineStealer)", "value": "5d8a66561689bb88915fba62010bb91e45901195", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697636901, "uuid": "01870354-c142-4526-8561-b9857e0fb803", "comment": "Malware payload (RedLineStealer)", "value": "369a04579694aed812656e9cfea08466cb0ca150651986e751cbba22984ac4007f9e169b89dd43e04d02f499494b01c1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697636901, "uuid": "aa081ac4-126b-42f3-925e-25bbc326db2e", "value": "T1CA2522A3BBD86072F5B913B009F313870A36BE916CB8934B76959E8E5C71750A13533B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697636901, "uuid": "e6ab9bc9-a026-4a32-b274-3c40975b4e10", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697636901, "uuid": "211e24f7-3a73-4413-a099-af69bddc1c4f", "value": "24576:QymzV1M/8PFTg0D9YsLRZUxu1ab91KFs/CW4Covh/kr8D1T8VhN5jV:XmzVK0Ppbt/1aDikCRCovhcYD1TqN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697636901, "uuid": "5e4cc1c9-b028-446e-87df-b6d4579eedf3", "value": 1000960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697636901, "uuid": "617f98e0-e03f-417a-af82-6322e3799b38", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697636901, "uuid": "c9849c0c-5d9f-4bc6-b964-801e224be0aa", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0485696e-6d80-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697610709, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610709, "uuid": "dbaf4710-0320-4ce9-87af-bc681efe4830", "comment": "Malware payload (AgentTesla)", "value": "7b81942ab5a31b4d4bf759e4cd17b230", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610709, "uuid": "60335d5b-5c58-475b-a26b-0be208e65870", "comment": "Malware payload (AgentTesla)", "value": "f566666ec884f4fb52f5167294dfce5402e8bb78ed4cd242985492312eaa4a66", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610709, "uuid": "074c4c1a-1ac0-4f73-b0f3-d520cea46953", "comment": "Malware payload (AgentTesla)", "value": "600b5ea0f1c20fad8e62819ed32b566700673640", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697610709, "uuid": "0114bc5e-8642-45aa-af5a-a0ba5c899e3e", "comment": "Malware payload (AgentTesla)", "value": "f5a03e9a4fb7be49b134eb711337dad3bc7b019c6f8b2c50fd2f953093822b622e5800bd10d1e2cb47819fb4136ec647", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610709, "uuid": "db7c0923-b7df-4c5f-9a13-9a2786242a5d", "value": "T12AE4126537989B2ED4BF1FFA8031A320CBF678569531E6151CC608DF1A67FA48920F93", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610709, "uuid": "1d9e08a2-0376-413b-ac3e-f1cbc4c7336c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610709, "uuid": "9bc9cf84-0c12-462e-97c1-e0ba2b3fdca5", "value": "12288:jzfqBqM2KKmmy9NuZBfETkgszDfcee7Z9SlQgsbgehV66AwcJmQCgkffK+:jT6qx8mZBfEreSXQubLV61FJmjT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697610709, "uuid": "db1859f7-cace-4b31-8c34-9e24d99742d0", "value": 684032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697610709, "uuid": "5a269284-1aab-4ce6-8501-9f736adfe83e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697610709, "uuid": "433a7d24-f89d-42e9-aeae-fdcc64557b86", "value": "RFQ_16102023,xlsx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ec819e7-6d81-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697611236, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697611236, "uuid": "1694aead-ffa3-483d-9fa8-d3c65b171e5b", "comment": "Malware payload (Smoke Loader)", "value": "ba599f2aa100a57cd9b9c34f0ec9f5ea", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697611236, "uuid": "e975ae66-ef23-4f8d-bc06-672ecd2cc4d9", "comment": "Malware payload (Smoke Loader)", "value": "f68aa2678500c7f6c6485629b58d26c2aa99c7b55df33a75c75f56dcd112c675", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697611236, "uuid": "b83d0711-40d0-4403-8a96-ae2afe03a1b0", "comment": "Malware payload (Smoke Loader)", "value": "bde7806e54e3b0a59b1592a2dc87aa16af725a37", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697611236, "uuid": "aa052260-f4e2-4f66-aaee-e5f8bc5afae0", "comment": "Malware payload (Smoke Loader)", "value": "d153174e0ea4e4bde25d070f8852dbdc89756ad5d856a38c82d065303e09ff987b54c87b70e4598fc247f62736c12ba8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697611236, "uuid": "ecbcf9d0-38e6-4330-9acf-6247e1f094ba", "value": "T1303523135BE49423C8B5173140F703972D3A7D7289296B3AB7DAAD4A0CB3686F532727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697611236, "uuid": "5e679191-39d0-45e4-91e7-a9b41c124575", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697611236, "uuid": "74e7db50-41b8-4736-816d-52123edd8245", "value": "24576:fyzBF0eGou/6DVC5Qcz9PPBsxHlsqA5fkHDKeJY3v:qbGd245QczZPuBlVj/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697611236, "uuid": "e6c94cf5-25e0-4a30-a0c4-a50a0ef49158", "value": 1098240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697611236, "uuid": "366566fe-6424-40c6-9b21-4a11f73ac04f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697611236, "uuid": "f623ecdc-d62f-4ae1-b4b0-81e38fec5382", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3258847e-6dcc-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1697643428, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643428, "uuid": "889f5e0c-dbda-4433-bd40-7bbbda40124c", "comment": "Malware payload (AgentTesla)", "value": "50d876b1994439b56c0fa2c47e5270a6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643428, "uuid": "54444061-ef53-4c0e-a639-650ce79378f5", "comment": "Malware payload (AgentTesla)", "value": "f7ee14ac7468e9937c3b4da0de740363ffb97f0ad87e9a834d8788865f6b9c66", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643428, "uuid": "1408350c-ad25-475f-a1e2-0c3ca9d1ece4", "comment": "Malware payload (AgentTesla)", "value": "8ed39c01c0bc7d6aebd0dbe106c307a190f18994", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697643428, "uuid": "a0e7ab3f-a004-465c-a260-70b6b41d26f6", "comment": "Malware payload (AgentTesla)", "value": "15161a92ea89244aeb369342c760e33c44f35f9c7144f5a27851fdf0667f72ceeeaef3027317b397e639436948db2933", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643428, "uuid": "4797817b-8925-4538-ac8a-908200f5b0ba", "value": "T1D4D4238B801B4059751F27CAB79FECCB0AFA90C120255E405F46D901DB99E9FA7BF878", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643428, "uuid": "0e8e0bba-b2db-458e-9e0f-6d84b5f97703", "value": "12288:B2oTM2FZfgY4oQoUSZAlXhoT7REb5P/WclIkGakK6MRNecsuXvuMX0x:vTMe4Y4NQZksNEb5XWcrkKDRX/u7x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697643428, "uuid": "cb2526b5-001d-44a7-b839-fca200932a96", "value": 633871, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697643428, "uuid": "4bb63f7c-2267-4f4d-94b6-78e7a64c62f6", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697643428, "uuid": "2e83f0a5-7b40-4740-a046-aa2969ecd001", "value": "Order 1005922.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4ae71e1-6dbf-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697638170, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638170, "uuid": "c8c22f2e-42b8-4e37-a03e-30255918cbd2", "comment": "Malware payload (Mirai)", "value": "d7637dda3a469ce1936b022d34020ccd", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638170, "uuid": "775054f6-4c42-4ad8-a90c-89f3fccf829a", "comment": "Malware payload (Mirai)", "value": "f9741eb4fb9bb75c311fb134629534f1fc7f9bad63f34edc3be40f8acaf358c6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638170, "uuid": "4820b1ee-8ab1-4e82-900f-9a9457dec047", "comment": "Malware payload (Mirai)", "value": "a10b934ae9cc56949947ad3daf97069025ef9b2a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697638170, "uuid": "ad0dcdde-aac6-4c85-898f-37bca43e9ae1", "comment": "Malware payload (Mirai)", "value": "802c861c4e134a8cdf1105d2d28835251b00bb8a1dd15bbc6d73216ee2a5710da05607a397fe8d25083b175f1f8e1a82", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638170, "uuid": "5f754673-d038-4301-8907-f68486968f47", "value": "T1C2735A01B3584A47E5A61EF4393F1FE197BEEAC022E0F5856A1ED7465172E33484AFC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638170, "uuid": "5fb2447e-168d-4216-9a72-06f8cfbd2545", "value": "1536:DNpp9RXI1vgi0uv08zomzLKRyxOReqpNiSejOjNfXM:Xp9djCLomzLE2Se6jFXM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697638170, "uuid": "f8153033-1e49-4577-b2ae-3bb086e5c722", "value": 79080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697638170, "uuid": "491d087e-f1de-41a0-a9b8-9a403fb9555a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697638170, "uuid": "c3a896ab-8d21-48b8-ab63-d971eea7c899", "value": "d7637dda3a469ce1936b022d34020ccd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68a30fd0-6d52-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1697591120, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697591120, "uuid": "de268791-ccfb-4d59-9162-4e829e6bdf39", "comment": "Malware payload (Amadey)", "value": "56e19ae7ef7f7a8da67665d1dd5a8637", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697591120, "uuid": "c30ec047-4522-4477-8522-4db33152bbc4", "comment": "Malware payload (Amadey)", "value": "f9ba5ea92525cc00c35135a443ed6ecd9bd5affba1c9388a7e325ee025dcac3b", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697591120, "uuid": "bc7c6b5d-c784-4a6d-a86c-90e2fb709c5b", "comment": "Malware payload (Amadey)", "value": "c4c033a537908b996ff4f77bbad6532383019dcf", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697591120, "uuid": "3092168d-8e0a-494c-9f62-5f43d2ac0db0", "comment": "Malware payload (Amadey)", "value": "5a6d71cd73726d054ad4bcdddad15b580358ed886d855f89c593cde1e1c1beb9d1687ab4dadb1d9ddee2611b79c92731", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697591120, "uuid": "3c155832-e6f0-46c6-8609-6a548f0be2c6", "value": "T1AC449E00B4D18472DBB22532C9E4DBB95A3EB9304B915AEF67E40FBE4F343C19631A56", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697591120, "uuid": "8c230f4e-a540-4caa-aff1-d43159b3b6e2", "value": "e6c8a6ac2c39bf589d2a9a54b0ca583e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697591120, "uuid": "5c3a2c02-fada-485d-99d2-be5ac9a204e4", "value": "6144:O07L7hTz8dx+MUoD/YUpXwAORUMs+EkHHM:Oqhf8dxbwxMiHM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697591120, "uuid": "855585d1-bcf2-4958-aeed-a2afbaded2ad", "value": 256000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697591120, "uuid": "453b583f-afe4-4ea1-9d48-2e1816de6400", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697591120, "uuid": "86e015f2-04bb-4850-89d7-46150b7e951a", "value": "56e19ae7ef7f7a8da67665d1dd5a8637.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5edc3d2d-6dd8-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697648656, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648656, "uuid": "8223c298-fda4-4fc4-abb6-395005f29309", "comment": "Malware payload", "value": "da55d6338a10e0df583bcc576fb06254", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648656, "uuid": "39400e74-7ffa-45cb-997a-712dc7509929", "comment": "Malware payload", "value": "fa46da1bb0630cbb714f55b462d82bceecf2f5595389f1e6118f959e6ec90d17", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648656, "uuid": "cd20eb43-db44-4202-a1b3-0a1c74b815d4", "comment": "Malware payload", "value": "e79baa8775115334f69dabe2a885ca08d786cd86", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697648656, "uuid": "0c928984-abdf-4d19-94df-b50a4d393d76", "comment": "Malware payload", "value": "d9b9003cbaa246e50753b60252a7fa14aa61dcd3f7d8976afb4604f35901668a64cb3239407bbbf77c88035894e7be21", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648656, "uuid": "a7b569cd-10a4-47f3-8e4b-9dcc74006a81", "value": "T136B40187BA89C2A4E62E9F37D2AB1424077AD2DEF117E716398C072C28573770D0635B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648656, "uuid": "0cd37c87-6933-41f9-a726-9b15953a5fe6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648656, "uuid": "28a4fb44-5e60-45cb-a588-a05861e32d31", "value": "12288:Po20N6UyuCIsfaIPKXA3q+0SXqoP+yNAEf:xVUjsSIVvZBP+2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697648656, "uuid": "65ae2d4e-3308-4e65-aca2-953062153bc3", "value": 533504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697648656, "uuid": "2b9912d3-f396-4f54-a9e4-b58f36618d52", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697648656, "uuid": "592e6e3e-4ff4-466d-a045-3d42f553acba", "value": "Ubvefdbst.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b23a1e5-6e0d-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697671306, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697671306, "uuid": "1f1f73d2-8a73-479c-92c7-06f0a6320c09", "comment": "Malware payload", "value": "4a653826b22fcf4ffdceb5e61f300d0d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697671306, "uuid": "84884dcf-b4dc-4729-b3d9-446d136c8c0b", "comment": "Malware payload", "value": "fb7e5ff47a1c2ad42e8473ff2a9422c9921a83f68958df02953d877a89bf87aa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697671306, "uuid": "98f5fcca-7605-411a-b944-5f831b4f048c", "comment": "Malware payload", "value": "5ac90ea1ff90f6b75211651d5066c093bd83bd03", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697671306, "uuid": "4f45f545-395b-4689-93da-f452ad7cad97", "comment": "Malware payload", "value": "083027d865fda8557527130e402512a66373c37c979fe7c7407a8edc761521b5f9adfd9d2bcfcdf84c81ad7324baa34f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697671306, "uuid": "dc1d060f-0d13-43a1-91bf-661352895580", "value": "T1A915235777E88033DAB6237029FB12831A367DE50D7483AB27C6689A1CF35C49835767", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697671306, "uuid": "21f07c09-d74b-4a45-98ff-49eb96c3d6f6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697671306, "uuid": "c271571b-b672-4e2d-8b94-0451b8bd98b4", "value": "12288:mMr9y90tvrTWTNrIvuY0llBtgarbjAKAnamGXZZIqp3jAb+NH7vz2nho:Dy0rUIqtdWazXZZIqx4ib6nho", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697671306, "uuid": "3396a8c1-46e6-479d-9899-0fb74f7eccca", "value": 885760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697671306, "uuid": "4d9f6736-3b85-4a57-abc6-70e024c512b0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697671306, "uuid": "0f87833c-b5b1-457a-bb05-e5ca909435f7", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a110f96c-6de1-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697652633, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697652633, "uuid": "69fb8f4e-e89c-451c-833e-204e9a84d32f", "comment": "Malware payload (RedLineStealer)", "value": "126b3c9df87b9ea898d2d54e8d2639a6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697652633, "uuid": "9a77a097-0104-44c2-a820-abd6aabc915b", "comment": "Malware payload (RedLineStealer)", "value": "fb8aa69e8ce39f4e7aab9a6c702714abbb373f8e59b838781986a2d9deca8e01", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697652633, "uuid": "b3f13ade-32eb-49ea-bba2-f7a12f50b1f2", "comment": "Malware payload (RedLineStealer)", "value": "c1bedec0953e23072852e15e2d7ec8050c8bc432", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697652633, "uuid": "176a15c8-9635-47d2-ac08-d24c739061b5", "comment": "Malware payload (RedLineStealer)", "value": "78eb21ab11211ed19ade134ceaa202588b55030e9409b96c1e60603810d93829f2079008bb98e372cc6250df18f00177", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697652633, "uuid": "70e59b43-c562-4715-9f7c-aef8f585caa6", "value": "T13EE39E0175CCC0B2E5B319310970EEB55E7DF8340E146EABB3D816BA5E24FC08969A6F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697652633, "uuid": "748b2d6e-8953-4440-ad17-dd7610bca265", "value": "89b4938a013d6b8954f68c2ef1293c62", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697652633, "uuid": "1a66523b-ea19-445f-9777-cb63f5c854b8", "value": "3072:JWvLJsU12HlWCnUewNzrQuUUpBt2973rC9Tma3fQqyze/1f+VjADyDPoJ:kLJsICnU9Q8J3NyzedhePoJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697652633, "uuid": "e9b9f920-c43a-4018-a549-af245766eefd", "value": 151552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697652633, "uuid": "9a45c857-9954-448a-8486-20a429f6f3b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697652633, "uuid": "08257007-ae72-4c82-bd27-d41c8c125d7b", "value": "126B3C9DF87B9EA898D2D54E8D2639A6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "479c7288-6dda-11ee-8907-42010a9c0042", "comment": "Malware payload (Loki)", "timestamp": 1697649476, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649476, "uuid": "142f042c-98f0-49da-b2e8-735832a1be6b", "comment": "Malware payload (Loki)", "value": "834f8d3c68e80cb0288dac71275bf89a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649476, "uuid": "0e41b4a9-7615-42b1-ae17-049d0395a7c0", "comment": "Malware payload (Loki)", "value": "fc1cb340205716dfe03bff110a21e0350b23a54f8f62254fc6800d8248c14956", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649476, "uuid": "24d309ae-5cbc-416c-8970-b12df36e2710", "comment": "Malware payload (Loki)", "value": "e0dbc91ac0c9492cbbc82fa47832c035bc8d8a8d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697649476, "uuid": "4823b395-56ad-4a89-aa2d-91e35ee1a29c", "comment": "Malware payload (Loki)", "value": "8fb6ef60e96c61c9d4a6179eb8ee3d123928fe2d93661a2f66d0794649e4c526e50445b0b67f920a2a898a7cbaee7bb6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649476, "uuid": "5471505b-17ae-4870-b2da-e2b8e33b814b", "value": "T162341A93A2E13D94EA268B778E1FC6E8771EF6504F4D776D12189A1B08B01F2D273721", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649476, "uuid": "da7a94b0-ff01-4960-914e-4c536548164e", "value": "e8b76dfd97b58fcc0350cdefeabf1153", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649476, "uuid": "2feeefd1-b46e-4515-ad5f-9d9ecbf5545c", "value": "3072:cCWCq/RW4zU6v79w0H/RWv46B3pH9Y5+gbNBkI:GDRfrv98t9jgbo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697649476, "uuid": "9859bbfa-1509-4966-a293-e8a03e33dafd", "value": 233472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697649476, "uuid": "a891f8e9-7f3b-4b3f-9a1b-2ffe95c93e48", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697649476, "uuid": "daacbbaa-3b9f-472f-b1cc-a99cb847dfae", "value": "834f8d3c68e80cb0288dac71275bf89a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6305a682-6dd6-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1697647804, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647804, "uuid": "2b0699cf-ce65-45b5-bdf1-a45f5ba67332", "comment": "Malware payload (Mirai)", "value": "4fe96b9faee3bf68128a8481e971303f", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647804, "uuid": "c02a5d6b-89c5-4e34-95f0-c169631f288e", "comment": "Malware payload (Mirai)", "value": "fc2e4f6e84fb4aad7a386c1c3b30ff9de2d8ff51e677afdcb9f824d252661aa1", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647804, "uuid": "5b3c4a51-a5b6-4e8e-a956-ddc0e5229599", "comment": "Malware payload (Mirai)", "value": "bbc45ab536d3c0222102b704965f7c6caaa4522e", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697647804, "uuid": "fbf33cfb-0b8b-4ce4-b299-9876abb3e29e", "comment": "Malware payload (Mirai)", "value": "d71933b80f2b2dac182c0d24487398efd0dc4ad4aa0086781b6763e9f0b07703ccf4e741a4d365904c7fa173dad9682d", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647804, "uuid": "836b89cd-22d1-4aa8-8e62-3e10b6a819a4", "value": "T18AC2E1F63E776997DA28003938ADCE379271F062D75EA72392405249201717DB7319ED", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647804, "uuid": "9320227e-0fa4-45ad-bef5-3a942713a13e", "value": "384:MB1DMwk8JPyGYhDZREXVZVBy6sIye1iWLRYh4Sw4cGJYeRzOFGBzd8Qfo1+MVNyx:0MwKDZOFbBy6sSHRYfeAxdd8Yohu0N6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697647804, "uuid": "46d0f1eb-5938-40ff-a0ba-c29d2492de89", "value": 28048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697647804, "uuid": "2eb8acc9-afe4-4326-adef-4f082f0b677c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697647804, "uuid": "34cb8519-56ea-4678-9d0f-c5e149ec5fe7", "value": "sora.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe155335-6d5e-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697596525, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596525, "uuid": "2571279d-7fb0-4b5f-b307-7d372cda152b", "comment": "Malware payload", "value": "cb9418fff1da966a91d7f1202d0ede74", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596525, "uuid": "34d1d50b-c332-4de6-8b41-47546f8080b2", "comment": "Malware payload", "value": "fca72cd1ab9c9db0bc6cec61c85f71dbcfbf4e47cefdcd8f5ebd5f08a1f026ca", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596525, "uuid": "32ef0b22-230c-4b48-a5b3-9a7f8309ae3e", "comment": "Malware payload", "value": "355b6cd5ab8fb47d20b66db033be3591e0475cbd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697596525, "uuid": "4eea7780-c85d-4be5-9112-326003ca2422", "comment": "Malware payload", "value": "3aa2f48db8a7461a8bd8a95452483ec7ad95de4186d12c03336b6e8e02748335b3edc939684a3dc5d7af0f467f6c4669", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596525, "uuid": "b80c3f2c-4165-40fb-8890-8dd575504a44", "value": "T10BB312CAF08B1171DB4E467655384E8E36EDAA1C370D4DD8BBD46894244FBE3016EE36", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596525, "uuid": "13158c04-40db-463a-ae14-c47a27bd7537", "value": "79b3362178937bf9559741c46bb9e035", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596525, "uuid": "b84eb3cd-5572-46fa-b1b5-76b9b23e9d53", "value": "1536:RoaVvyAmLBRFpKb0/ruEBT61Da5Rf0mbk/Ih6Ps5PMI76mqhCqHedlLm0RhUJ:RoaNq9r1T5rfxw/M6PQp0jedlS0AJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697596525, "uuid": "b2db0705-8114-426a-931b-9c31ba789200", "value": 114688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697596525, "uuid": "ec6f2a55-fca7-45f3-8273-e210c49832a9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697596525, "uuid": "c8fbcf9a-501e-4710-bbdc-1c825c37990e", "value": "SecuriteInfo.com.Trojan.Crypt.27009.24348", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82375bd7-6d78-11ee-8907-42010a9c0042", "comment": "Malware payload (RemcosRAT)", "timestamp": 1697607484, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697607484, "uuid": "d231e92a-3383-4287-adc0-45c9946f3ad8", "comment": "Malware payload (RemcosRAT)", "value": "56de39b0801ef1a299408f2a90378f61", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697607484, "uuid": "e219d9e2-f8af-4c32-b051-b1d3367dc9a5", "comment": "Malware payload (RemcosRAT)", "value": "fd326d4292d9188d15ee16b1cd913c0d2d4ed9d8f7c991a2a10fad5fdbc3ccc9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697607484, "uuid": "c98b0a47-c8c7-401f-b383-46ce3065efe0", "comment": "Malware payload (RemcosRAT)", "value": "a8ea6a7a0969b63f0ab5f60149ba47972ab022c8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697607484, "uuid": "19cec668-4add-412e-b37d-b6142f51a04c", "comment": "Malware payload (RemcosRAT)", "value": "26b8069f467d9013f5e5ea09b9bbdbcd91abb8f7a0257bfb5d87dacf47332150a362bb555db1c698d102a30a0d3bab8e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697607484, "uuid": "173024b1-835b-4fa8-8324-8c33187ae64c", "value": "T14955D015F693463BC032163ADE77937488297E643A296C56A7F41C788F3768A38376C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697607484, "uuid": "00ee25ea-034d-4aea-aa04-ffbae47358af", "value": "943a00a286edd3507b735f866788c4b5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697607484, "uuid": "ffe7ab1e-9d0c-4939-9486-97eb4d81a69a", "value": "12288:iKl1+wjWARTvUKbV2p11lx8Nimm5cfGNJ3+AJf3tDWwEPbWKiwfat4YJy4IcB2dl:zlxtU9jxR7W+6AJKPdfaLScBWUGoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697607484, "uuid": "e37735ec-2ddf-48f0-a1a6-db5a74da4d6c", "value": 1355264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697607484, "uuid": "5cc0e5e6-d76e-417a-8831-5761a3426b02", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697607484, "uuid": "d5607048-3e46-428b-a241-218c5d671ed4", "value": "SecuriteInfo.com.W32.ModiLoader.WG.tr.28485.12502", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03ea029d-6dc3-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1697639484, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639484, "uuid": "6212aa91-0e0d-4f3b-b25f-60b0da57f19e", "comment": "Malware payload", "value": "2bca055f75bd9802191482fa2db07a6c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639484, "uuid": "1aa1641b-ef89-486c-bcb0-e5b09e95abb5", "comment": "Malware payload", "value": "fd4844c718639094d3c969dfb48bbb6366cb0f36bc212399b23b94f4860161f2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639484, "uuid": "0f82556c-9976-4bf8-b058-99ffe9fe19d0", "comment": "Malware payload", "value": "865f806aca372d55a0e6f7deed03506f0705d466", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697639484, "uuid": "a4ffcf27-6a48-457c-b062-790cfd9ba893", "comment": "Malware payload", "value": "600176656b78e198b9af3ebc372e6928505867192b847a8befedb3b92ada80bd377172dbb7eb215bad10f5ad671678d2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639484, "uuid": "05c6309e-d7dd-4603-b157-e55947341915", "value": "T19904395B32D0B843EEDB01724B67967BF3BBE3113730759B5A181FB835216CA4A54AC2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639484, "uuid": "d9e546b1-1049-447a-8008-01d3223f5875", "value": "384:idENc4lfstek7YGqOUKxQuj1FC8GhU5a6nwipen7lk5T+r+Morusjr8z59:i+VOkOYVQxQuj1FfTLnwipe7KbG4q5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697639484, "uuid": "d0bb2e75-d7b5-4b23-81a5-a76d923b225c", "value": 184320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697639484, "uuid": "e2863aa3-2da2-4e13-9480-898a9483c58d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697639484, "uuid": "ad401e3d-899f-4ee8-bc06-fce7bfa8a8f3", "value": "SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.21650.30895", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e80e9fc2-6d98-11ee-8907-42010a9c0042", "comment": "Malware payload (Phobos)", "timestamp": 1697621399, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621399, "uuid": "54f82ea8-4b84-4fdd-b93d-6f980fbee595", "comment": "Malware payload (Phobos)", "value": "4db1b428d0e115a810836f937d786f38", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phobos", "colour": "#19849F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621399, "uuid": "cd6dd594-de9f-44d4-8186-d9aa9029e0e0", "comment": "Malware payload (Phobos)", "value": "fd59543a425d2159dfadba8efd4d40178b609ef123a8bc5cf00fe3afef95623d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phobos", "colour": "#19849F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621399, "uuid": "bd20f1f2-1542-41c1-851c-b190d24ff2b6", "comment": "Malware payload (Phobos)", "value": "35e8722f5bf1997d6022fa512f60458470a8999e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phobos", "colour": "#19849F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697621399, "uuid": "cad86d54-4fc2-40d9-9c27-d1456dab1806", "comment": "Malware payload (Phobos)", "value": "d4b4f2039dc342e46f8a0b1fbb2ddd5bf8956b85ce8ce4712d170ac4eae3cde6f89e4cb2d0d10b1f0a9b11e51a547859", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phobos", "colour": "#19849F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621399, "uuid": "adb2c44e-a1d8-4615-bdc2-3418c9a0d604", "value": "T1DE54F157E9CC805AC52E537BB0995E4A27F9E8CA8593CDEE2D48F060C4F6346AFC114B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621399, "uuid": "98dcbd45-8128-4ec7-872e-9f2ecdf4b515", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621399, "uuid": "7141066d-0f71-43a3-8df8-8be1e32ee852", "value": "6144:mlVD0j3qci00ei4m4d3hJkuRi7g9BOu6xb4YnDy:X2cibT4d3hJLUWwu6F4YW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697621399, "uuid": "8b394056-db3d-45c2-a266-9d4d76a699e1", "value": 291840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697621399, "uuid": "30ae0cfc-ccb7-45d5-b6a0-b9a2fd8578d0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697621399, "uuid": "28ae053e-d91d-4c22-bb2f-6a0bf7686cfa", "value": "SecuriteInfo.com.Trojan.Packed2.45812.22266.8634", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }