{ "Event": { "published": true, "date": "2023-06-04", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-06-04", "timestamp": 1685923381, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "e7cf886a-29e6-47f4-aecf-ef56254971d4", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e482e422-0278-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685842874, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685842874, "uuid": "9f77de04-22eb-4f60-9a6b-21207cfe76fb", "comment": "Malware payload (RedLineStealer)", "value": "a68dea092fbd249a536e36f7d4eec649", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685842874, "uuid": "e3630f6c-729e-4a50-877c-d4a2da7be7a1", "comment": "Malware payload (RedLineStealer)", "value": "00d923f969b5ac9c626e872c1d1434dba82747fdc59839e8fb90b8bf2e3bccdc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685842874, "uuid": "a3382cf5-6c71-40cb-bd5c-7dd63556831f", "comment": "Malware payload (RedLineStealer)", "value": "4d81c434264177d20ae8fa03902888319a6c732e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685842874, "uuid": "92a1e976-e7ed-45c1-aeb0-07c5d74dcb00", "comment": "Malware payload (RedLineStealer)", "value": "7fb77be92615cffe78dd91fdea87595e754e38c3da1ef9f1c507a88dcf05d6ac90a23c6059eb9c268a1fb64d2ae27b67", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685842874, "uuid": "693f21c8-7bb0-45da-a188-f8f2a8105098", "value": "T12B846D1363E37C61E5164A72CE2EC6E86ADEFF518F5B37AB12186F1F04714A1C162B42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685842874, "uuid": "f707b129-5e98-40d9-ae10-747f34f104e6", "value": "08b56125ba7e99bd17ba88b830247aad", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685842874, "uuid": "c3862a35-de0b-4f10-8976-af8819d2f492", "value": "6144:LxW7u5WDkMdx19TrV27sbXUH8NP1WxvAMbhqBl3mYqwhtIQN:Lz5WXP1tE7sbXi8NPMAgqBcE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685842874, "uuid": "49a1e20b-b6d0-478a-ac68-4c2af5f8a61e", "value": 387072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685842874, "uuid": "0f6b4fe3-8732-49f9-a6c3-8a60347e319c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685842874, "uuid": "8ec09c77-e858-409c-b062-064b7d8ec13d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba856337-026e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Smoke Loader)", "timestamp": 1685838509, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838509, "uuid": "5e8a3e98-11ce-4210-8ee8-5c74cba650ee", "comment": "Malware payload (Smoke Loader)", "value": "b8ff93e8cc420e4914863c314b8d46ff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838509, "uuid": "6e36cf35-d73c-4a7a-bb27-3adf1c5860c6", "comment": "Malware payload (Smoke Loader)", "value": "00e46173434594670e15ba034fe449acc17f0117f90c5bbfc539de0410295805", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838509, "uuid": "3b8ec860-28c6-4edb-87fa-b9428088a07c", "comment": "Malware payload (Smoke Loader)", "value": "48b28b931456ab0fc42a0d251d2a47cdc9333dda", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838509, "uuid": "ef0eaa8d-67b7-48a1-9927-841d3a0a99dd", "comment": "Malware payload (Smoke Loader)", "value": "10c50ecce9af060468ac0b14680eb499ab507e708346cedc1ba4e0e389a335a044bd3a6a2ad142f58cbf64df8728d608", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838509, "uuid": "6619cd8f-d4ca-44c7-80ac-6f0a441979f7", "value": "T14C444C1363D36C65E5164AB28E2EC2E86B1EFF918F4737EF12146E1F08711A1D672B42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838509, "uuid": "6bc55474-42aa-437b-9ec0-8aecfe7180ca", "value": "382962f043b5a0413c587a899bceffb1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838509, "uuid": "fe246ac9-486f-4929-ae52-3c5b019c2ed7", "value": "3072:NMRu9BkdMihD3NPE/S2l2k6FLlDeUR+rY/KVGAECGipq+beq4xgBFwcMzmSGJVit:Ncu8d19eSFPDejrYyVGAvSgmq0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685838509, "uuid": "7005c73a-1e96-4300-8321-a52d3d855b37", "value": 269824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685838509, "uuid": "2e92b4d9-cb0f-4f9a-9638-eadfc01fa52c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838509, "uuid": "68d56fe5-89c2-425f-8f51-671549aecf50", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "318bb1be-026e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (CoinMiner)", "timestamp": 1685838279, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838279, "uuid": "1e005c73-61b9-4da9-b930-1c77ef730f8e", "comment": "Malware payload (CoinMiner)", "value": "2e8041918e68d548ae914d5e1ea99d5c", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838279, "uuid": "68ec978c-cfb1-4d89-8aee-5e73e9925eca", "comment": "Malware payload (CoinMiner)", "value": "0257aa89473e7cf56ec04f1810aa4970c23960daed63e5e7b51e7a2d1d14247d", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838279, "uuid": "501c4444-4406-4db2-a89e-4eabc5cf7e55", "comment": "Malware payload (CoinMiner)", "value": "099f94b27be32a2f13665a1d27561578b0e9a678", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838279, "uuid": "e3367df1-c8da-4f87-b0cc-0cb6ffcc4e98", "comment": "Malware payload (CoinMiner)", "value": "2c199f0d44f8e7bacaae00b6a57445c0605267fd65d48b799a7fa16b2391cb588643027d6988e1bd89276f7c02650b07", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838279, "uuid": "b415787c-a21e-4d6e-945b-1e29fcf5f97a", "value": "T1ECA533513B946158D438273688F301838535BDF5AB5092FF329EC9BDE933AE4B471B2A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838279, "uuid": "953fc049-68ef-4532-bbb0-82a18da9fb71", "value": "4cea7ae85c87ddc7295d39ff9cda31d1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838279, "uuid": "e340aa6c-81ae-4d5f-bfee-a313b8275f21", "value": "24576:2By5qFarrp10zOsbtu/C6z4nuAdY5WlzMSz69yqhBCH+SXeof/xftrt7K6uzTRpb:ZXr4zhbj6Gl8pSSyqTlSYnPAOs0Qky", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685838279, "uuid": "957768f2-2ada-4f07-8254-8683015e3fe7", "value": 2266624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685838279, "uuid": "0acd0fea-ed75-4927-a04b-a93e043473bc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838279, "uuid": "65cb9496-18a3-4da7-9390-9276349fe0e5", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e9b5f8c-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910537, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910537, "uuid": "e24cf9cd-d189-42c0-a894-737c7d2af37f", "comment": "Malware payload", "value": "c7e313b811da764a0fe3c36e84066d86", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910537, "uuid": "6d5d2b5f-e407-4085-ace6-7013ae2c49ab", "comment": "Malware payload", "value": "03bedc7e5f01a0b2970d4e3ac2a34df9eb0f78c315951e5736f8a1bcaa610e18", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910537, "uuid": "77c49e9c-74df-4235-abd3-bc6a09239f71", "comment": "Malware payload", "value": "38b6aa69cf572eb2ba261d0216be97b1506b4f88", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910537, "uuid": "d98b5d2f-ec4f-46ff-bd2b-f35075f1adf9", "comment": "Malware payload", "value": "1eb5393202e62522eeac324117df27ea4ac7f46eefd2553875cad5dfa2b87378c76b383556926b065c78ff3ea3354202", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910537, "uuid": "0779e054-6086-4141-a84b-7203191b3c11", "value": "T1C3F47D56B3E15833C1BB3E74CC2B41E594DBBD103E2439CA7AE42E8C6F386907D29656", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910537, "uuid": "c418f0b6-3b3b-4247-a9d1-70f6d5de7f5b", "value": "12288:ZsBL5NQYA9SjCQFp/CVKrSoAdoMNI87l0NcSc1b7ya7zMvbUEucAJui2Gdzt+Lnf:atQYA9SjDoASMFA1aYMvDi2GjAnQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910537, "uuid": "f13bbb1d-06fa-4b80-9482-5a83cf1a67d8", "value": 745472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910537, "uuid": "bee00241-4ecd-4e75-a075-7ca429e7658d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910537, "uuid": "baa80415-c291-4993-9948-f5d79e0e1382", "value": "SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen.25524.29420", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68c0ca33-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910527, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910527, "uuid": "12797775-8f00-4401-a059-82d767b6c757", "comment": "Malware payload", "value": "f1c1e2c2027740c0974b7db729902e61", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910527, "uuid": "115ca4e3-857a-4b5a-a80b-b68d675c8d79", "comment": "Malware payload", "value": "03ec6a735eb87c89c65ef9bc3c970ae6f07d00f56abb4c0b637e881719126dc3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910527, "uuid": "36ed0ac9-77be-4ee9-9548-2c3df14cf9f1", "comment": "Malware payload", "value": "e9aba7bf28d48c6a97cc9b706917c2fe2e090be7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910527, "uuid": "47d47769-22e3-4ae1-a32f-172499afde68", "comment": "Malware payload", "value": "d8dabcff94af2482abfaf66d72e8e07bfc7f5ac25eae08f7292d7d53c7131b76bb034f60b2b6eeba944fb4a0dc0b479b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910527, "uuid": "63834e60-85dd-4997-9326-fe127054b9ee", "value": "T138140C42F179353BF3634278FB7CD806B822266C6FB118D6BA4AD386275754F04C94AE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910527, "uuid": "20616281-dc66-4ab3-84f0-ad58d9d6b3cf", "value": "3072:ZL/FVNc/JNOx83iGD/wt+rkkktjokskkkvk5Akkikkkk7kkkkkJkkkkJkkkkkokP:NS/DOx8yI/S+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910527, "uuid": "92f1df64-812e-4f94-bcc0-d4724d52a90a", "value": 197632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910527, "uuid": "fd9d3a88-c228-4803-ada6-1ae76c97d90b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910527, "uuid": "6df5a494-2782-4977-a038-fec1072acced", "value": "SecuriteInfo.com.W32.A-62389890.Eldorado.11443.22910", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71b415f5-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910542, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910542, "uuid": "7073dce2-d315-4227-bca6-0c3a0845c2fe", "comment": "Malware payload", "value": "6ea2a5d8c51b590d6e290a2af5c0cac6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910542, "uuid": "77a23653-a140-4eee-9ac9-7c795fd772d0", "comment": "Malware payload", "value": "04db51bdf3e4721dcb3986ed4261cf3407b2bc5371fbd6f077a7d7b049117bc5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910542, "uuid": "3e45c55f-4732-4e5b-9862-5d42444fe4eb", "comment": "Malware payload", "value": "c4f7edd20e076fff8c93ec4c7713bc8c21a97d0e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910542, "uuid": "7830d0ca-59e5-46e0-b672-3f4c7160d9b0", "comment": "Malware payload", "value": "7ff620c11cece3bebbfe8740b3377f0055f2ecbfc3ba6cbe0e90c7f2fca766e84b9ad6786de18c07f67fe5ddfa7df110", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910542, "uuid": "814ede08-638b-4a24-90eb-ab3231ffb214", "value": "T1E0829D9EB310CCEAC5A409361D13EABD76203C3A9C2D4E473AC4270F3E36795AC12B56", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910542, "uuid": "a1395b93-c33b-4ed0-a7f5-aabb8b576afa", "value": "87bed5a7cba00c7e1f4015f1bdae2183", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910542, "uuid": "ce291e12-bed1-43fa-ba99-2d091c9a4e98", "value": "384:DLDTs8hsF6qtK8lzQ8+Sych3mYvCPHx2L2:DLXVhaTtDE8VfCPHx2q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910542, "uuid": "8d987ba4-db09-478f-b967-50fbd02e07d2", "value": 18085, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910542, "uuid": "66523d35-9b5a-424b-a5dc-0d6566ceda2b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910542, "uuid": "0beaa9d2-419a-4930-afa8-9faf316d5f2f", "value": "SecuriteInfo.com.HEUR.26889.4145", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "172180d9-02d0-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RevengeRAT)", "timestamp": 1685880325, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685880325, "uuid": "1c90e535-9329-440b-a85b-61ccc215de64", "comment": "Malware payload (RevengeRAT)", "value": "694b37ca1d29f2eedb4d408834c885e7", "object_relation": "md5", "Tag": [ { "name": "ppa", "colour": "#46E682", "exportable": true, "hide_tag": false }, { "name": "ppt", "colour": "#A64DF1", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685880325, "uuid": "1b5d184d-f1d9-4bdc-9905-468d9a017bef", "comment": "Malware payload (RevengeRAT)", "value": "0562a2df06412fc0038afca2d27c4b1428681a518015cd2fd823df9b55db21f9", "object_relation": "sha256", "Tag": [ { "name": "ppa", "colour": "#46E682", "exportable": true, "hide_tag": false }, { "name": "ppt", "colour": "#A64DF1", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685880325, "uuid": "da426be8-d586-488c-b36d-0fd1d1df84b5", "comment": "Malware payload (RevengeRAT)", "value": "0c23ec46e7f460f8db3e14db0314eed2728fffcf", "object_relation": "sha1", "Tag": [ { "name": "ppa", "colour": "#46E682", "exportable": true, "hide_tag": false }, { "name": "ppt", "colour": "#A64DF1", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685880325, "uuid": "a9467e27-0666-4734-a804-60549b7fd77f", "comment": "Malware payload (RevengeRAT)", "value": "bcdb40527fecdfc6871296f2ccb3be72334369df28d277cb48b4e5ad87c0930372b41965e05e9ae2e8e10672f27e0488", "object_relation": "sha3-384", "Tag": [ { "name": "ppa", "colour": "#46E682", "exportable": true, "hide_tag": false }, { "name": "ppt", "colour": "#A64DF1", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685880325, "uuid": "55110116-62bd-4f96-b54e-81391be154ef", "value": "T137D3B40B7999CB53D01567BA6E83CDA82B28BF08FD42676B30553FEE3D712604D8621D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685880325, "uuid": "ba310238-9842-4b20-bd10-b5680641149f", "value": "3072:cPnoH4mXthE3HxBTBg/zDKQACpqM2IEVILRRRRR3:cPnRXyN2IEVILRRRRR3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685880325, "uuid": "ac44a7b4-97f8-4f88-b773-8d0da64c6dfb", "value": 137216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685880325, "uuid": "47dd7798-896a-427e-aa20-e29a65db1500", "value": "application/vnd.ms-powerpoint", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685880325, "uuid": "2a829266-fa09-404e-912c-49255af5c700", "value": "documento_fiscal_.ppa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3cdc33a-027f-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685845853, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845853, "uuid": "82406925-40fd-4142-b384-10d87ec889d5", "comment": "Malware payload", "value": "473d65d1231ccdfa0099d463b09cf9b9", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Injection", "colour": "#99A2CC", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845853, "uuid": "65d913d1-ee22-4dc2-9e9f-6402b53aa695", "comment": "Malware payload", "value": "07c70968c66c93b6d6c9a90255e1c81a3b385632c83f53f69534b3f55212ced9", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Injection", "colour": "#99A2CC", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845853, "uuid": "f0c715fb-e839-4540-a2bc-c820f7d6c46d", "comment": "Malware payload", "value": "9cbc7417fa5ce2f6d87026337fc7892e4f485819", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Injection", "colour": "#99A2CC", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845853, "uuid": "e5e6b8ea-a594-4ef3-81e7-2baa8b1b340d", "comment": "Malware payload", "value": "32d456500ee7f0cee47efd43777ae17645dfc691bf530e70cff4e36d2113cfaacc45209caa814be5c725794b514e4223", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Injection", "colour": "#99A2CC", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845853, "uuid": "5abf6470-0301-4a6a-aac5-e2b732a6946f", "value": "T1DA847B107117C131D55E12B16825AFFB97BCAC246BF584DFA7C42F3B8D212C27A32A5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845853, "uuid": "76286607-6b7f-4396-b2f6-51a5783e735f", "value": "0701e1e4ad265d4729291004d2dd906d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845853, "uuid": "b53d95b2-0eda-4629-8df3-a40623da7bb1", "value": "6144:/OwxmL8r1P1piUUXP5n1o0g08Fxr3AV/SNxBUnjF444C48t9g4/N:WwZpw/Rb8FmZWBWj/48oo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685845853, "uuid": "8de713ad-a948-4d87-96fa-032e86687313", "value": 381952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685845853, "uuid": "45e5d3db-4f5b-41ee-b1ac-94685af24e67", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845853, "uuid": "189f17c3-9749-4a38-98ed-64600e79fb6e", "value": "bd83e75f_dllreflinj.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b14db323-02ed-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685893040, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685893040, "uuid": "bfe62104-d9e9-4862-9f16-a80553af9ce5", "comment": "Malware payload", "value": "62e48038a1105d8445b0f539b250a2ad", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685893040, "uuid": "7d195d16-6a19-47bf-b55d-283682b67b88", "comment": "Malware payload", "value": "0b34d688a6c36cf55e1c18d22523f62a7fba025cc2035e0c163abd50288ae539", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685893040, "uuid": "66ce35f3-a38c-46e2-a32b-f3a89c701872", "comment": "Malware payload", "value": "f592671e524814bb585b61ecf3c6fea16c724ae8", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685893040, "uuid": "35435c37-bd44-45f0-b9e9-f89def34f157", "comment": "Malware payload", "value": "afb882e130de9db8fb08f0e83d2c4a699911c180de25900f748ac88caa199a255fc60de03c58739ab7b1091f220d5899", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685893040, "uuid": "4e8932b9-721b-43f9-8226-6a2a3abdf8ee", "value": "T1955401817B429312E44A097495E7013753FAA3C325B3C3CA7A4942EA6F533E27FD4B5A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685893040, "uuid": "9caf249f-c956-4571-ad56-111cb2fc1c37", "value": "6144:XA2Q6m116ut7IBtDulkUcSEY0EWZOdnPtx2Tk5Kvj5:X5ObIBtxLSpXWYJPb2o5q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685893040, "uuid": "5370bf64-923a-4582-8273-d0076b0c99e5", "value": 301632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685893040, "uuid": "eab51ba6-0bad-4ce9-80c8-c3439df36ed5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685893040, "uuid": "359c1706-7c6a-4858-abea-0d448d181930", "value": "YYY.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad5253b9-02ed-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685893033, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685893033, "uuid": "363a79e9-465d-483c-9d9f-af5a7e209d6f", "comment": "Malware payload", "value": "6c432a8b26bc0e068f23e88f69c0f565", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685893033, "uuid": "2cea0d0a-54ae-4b27-b092-6c03faa5f7dc", "comment": "Malware payload", "value": "0b525aaa05e206258e8e98f05fcc621a0c8d4df69138970a1447e57d157c6331", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685893033, "uuid": "4e236b58-9907-4aa8-b48c-2a119b7d40de", "comment": "Malware payload", "value": "318fdcf5ba0a326bf6601e1f917f9aa16645d9ca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685893033, "uuid": "bfe77a8c-6cfb-44d1-82dd-3e7a343382b0", "comment": "Malware payload", "value": "87dfdba7190166a4a68a6ad3e23320e67e66b2636c1097d0e9f613ac86aa5ea45b6503321a1b7d549b3dc799120feece", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685893033, "uuid": "bb1ce6cc-9862-421d-8834-ca81e072cf33", "value": "T151F42226BB93C772D90595B050B3051183F5D38A7637CA5B2D98A2DB0E673A0FF4AB4C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685893033, "uuid": "1d00d6b5-1389-4f81-b644-9464695af263", "value": "12288:faNp9CFWv60PaT5zePZMjFkA1pniuSwgsAaQWKYt9VRd4li8i+3UQXGLPSPr3FbV:SNp9CFEa4RMjFhThyaJj+N66z3F8+sW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685893033, "uuid": "a013d774-3746-4f2d-85a6-6f34e3379bbd", "value": 775680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685893033, "uuid": "265be173-8953-48df-9b16-697c7c8989cc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685893033, "uuid": "d49c3f6f-3c0b-4803-ad8b-d3dca588cb4c", "value": "NA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65cbb383-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910522, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910522, "uuid": "ecb7c743-072d-43c5-86ab-e625c6a85fd2", "comment": "Malware payload", "value": "1f3be2d0171631e0428d28bbe6990155", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910522, "uuid": "d8afd84a-6f85-4d8c-a858-1c078ac68e91", "comment": "Malware payload", "value": "0dc8c3e880997be2c653e890548e2995b1d2cd079e155f0c74725cbc2a5a5af2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910522, "uuid": "8587ca8f-7d53-46cd-a3c9-5727eff7da6e", "comment": "Malware payload", "value": "dcbe99c433a656b77a9e9e18913e1070554b9b37", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910522, "uuid": "aee61085-e255-4e43-a1dc-7f9779d198f3", "comment": "Malware payload", "value": "447bd54636416eb1894916c84dc147a8cd1daae2b3b5a80e0fcc55ac9b807b77a74ce2277c00029a9d500d2b6c19ffc2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910522, "uuid": "faa0e734-1dd5-4649-9743-283ce69801e3", "value": "T1861485229A50A20FE35A89F4E9B8B1993457BEBB1BD06843718C5F0437756A770F4B0F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910522, "uuid": "e6a4afeb-b43e-4e3f-860d-079568007e28", "value": "6144:JtesCn5BKci9qDL3Fh/k5Iy9dg/GQyUAwM2v6a:Jt25BKc6UDj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910522, "uuid": "e2f88267-f4db-4705-914c-1075dc617c2a", "value": 197632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910522, "uuid": "66f0fd2a-bd26-46f6-bb10-255b078ee1a8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910522, "uuid": "63efcc37-2580-46dd-b60b-676112d31a28", "value": "SecuriteInfo.com.Trojan.Heur.VP.mmW@ayb6IEb.27504.9234", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b1c73988-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685905066, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905066, "uuid": "b76e90ef-6c95-414f-800c-6d5b936698e1", "comment": "Malware payload (RedLineStealer)", "value": "2f04ac814a59dafca189e603d18d196d", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905066, "uuid": "7cdacf96-a276-440a-a88e-f87aa2717e7d", "comment": "Malware payload (RedLineStealer)", "value": "0dd0400b4e1b03d8dddfa68961843b2312ccf6bc7ffa8162567b56d3762e8d0a", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905066, "uuid": "ebba533b-d907-4b72-af73-611c6db75de9", "comment": "Malware payload (RedLineStealer)", "value": "29148efe87f9303a07a05b45afeec232139243b0", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905066, "uuid": "0a958100-7923-418c-99bb-d56cc8d35ff8", "comment": "Malware payload (RedLineStealer)", "value": "058bb72687dff52af59a460a39d596b1a6332f0c09da4ed53fd160b731e653f955b47cbb93f910738ff08a6da77c5029", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905066, "uuid": "dca13616-836e-473f-8eb4-c02dcdbc8ad1", "value": "T105C41256A7E89032DD752BB068F743C70A357ED10A74C39B2B55E95E0CB22C0A57237B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905066, "uuid": "f790e8a4-6b4c-474f-b0ad-f0dfff0f375d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905066, "uuid": "71c60c59-ebe3-4ea4-996c-de4f4e78af00", "value": "12288:fMrNy90f5MI+IauHzi0A2Ok3k4uzkAxKtP9GzFzeIEG:GyqCVYS2Q4uzPxKWzFeIb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685905066, "uuid": "6bf4d961-c7e7-4f1d-8761-fbd43ac6adad", "value": 593920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685905066, "uuid": "026bade4-6e73-49b1-84c1-0804eed5b350", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905066, "uuid": "bc5707f9-fd02-4687-936c-bb03fdeed115", "value": "07270499.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5de21aa-0279-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Fabookie)", "timestamp": 1685843199, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685843199, "uuid": "f0777a5c-7bdc-4edf-8891-8d0095c03a8b", "comment": "Malware payload (Fabookie)", "value": "fa10a4614ba7987eb1bf810bf4226e32", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685843199, "uuid": "4003cb49-9051-49f9-a463-4ca941be42b9", "comment": "Malware payload (Fabookie)", "value": "107c9c7d4ae2a5116eb395a8a5fc6e4de7b9fe60bf7ccadcbb7c14ae1049cdac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685843199, "uuid": "e3d84316-0688-4d29-b59d-aa1e4d7a0fd0", "comment": "Malware payload (Fabookie)", "value": "d51aeb13b28284ca559095f47fc208a8e10a6a05", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685843199, "uuid": "72144446-a549-4d52-bb58-801478d57359", "comment": "Malware payload (Fabookie)", "value": "0884dbe55c6260c111c2936976fa83b57ae1a7d911d50ba20adb96779edd5417d04ca08812b79fa1b2a11dc9dc3353c8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685843199, "uuid": "c8e83d50-e5d4-4bff-933b-ff5e9e644f14", "value": "T197448E4663A44495D07E8272869397B7EAB07C145F1057CBA2A0FF6E2F337D2A73A305", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685843199, "uuid": "a7697838-94fe-42bc-9566-b2fcffc5a5be", "value": "8a8dc8ce5095001627500b8a055afd28", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685843199, "uuid": "315f433f-b635-49f3-abf3-9ecd987e5ff3", "value": "3072:V09hYHbuq0/DB6KvN7xm8L69ekGsytvDRe6N5lNJAgFx9kqJFXFkvmUXC/JeobRO:V09hY7u59K8Gek1y1DgcHJ1BaxQeP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685843199, "uuid": "fc364ef4-d265-430c-b07d-5c90f66e3b35", "value": 256000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685843199, "uuid": "1e2edf11-ea9c-45b2-afd9-acee293b963f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685843199, "uuid": "d67a7bca-27e0-479d-b294-829d70e80082", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f80d1fa5-027c-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685844625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685844625, "uuid": "2923743e-29cb-48ef-a75a-ddf3c785c760", "comment": "Malware payload (RedLineStealer)", "value": "c69de58aca86e6ddbc816f6ef7f4b5df", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685844625, "uuid": "4a3c064b-e39d-4a8c-9f9c-016c560541a1", "comment": "Malware payload (RedLineStealer)", "value": "116250380c8f5f6dde08165a098e7419063000d3eb9c02d424f25749f71a368c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685844625, "uuid": "8fe21bf9-9813-471c-8bc8-0796404bdf7c", "comment": "Malware payload (RedLineStealer)", "value": "0698938bfe22a7d82cc20211115ad4493c236c87", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685844625, "uuid": "0ae4271a-4a5d-488c-a843-bee9d39a4654", "comment": "Malware payload (RedLineStealer)", "value": "772f9dced02fd376c308a6bb85dc5e5a479be4306a3b84b1b53793352e4064cd390db1715be8f08d4c5057dbe359ed0c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685844625, "uuid": "08615aa2-57f8-483a-b4f1-c104a16991db", "value": "T10464E1113480C476E6A718B68965C6F2C97EFC361B386ACB3BC44A2D5F307E29B35746", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685844625, "uuid": "3f020030-7fbc-4e1d-8ac0-a7f1ec6b71d2", "value": "562d80e80506d670bb0daaf0cbeebb79", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685844625, "uuid": "043b86ff-8e3e-4d78-857d-4c1e05f1581c", "value": "6144:ELBCtVHkeIYKUwXZ3Aa1k1D0hCnUEWlyaVlPlEKsgDkx:+CtVHkeIUwpQkfCnUFpV/Igox", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685844625, "uuid": "62cdfd94-9c42-48ca-ad05-1088c3487ef8", "value": 311736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685844625, "uuid": "d8ffff7f-7a03-4fb1-b2a3-898d903d9be5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685844625, "uuid": "86159ca8-9564-4b90-aa96-0b6b2939b2b8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a51b5da-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910557, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910557, "uuid": "0c15474b-af33-4ec8-a9f2-7ccb72e5ed01", "comment": "Malware payload", "value": "5b39758c511adfb2cea4d18ce7af8707", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910557, "uuid": "a66b8b53-0991-4d80-b5b8-2da6f2d9f29a", "comment": "Malware payload", "value": "1355756055101d893a8ac444ba879a096809bfbc53f9c83886a7549441d6651a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910557, "uuid": "b49c1fe7-0afe-4eb0-acbe-d970a7809d03", "comment": "Malware payload", "value": "d9cf697c96e846866da12224de2df9b0ae144ae0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910557, "uuid": "f452b5be-b9a1-4fcb-912e-173a0b184924", "comment": "Malware payload", "value": "0a1e4c1938c29d73649ec077c43508959b7e950710810dbe0588e116052d22caed63b2af02a748e96c08b459f124c3cb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910557, "uuid": "94c5ce80-c9ca-4cd5-a023-3973eda48756", "value": "T119828D95B210D99AC1CC19365927DABC7A213D3ACD145E073EF0770F3E3275AEC06A4A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910557, "uuid": "6772d09c-cc10-4412-905d-f2dfc530bb5d", "value": "87bed5a7cba00c7e1f4015f1bdae2183", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910557, "uuid": "2cf4e85c-fdc8-49a9-886b-f453f3fea0c6", "value": "384:ny2LDTs8hsF6qtK8lzQ8+Sych3mYvCPHxx:y2LXVhaTtDE8VfCPHxx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910557, "uuid": "df940da3-c2ce-4665-9630-1be3a13538d7", "value": 18038, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910557, "uuid": "cb6bd7b9-19db-455b-856b-c05d48f0a5dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910557, "uuid": "eb72d845-781b-4a63-85b7-d01db5f1b8a4", "value": "SecuriteInfo.com.HEUR.32486.10933", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d532167-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910535, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910535, "uuid": "ee5e8b25-2c9f-4e6d-afb9-d500f2e8efbc", "comment": "Malware payload", "value": "10b1324daefdbab5b2a13b4bc5ea53a9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910535, "uuid": "e2dfdb59-61ef-46bc-9b74-a511c0d5d198", "comment": "Malware payload", "value": "146cbdcc181667dfe5164a5898168ba05e01801bf52f17ccf0bd7b4ee8488ef3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910535, "uuid": "0b25c6d6-4f9b-42d4-90ee-31f4622c9395", "comment": "Malware payload", "value": "6657c0fa5f1e62d4d9d3ee85fd403bee73639b64", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910535, "uuid": "deea3fa0-ca23-48a5-8ab7-1f82387140f0", "comment": "Malware payload", "value": "2c7832843ea36d460ec64ef20335b9f3e599408e6c0e590b4538b17f9743bc72128f76a5ef615f430412beee3ed989fb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910535, "uuid": "36dd76bc-fd3a-440e-9cd6-cb167be5d699", "value": "T11AB57C3BF49D6073C0660B311CADA1767BBB7C787100232B5A47E990BB276177D99638", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910535, "uuid": "37eb96fa-aef9-4006-a8b9-d49e3c32068f", "value": "1536:bbazjiPjCotCt164CzkAb8b8Y8bDvNCT7BjRoq5cdTGAxUJz:SzGpXkAb8bMDFCT7tRojGZR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910535, "uuid": "d31e5dcd-15ac-478a-82a6-1468413809a3", "value": 2301952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910535, "uuid": "1dfff8f9-0d53-4fa6-a7e3-5f430136d17f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910535, "uuid": "aece5ebe-6a5e-465e-b3e8-d3bec3c90f5a", "value": "SecuriteInfo.com.Heuristic.HEUR.AGEN.1343841.22789.5350", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f11bc85-0281-11ee-b3cf-42010a9c0076", "comment": "Malware payload (NanoCore)", "timestamp": 1685846409, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685846409, "uuid": "3471adae-edb7-450f-ad8f-7dfce727e060", "comment": "Malware payload (NanoCore)", "value": "81b7988b523fb109b834c76e7f0fea10", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685846409, "uuid": "a17632d9-ab21-4d97-b8e1-b7765695df47", "comment": "Malware payload (NanoCore)", "value": "1617174ffdba50f5efa07c53e0ffb0d765f35cbe821173bda7cd96c1f5cfe5cd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685846409, "uuid": "697c7583-a9f7-4245-b37f-5fe67a78b525", "comment": "Malware payload (NanoCore)", "value": "9d14022defd1373971a2892b1a5b5bbe830280ce", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685846409, "uuid": "7cfa96f1-56ca-4b89-8187-455269fbe18f", "comment": "Malware payload (NanoCore)", "value": "6fb59d7de6ec9dff1a2fe6e81ae2ad78f2c9aa77c717612e5105820370d8ff018628c34266ba7d92968611d4c169cd65", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685846409, "uuid": "6c584ba6-507b-49aa-8c87-9e549eea1f6c", "value": "T142C4BE203DFB5119F1B3BFB65EE075868A6FF6332A17E45D104503864B23A81DE91A3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685846409, "uuid": "17157a20-015a-4e1d-ad59-b9477c4556b7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685846409, "uuid": "c3ed82a2-c21c-4145-b0b8-a17d79ed9ba7", "value": "12288:FKk4DbF53e0IUFLuEEfrrmdQ5S/eMGXZLfJOSq7Ls9:F0SEwrmW5PMGVJOSCL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685846409, "uuid": "0fabc882-3bd7-4c12-885d-5b0a6df1bcaa", "value": 546816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685846409, "uuid": "be5c3733-4342-404a-820a-a62d72460715", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685846409, "uuid": "91733988-f386-4035-9639-8875cab6883d", "value": "HEUR-Trojan.MSIL.Taskun.gen-1617174ffdba50f5e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64345925-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910520, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910520, "uuid": "021f7289-2b33-451b-952a-c7f1d872439b", "comment": "Malware payload", "value": "54892e43202750186c97cd821b8f64c2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910520, "uuid": "4faa7a21-3d6e-424b-a22a-fea47aa0f2d9", "comment": "Malware payload", "value": "163f91ad022b73ccf0c9fdf9f98ce59fb73346b15d99d2f0596bb9d0f51ff208", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910520, "uuid": "c69df514-729a-4fd1-86f5-448567a650a6", "comment": "Malware payload", "value": "1301fc5891c54bf68c8c25471a301c11735a6eb7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910520, "uuid": "f648d5a4-e93e-4820-b7a7-165003ad04b7", "comment": "Malware payload", "value": "cc5ec4f7d4a6ff7b87b48adc7661032752538ff9a369ae96f88e0f70e5e4d79362122d1255175ce38faaef16a35c419b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910520, "uuid": "e6421aef-fb15-48dc-871d-983049f50282", "value": "T1CEC36EADE921D932F46A4475C2B1F6F9D45D6C81DA26A91B3C6D3F0ABB7BE00070844F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910520, "uuid": "f5a818f5-268d-4c18-9102-b04bd2253563", "value": "768:EFxzpniFB2uWOOoeHmUalZ1G9P/z/8ovFSj1HLs:g1pm2VOtUaH09jkWo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910520, "uuid": "49ecd16b-25ea-4993-9baf-053a6b4a3345", "value": 126976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910520, "uuid": "e59c6d39-b5ee-46a0-83c4-d569941db656", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910520, "uuid": "3738f0dd-c6fe-4158-adf2-0dbc0377331f", "value": "SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen2.822.24358", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "56017513-0280-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685846071, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685846071, "uuid": "9e3d3ece-634e-456a-b913-1b6493661ecb", "comment": "Malware payload", "value": "17d55dc09e2a3f10d4ee45156c2c53f1", "object_relation": "md5", "Tag": [ { "name": "linux", "colour": "#27A4F0", "exportable": true, "hide_tag": false }, { "name": "Locker", "colour": "#0F83CA", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "sh", "colour": "#DA83B1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685846071, "uuid": "9e69f254-9558-4356-a758-d24c2fc32569", "comment": "Malware payload", "value": "16d9e969457a76874e7452e687a7b6843c65ef75d1a4404d369074ad389f6c38", "object_relation": "sha256", "Tag": [ { "name": "linux", "colour": "#27A4F0", "exportable": true, "hide_tag": false }, { "name": "Locker", "colour": "#0F83CA", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "sh", "colour": "#DA83B1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685846071, "uuid": "9f4d1f1a-085d-4e44-bbf5-e416ed0f6154", "comment": "Malware payload", "value": "317f296131b37a73c9a5d253015821dfdc8b1190", "object_relation": "sha1", "Tag": [ { "name": "linux", "colour": "#27A4F0", "exportable": true, "hide_tag": false }, { "name": "Locker", "colour": "#0F83CA", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "sh", "colour": "#DA83B1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685846071, "uuid": "c6c5d2f8-0bdd-4abe-be01-0b61dc9afc7f", "comment": "Malware payload", "value": "41e56b8bc6854b639d738ac2e9e9a3bc2cdd06ce3a8cc2dddee5abb89979a13ed9026cb929c89220df8ac9a3b822d82e", "object_relation": "sha3-384", "Tag": [ { "name": "linux", "colour": "#27A4F0", "exportable": true, "hide_tag": false }, { "name": "Locker", "colour": "#0F83CA", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "sh", "colour": "#DA83B1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685846071, "uuid": "91b36c59-df21-460a-9eef-4e0c16050558", "value": "T1B521058A704AFD717F80043A7FC0472E58675BB7BE124E6F780A9534A8ECF6A355414E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685846071, "uuid": "5e2a2582-6ecc-4b84-8534-1d7ded69dc79", "value": "24:hrbGEihgZV6jR5bsNvjkzV+kHBNkAf0Y7I/KY6DX:piOubHZH4GL7Ia", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685846071, "uuid": "5b84ab08-3f1f-42cc-bd88-38952d2b8722", "value": 1219, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685846071, "uuid": "c7d4de00-c8d1-4df5-b207-9eb85d857856", "value": "text/x-shellscript", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685846071, "uuid": "49840814-ece1-4c15-b1d2-e0500cf4c763", "value": "script_linux.sh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a61d56ba-026f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (TeamBot)", "timestamp": 1685838904, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838904, "uuid": "f0f36052-cee8-4d56-a99d-8b89bb4e6168", "comment": "Malware payload (TeamBot)", "value": "052762eeb29870873c6f78a9a0cc080e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838904, "uuid": "3ea1687c-a9c8-47c6-9cfc-8ae69fb35bcf", "comment": "Malware payload (TeamBot)", "value": "1c2bd40f0fe013224a38342db87347683a2ea64d5e6c1599261ec3627d4be4ff", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838904, "uuid": "153e0ce5-78c8-40a5-a1ec-0a40bc241be1", "comment": "Malware payload (TeamBot)", "value": "45d829ad65bfeb606c9c5372dc394cf8e282d10a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838904, "uuid": "c3429953-eb95-46e4-96b9-ec4f59c595cf", "comment": "Malware payload (TeamBot)", "value": "8aa380c209ae6e511db33a4831d66733f1caafde1f38fa7606e81c3dc7e5d950cb09cae67122a7023b0ffc4766a5361d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838904, "uuid": "57d496e3-bf10-4d7a-98b1-121f04504390", "value": "T1E6445D1362E37C61E5165AB28E2EC2E46A1EFF518F5737DF22186E1F09711B1C272B42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838904, "uuid": "292ab580-820c-4a9d-a009-9acea01155f2", "value": "9bbc9ec767e0d044dbe137327e0459fd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838904, "uuid": "591f65d4-4fa2-4ea9-8510-f9873e35cae8", "value": "3072:kmU3qsMyBCE89oPwgrpaAXNQzFFt29ND8MlUUnjCJiDRygvFaTQia+:T1pxoIgs0QzF+8Mlf2+J4Tv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685838904, "uuid": "aab93a32-e14d-4aca-8119-b981fce0f4ca", "value": 270848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685838904, "uuid": "ffc679b1-8c3e-46c9-9a14-05011a9ee659", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838904, "uuid": "a131f5d5-3895-4120-8891-b4294a22150c", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d0645b9-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685905005, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905005, "uuid": "b0b96a47-8a02-4f16-bb85-da452f00af38", "comment": "Malware payload (RedLineStealer)", "value": "e93f2f880bfb1f5bbf319406a2069559", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905005, "uuid": "8c1b87a4-5e3a-42a8-9aaf-97a349f88939", "comment": "Malware payload (RedLineStealer)", "value": "1d42233e6734f00103118472b49ca42456b740e7c08fc2aa894d098643fb7651", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905005, "uuid": "386cc2a2-df3a-4476-a1d5-452fac2867b7", "comment": "Malware payload (RedLineStealer)", "value": "1069ad903ce25a8312c0bcafc852aab4a0288646", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905005, "uuid": "89c3e4d9-cffe-49c1-bb4e-bec43cb79965", "comment": "Malware payload (RedLineStealer)", "value": "01c270d277e90db9e64b8813c57a93242e81d4bada73dc95fdd74c26dd64b2f89c5e77c9ca1e49e6a609f61fe2f096b8", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905005, "uuid": "a64c00e3-45a9-464e-b29b-28cc423dc3ae", "value": "T163C4120257E88123CCB127F4A9F602D31F39BC9198F4836E2796A9591DB36C4D97237B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905005, "uuid": "c8ffe0b2-3ea8-42e8-9690-5977f998ffc6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905005, "uuid": "fd8654fb-1a55-41cf-83b7-c15926afdd6a", "value": "12288:hMrTy900OGFD31OFgBXZXxu1z/JxkVcsDf4Ms++wSSFMpZ3tvs9W:+yDOGZsFyJhu1z/Jo9fps+dS8Mp/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685905005, "uuid": "91940431-1fb9-4522-97af-af1236f70cd1", "value": 593408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685905005, "uuid": "f95611cd-e44d-4fde-a9b8-b6c5f3642ed7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905005, "uuid": "d3d1b689-0c9d-4a50-9106-885387ce3d29", "value": "05671199.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "876dc3ba-02ed-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685892969, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685892969, "uuid": "77b5bcd0-2073-4b8c-a771-df61720dc5dd", "comment": "Malware payload", "value": "706c4e397de8260d889cf83ba6707e7c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685892969, "uuid": "d55c80f3-5e0c-4d3d-9902-bcf5a286aaaa", "comment": "Malware payload", "value": "1df360694e4b54909b416b5ef5095e54827c8e53d77885032df144272508f013", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685892969, "uuid": "0948f68a-f879-4016-85d0-ddd94d18fada", "comment": "Malware payload", "value": "dd4510b6e29157b56b894e06cc8f8687f4af7143", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685892969, "uuid": "8499fe42-62fb-447f-93e0-dc1412c243b5", "comment": "Malware payload", "value": "eacd2d9a19b848f7c3e49dd98c303d1747a9c9c1e4eb87051e60429bb3f51d629953dd50b636e9ada95258e4f4231d1f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685892969, "uuid": "234b81e8-f0e0-4230-9c29-cd3fa91eaa3e", "value": "T126A4124032475376C05859388CE7311983F2B74F3237C7862E596AC91F67796EB8ABCA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685892969, "uuid": "bd1f9aec-745d-4775-b273-bc689923ce35", "value": "6144:Ih7kAkJ0xZuuRlxnUDcWZXA3Zz9mTFLHjhzypfbVb4vG8nYH5d7cwSthf64lv:IJLkJARWIyXa5ULHjIZKYH5VvStRTJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685892969, "uuid": "03ff45cc-5a81-4e1a-b1e7-366e4c475ad6", "value": 454144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685892969, "uuid": "0c5790eb-fa67-4e67-a669-97829a00f10e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685892969, "uuid": "4c000ebb-dbc0-44de-b2cb-3be303146dfc", "value": "A.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38d240cf-02d2-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685881241, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685881241, "uuid": "86c7fc82-6e94-4b5b-b554-cc048b67bdc9", "comment": "Malware payload", "value": "9910f6b829740b5c3459c4c43da3112b", "object_relation": "md5", "Tag": [ { "name": "vbe", "colour": "#90A20B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685881241, "uuid": "9980e4b1-42c4-412e-8c87-323b181bd6e9", "comment": "Malware payload", "value": "1e8fcad5bf7534c7519863c7c8ee865fcab34861a1776ab3977f05304fe622d7", "object_relation": "sha256", "Tag": [ { "name": "vbe", "colour": "#90A20B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685881241, "uuid": "d03b1b70-441e-4bc5-a413-147109b335ae", "comment": "Malware payload", "value": "6f63b0d36d04c8117fd1f5a9a46ead2a2006a69f", "object_relation": "sha1", "Tag": [ { "name": "vbe", "colour": "#90A20B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685881241, "uuid": "238a934b-d952-4700-85e5-1726ca35c5eb", "comment": "Malware payload", "value": "0aa86eab9cbde02a7506b1ad0fa67120cbfae5002f15e7be91543e77d52a3fa1104d42211717fd6fedd6bdfdd7393e08", "object_relation": "sha3-384", "Tag": [ { "name": "vbe", "colour": "#90A20B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685881241, "uuid": "cb5aa14c-ce54-4f91-9086-746f4149a317", "value": "T1B163E73E1DA9417A6DB39644C8C8E6AFF76425AB360E2C1D05D7D31612C3A092BC17EF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685881241, "uuid": "a49dcde5-5e11-4872-807c-395315de4e94", "value": "1536:Wh/e/P/y/W/c/4/n/f//F/2/4/I/u/G/S/Q:WR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685881241, "uuid": "4a53d3ce-039e-44e7-92d7-2954c4b71a68", "value": 71276, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685881241, "uuid": "6d77437c-e7ea-4ca9-829c-33f41f3826ea", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685881241, "uuid": "e5dce9a6-f6e9-4855-ae05-ee700189033c", "value": "rUpdate-jc_r.vbe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87d3175e-02da-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RecordBreaker)", "timestamp": 1685884809, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685884809, "uuid": "19caef67-9680-4ca6-8cd9-1a81df42aad6", "comment": "Malware payload (RecordBreaker)", "value": "79b00d62e0cdaac9f3231dc0de472e97", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685884809, "uuid": "48f7ce55-fa50-415a-9b26-bc34d6eb011e", "comment": "Malware payload (RecordBreaker)", "value": "1efe7e276b7b35248dc5ff09a38e1f85b7c425367385fa51adaeebcca4e54e4c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685884809, "uuid": "d9d658a2-4e65-4156-98ca-e885eb910196", "comment": "Malware payload (RecordBreaker)", "value": "9737d557bd2bba4242704c728e04446b3956f6ce", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685884809, "uuid": "a4db8db9-2854-426b-b794-5ff4e6c6aed7", "comment": "Malware payload (RecordBreaker)", "value": "937c06c824ea7d0cd56de8a617bcaaeaac812e7b5cd36e8e261d7f714885baeb5ebb46fa1d79ac31006fc0ba65a22116", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685884809, "uuid": "a71924c4-02f1-41f7-a34a-21e35a225f45", "value": "T10B44090362E07C55E7258B328E6FC6E8B6DEF9918F5977672228AE2F04701B1D173712", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685884809, "uuid": "c0fc24a7-9960-40d8-9c1c-6a28ed6e6f08", "value": "dba326f5cd5a4dc03ea490628c7210fa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685884809, "uuid": "fc1e9c5d-c73f-4932-8170-168b7a1f2fd9", "value": "3072:tszHfeiedXYUv8UG/3LmEMFWjbay33Yr6plgA7r+o4jhKqjV9W+uTxj:GzHodXYUktTyF/ynQ6wAPEIqjjSd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685884809, "uuid": "943f3bd1-db06-483b-a9d7-c8b1334be47c", "value": 272896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685884809, "uuid": "7d147571-757a-478e-bcc7-2fa9155138e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685884809, "uuid": "cc1fe60c-0cda-4215-8aa3-029a7b1f02a2", "value": "79b00d62e0cdaac9f3231dc0de472e97.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5101fc1-027f-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685845801, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845801, "uuid": "1cd3d5db-ae30-4571-a8b6-dcbad24acd14", "comment": "Malware payload", "value": "c850f6816459e3364b2a54239642101b", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Exsi", "colour": "#E2BAAB", "exportable": true, "hide_tag": false }, { "name": "linux", "colour": "#27A4F0", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845801, "uuid": "478e4622-7f24-4015-9a8f-2bb5a2d1dd2c", "comment": "Malware payload", "value": "21162bbd796ad2bf9954265276bfebea8741596e8fe9d86070245d9b5f9db6da", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Exsi", "colour": "#E2BAAB", "exportable": true, "hide_tag": false }, { "name": "linux", "colour": "#27A4F0", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845801, "uuid": "e405997b-87b9-4ca3-b763-4fa23535ff1a", "comment": "Malware payload", "value": "30c60f18279ed5fd36e3ac2d3ba5ddbdc5d1f624", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Exsi", "colour": "#E2BAAB", "exportable": true, "hide_tag": false }, { "name": "linux", "colour": "#27A4F0", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845801, "uuid": "dc935443-3f51-4fc0-b7d1-883fcf2bd2cc", "comment": "Malware payload", "value": "ee805d1c88eabe3ae83c824452a3b5935980a2d63c9deade7435860651758a4f1caf90251b85ba4247f3532361f2f47b", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Exsi", "colour": "#E2BAAB", "exportable": true, "hide_tag": false }, { "name": "linux", "colour": "#27A4F0", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845801, "uuid": "b9c4b159-3967-4e03-aae6-912eba63c18e", "value": "T17D365C0B76A324FDC1A6C430975BD6636C75B85442217D7F2688EA302E76E305F2EF62", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845801, "uuid": "ec56ef44-f1c3-46d7-8fc4-740f3cd318d9", "value": "98304:nxygRxtJ8tcZe32l/+jMSXYTU4BcoPfa8/X:Stc0kbSXWJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685845801, "uuid": "5b0656f9-ba32-4040-9daf-3f400bfab3d4", "value": 5301056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685845801, "uuid": "4f209a71-cb7c-4d55-830b-b5de8f7a44f6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845801, "uuid": "1b590d5f-391b-4e93-9497-9a91b9126aec", "value": "164f8295_linux.elf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26fd2aca-029f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (DanaBot)", "timestamp": 1685859307, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685859307, "uuid": "51c9a454-68e1-46fb-a685-7fde0df7b21a", "comment": "Malware payload (DanaBot)", "value": "b1d4dc3e5c3ead845633192b2ead54b8", "object_relation": "md5", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685859307, "uuid": "279d9c6e-a27d-4552-9509-97e963dd7ce8", "comment": "Malware payload (DanaBot)", "value": "222243b9e36aedde4fed2b6a8a5decec275855d21217dc05069b20bfff504973", "object_relation": "sha256", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685859307, "uuid": "6ea3b201-1c11-478b-8e30-1777c18c64b4", "comment": "Malware payload (DanaBot)", "value": "d218d3b60d05815276b0710936ccb6cfbe5e8988", "object_relation": "sha1", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685859307, "uuid": "1417dc0a-2aef-4c7a-9c54-a581ab5a0552", "comment": "Malware payload (DanaBot)", "value": "fd19817d188162ae86f09e031ce89320fb08a342b5c83ed38a5e1aab0506bc3026d3c0df9c9b156bdea255e4b9331047", "object_relation": "sha3-384", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685859307, "uuid": "5147f358-d16e-4d92-84e5-a2544e279288", "value": "T1EA555D33B249A53AD0EB06364623A9C4543F777267A6CC5F67E448CCCE3D2801B7666B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685859307, "uuid": "025ecb1c-784e-49e5-b5e0-ac2781c8141e", "value": "f9e81afd2870aaecd8ace36b2893b1d3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685859307, "uuid": "8117dacc-ff17-412f-af74-0f37f2fb5f39", "value": "24576:v8FGeFev0cpnnAQqse/09FdOp+Ad7TEyCxyIhTHe6PKpglcJ:kI0vldHEyOhT+6yph", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685859307, "uuid": "5e373ea6-cb5f-4db9-bece-ebbd39b4af65", "value": 1397248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685859307, "uuid": "8ca93c5f-dc5d-4e98-9224-2507e93fde23", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685859307, "uuid": "a0756fac-3f09-4a4a-8057-404214ab942e", "value": "Trojan-Banker.Win32.Danabot.jrm-222243b9e36ae.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65d8ee00-0271-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AsyncRAT)", "timestamp": 1685839655, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839655, "uuid": "93a3b82e-ee6f-4133-a5a4-16e0cfe6a9c9", "comment": "Malware payload (AsyncRAT)", "value": "13de864eb9715545a75d871150c7c229", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839655, "uuid": "9e0d4f03-f18d-4b6b-b9e9-a01a192eeb65", "comment": "Malware payload (AsyncRAT)", "value": "222bf90aea280b6aeefa439ceb36ecfe25674f355bbe5e5982dbce4794a7dc19", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839655, "uuid": "5f7e498e-8000-4af0-8405-d375f077de3c", "comment": "Malware payload (AsyncRAT)", "value": "5412e870ba7c9dcb3085e011d84e577dc570842e", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839655, "uuid": "2ef1a56e-4674-4a8a-a1b6-2c24ef11a48d", "comment": "Malware payload (AsyncRAT)", "value": "1721cd5e0d72c43beba8a19befd179bf4325a9fd8e2f3c131332bea72cefa5fe14ad47f881f28c2f99b4d764be3f0b9f", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839655, "uuid": "58b6ce9a-59f1-4163-a4c5-35125659f1a6", "value": "T18E231A003BE8812BF2BE5F78A8F36146867AF2673603D54E1CC451DB5613BC69A425FD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839655, "uuid": "15261cef-27ee-4aa2-9314-69ed041a02e3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839655, "uuid": "22000540-9aaf-4335-a1b0-15235b0c8ead", "value": "768:Hu/6ZTgoiziWUUM9rmo2qrf77jY1PIdzjbcgX3ikl8rno1KzBDZjx:Hu/6ZTgle247ISd3bzXSssdjx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685839655, "uuid": "bdff46fa-ea67-494e-a210-7dd25fb37f14", "value": 46080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685839655, "uuid": "dc1add25-7f76-48d1-90a5-7bf6821735b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839655, "uuid": "69929ff0-1102-44c2-8c88-282d69bb3518", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9629c0ce-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685905020, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905020, "uuid": "694cca79-416e-435c-ab99-ec5a9d6fd394", "comment": "Malware payload (RedLineStealer)", "value": "4fecb1d7deb6932dfa5317593b17f8a5", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905020, "uuid": "d5bbd9bb-83b1-4fa1-a665-bf484c4c5c4d", "comment": "Malware payload (RedLineStealer)", "value": "22551fff44698c2f7a48d2f4b8a7bcb58dd44a70e0b01db48d850bb1efcbbd56", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905020, "uuid": "c2aa9e94-290c-4d27-81c3-d0c9db2664cb", "comment": "Malware payload (RedLineStealer)", "value": "2005ff6e0b79af16512c6db32e65d2c1ae021c9d", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905020, "uuid": "f75435fc-91c9-48af-979b-c1c97a636c4c", "comment": "Malware payload (RedLineStealer)", "value": "b689f65ff05b8ea096d188ce2d97681d1673a52096d569aaaec6ff853884185d2c828df6e648b2eeb5a79396ceba1551", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905020, "uuid": "f0b422e7-d3f9-45bf-b36a-6e5c2d1bc377", "value": "T1D4C41256AAE85476ECF52BB04DF513830A317C624D78A36B2785ED4F1C726C8B431B3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905020, "uuid": "d76ec70c-7c8c-47c8-ba00-b29f946243a1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905020, "uuid": "6e91d864-e247-4dcc-938b-43aac289751a", "value": "12288:RMrZy90+D8295Pkghk6ehZJDPhW82zqzNdiBjt5351qk:8yzdk93zr2zqHejt53v3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685905020, "uuid": "639eb1a8-3d31-4a22-b5fd-2d1656e0340d", "value": 593920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685905020, "uuid": "3fbdc80a-cd8f-4119-80b6-8540a961750c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905020, "uuid": "5bf234d9-8813-4d7b-9d8c-a55ec7314c92", "value": "05920899.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c2d77a0e-02fc-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RecordBreaker)", "timestamp": 1685899511, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685899511, "uuid": "ea892037-80f3-4654-acfb-f90ba67a0f02", "comment": "Malware payload (RecordBreaker)", "value": "72ceccc9998a49d984bf8648262304f5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685899511, "uuid": "f75eb9b6-b6b1-4ad8-af8d-e58334f6280d", "comment": "Malware payload (RecordBreaker)", "value": "2379723159ed6b1301813d5e06ae76370cb218b7f3b50c4bd4306db1682f2ccc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685899511, "uuid": "4a799529-9847-4abb-bf0f-c71a10566b47", "comment": "Malware payload (RecordBreaker)", "value": "3c37827070f8d4eb726f59a0d4f2db0d8f1232ca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685899511, "uuid": "aa074d8c-dc3b-43ae-b34c-10b517ee86b0", "comment": "Malware payload (RecordBreaker)", "value": "4235a30bbc99b6983f4674d034225147cc6e1298aa2a48e439a655e6bb16adea6be4bf1dae27873f3eef20b256f10690", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685899511, "uuid": "dcd865ef-ceda-460c-ab6a-ef999dddc133", "value": "T18B441A53E2A1BC59E5264B7A8E1EC2F8361DF9518F09F7A6321C6A2F07F0171C1A7712", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685899511, "uuid": "ffd6ac18-c07f-4bd0-b61a-c166e50cbe69", "value": "7dd63bd9e1295342f1e09fc97326cbd9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685899511, "uuid": "487eb7fb-df24-448f-a87d-a3028479d36e", "value": "3072:x6sSW20yS19d7Y5fLagUTxegZtSR/E4jOC:QsSWZ19d7Y55UTx7Zta/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685899511, "uuid": "1d25e0ae-3bbb-4689-8210-95bbad316b21", "value": 266752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685899511, "uuid": "e1eb51b2-07fd-484d-9c68-cf8115920396", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685899511, "uuid": "0d68ac84-11ff-4085-84ca-a5204904f564", "value": "72ceccc9998a49d984bf8648262304f5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "652b7ac5-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910521, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910521, "uuid": "e80cb99d-cd9c-45b3-88ca-d1d60e38b1ed", "comment": "Malware payload", "value": "ec7f775d7527411b38b659b2748cd58d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910521, "uuid": "29d147c5-718e-498e-9ecf-724d425377d2", "comment": "Malware payload", "value": "24f8a285ffe17a0593dbf35124fd65ff10556ba0f1436f3ca779f7af6a675e97", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910521, "uuid": "8bd7235e-1448-4abc-8edd-66dcde4b8ab2", "comment": "Malware payload", "value": "b951a930a3ff9d1428769a619cf5ddafca748ccd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910521, "uuid": "839fe1ef-2ac8-4244-a68f-3223a63707e7", "comment": "Malware payload", "value": "81348940f924a00ee5f98ef3c3e897c0f0f958ceeb9f6c5aaef0ef3c48e3d9d4d794d7af289e9ed27f62173aa89c0004", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910521, "uuid": "3ddbddcf-665c-4400-ad35-98b4445ffef0", "value": "T19145BF127EAC841BF11346785C5BB3ECF6AEFE413D2464872661BE1CEE7A7403963192", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910521, "uuid": "25aeec93-023c-47db-be3d-71563db70434", "value": "12288:jKEVrZodzdueZ6g3L41ImZcAL6nNJpR5UNWibIjRmEGh1OIImrOnRRoa0hrZUScL:TTu2OIIKrUi2Gj1xI4x0GFyG0eTz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910521, "uuid": "170a252b-0ca3-4bb3-86ba-4738edc1c119", "value": 1179648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910521, "uuid": "0bf71eb8-a370-4857-ac8c-1e2529a38e30", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910521, "uuid": "73cf5ca2-4ab6-453e-97d9-8bc58941998f", "value": "SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen.21991.8440", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3cebc168-026e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1685838298, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838298, "uuid": "73cd5bb5-8932-4912-b2af-7ca1b0ffdad8", "comment": "Malware payload (Stop)", "value": "51c7e0efb85278b12512865fafb9f6dd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838298, "uuid": "db3bc287-66a5-4970-b62b-1f6eccb7c3af", "comment": "Malware payload (Stop)", "value": "25496980921ecc62c35f5c9a763cdf6967dad79208712cce62e7e1d7f71e5e1d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838298, "uuid": "ebbefacf-86fb-4879-ac90-703c858202b2", "comment": "Malware payload (Stop)", "value": "d17e2ac66a9e3a4dce8d2f471b943ac6ea600e1b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838298, "uuid": "f15f0fed-6587-4bd6-b7f1-daa036e532ff", "comment": "Malware payload (Stop)", "value": "ab37b3cc5500db7d6a950a52239e4cbe25f859c89093d4545683c62f4ca0d19a17ee70e355705843d0cdba8e80416ee3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838298, "uuid": "bf82871d-cf6f-4cfc-84eb-e572efa15fb3", "value": "T19C05D01362E37C51E6274AB18E1EC7E86E1EFB518F1B37FB1214AE2F05711A1C562B42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838298, "uuid": "17dc2788-fe47-4927-bc5b-5bde1b1925eb", "value": "08b56125ba7e99bd17ba88b830247aad", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838298, "uuid": "65aacfc0-8949-4253-ac08-cc1664a1d4d2", "value": "12288:Fr8/uX8a1c7be8xzPMpfa7mcu3s3GY0lLJ9950bg9G8QsawRtGiBcdqEZEjQNHb2:Fr1Ma1/8d0Smd3wc57Ug95QshM5X7Z7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685838298, "uuid": "73fafe9b-e459-46c4-99d6-cff3fb58b3d7", "value": 817152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685838298, "uuid": "f0f01728-fe8d-4fe7-9262-0e1cb41e280e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838298, "uuid": "a039a131-9cda-47bb-b823-4a1948811f43", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0b4ebca3-02c3-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685874722, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685874722, "uuid": "6cd8b680-6021-4b9a-b675-0dc153a9b851", "comment": "Malware payload", "value": "7e2d7ac55c73c35419f9a8a3740e5c74", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685874722, "uuid": "14dea238-3eb3-4abb-a79f-c447334857c8", "comment": "Malware payload", "value": "25d05e21925583b5f8c104ec7bf35706023d6b732d31756324ee59afb1cedda1", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685874722, "uuid": "7fc64497-fe20-4ece-a267-c23f53c34664", "comment": "Malware payload", "value": "fcdc4918aa9c643e1c94c0fef2f591f9c6a1de5a", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685874722, "uuid": "26c40114-7861-4fe2-8b00-8da1524ff22b", "comment": "Malware payload", "value": "dbd34a00f68cc77fd00f937125df8b91de439a390f81575291650ab8bf6fc4eb30e72e3e2cb8e1ba5f9c001332fbbfe0", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685874722, "uuid": "a27ebdcd-bffa-4414-9d60-9cc36bc64e6e", "value": "T188E633256D87A631D6BA15340CBF176422F57E360E2046C79310BE4C3E762D12BBAB6F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685874722, "uuid": "2d02d0a2-bd7f-4c5e-8a43-50823082157e", "value": "393216:MLsfZ/w3BZlQIEU30XHwzAPm2LSi5lZ0acv:asJ2a40XHZm2Lt0Hv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685874722, "uuid": "6a72e2e2-d54d-406a-8284-a4ce7872a5c1", "value": 14563328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685874722, "uuid": "0b15a808-9017-49a0-a648-8e2515f762f7", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685874722, "uuid": "eb616f9d-3672-4e63-8249-523434824695", "value": "Meta Ads Manager setup.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "788c6fb5-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910554, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910554, "uuid": "2212f893-a3fe-45ec-8d36-b3d4b631a9e5", "comment": "Malware payload", "value": "b4cb6a892df15f27bdf7ee3c3b311fa9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910554, "uuid": "dff64ab0-dca7-40f6-9f6e-9f6c2cf51083", "comment": "Malware payload", "value": "27aa25d5b6fb4aaca80a12cca74d50e10676de332d019b64541a8786f631fd0f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910554, "uuid": "cacd9a55-9f3b-478b-9783-468fc084836c", "comment": "Malware payload", "value": "4ef792693aff77e6ada61940ff879d4aa70201d5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910554, "uuid": "f74a99ee-60db-4ca9-b1c6-9ff628a8d5dc", "comment": "Malware payload", "value": "bc6086bfcc92a2491c9cfa06c01afe78b6b2c7ed35ba1140b1c3dd5aec053c5374f77a49285ff7db533e09a0c669a16a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910554, "uuid": "e68cf9bd-9892-4130-a345-bf2d50e4bfe3", "value": "T11E829D95B220C8CAC1C81935186BDABC7B213D3A9D255E0B3EE4370F3E36715EC06A4A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910554, "uuid": "1dca1ef6-9ab0-4a5d-b44c-95d1a76d2122", "value": "87bed5a7cba00c7e1f4015f1bdae2183", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910554, "uuid": "ddfa2448-fa3b-486c-8821-312bd846b10f", "value": "192:nQx8/wO8qU/LDZJpuuU8hsTJ6jPyztWz8lpZ2vlr8l+Sykth3et24Yvm1PHwlBum:uLDTs8hsF6qtK8lzQ8+Sych3mYvCPHxm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910554, "uuid": "21deb3cd-a625-49cc-b649-5b70b9b191b4", "value": 17994, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910554, "uuid": "e98f2c8b-6640-4931-97ad-5fc2e268ef5c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910554, "uuid": "d1f8951c-f710-4a15-8699-a422cc544b36", "value": "SecuriteInfo.com.HEUR.10536.22942", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6f62b01-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685905075, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905075, "uuid": "3956cad6-090f-4573-b549-c46a3933a824", "comment": "Malware payload (RedLineStealer)", "value": "7191ea538bf44aea79220ec3c7dc8c61", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905075, "uuid": "d04d2199-086d-431c-9b80-9ae651e8dbb2", "comment": "Malware payload (RedLineStealer)", "value": "2d19338a430f5c7e3fd615a4da2ec2261c941a97c1e7f31ee063d17f0a99cd9a", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905075, "uuid": "57306abd-a9fd-488f-a4ee-42ed26f5ad7b", "comment": "Malware payload (RedLineStealer)", "value": "e8de8f59473482efbde8038dc5468d8075fba0d9", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905075, "uuid": "b3c4ad81-031a-4a46-ab95-276fa52e5949", "comment": "Malware payload (RedLineStealer)", "value": "0cf38daea77315974c8e8592afb9f64d56116a01ba8bfaaeddd106a864af52e9ca79f5bc787083ddae44db17f9bb1bd0", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905075, "uuid": "bdb89cda-47e9-4bec-9d04-caac83f13124", "value": "T1D4052257BAD88173EDB567704CFA13D30A39BCA1AD34915B6799AC0E0CF26A0E435327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905075, "uuid": "b2ab48c4-52b8-4065-a397-36572b143327", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905075, "uuid": "3b7bfa1d-04fa-4324-b41a-d555047c2815", "value": "12288:FMrKy90F8TPE88WhQVQ73/+Qt5mhoNOREcVAfPPxwxtGosl6nQ9AXXY5J8f4NE:Ty+8TPE4hQVsDD6o55stQnAXXWJ8f4e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685905075, "uuid": "9f169615-4bde-43ba-a69e-e8b834d09506", "value": 873984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685905075, "uuid": "f790a1e5-123b-48ea-b484-1bc6c56b8046", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905075, "uuid": "bc505665-87dd-46ba-96f4-b7a4468a57e5", "value": "07874799.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fcad2a9f-02d3-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685881999, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685881999, "uuid": "9ee274fb-6e0f-4324-a6d9-3a9c5def3331", "comment": "Malware payload", "value": "64f445ba9b1ffd3a8ef68b6789f299a8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685881999, "uuid": "8bf8eb6b-748d-4b49-b113-b70cf629f769", "comment": "Malware payload", "value": "2f095a22becedc729c46165852628c05b854d7e43505469e7a257050810a865c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685881999, "uuid": "dd44cb26-690b-4b0a-b1ee-78f6ea6ee29e", "comment": "Malware payload", "value": "9f22b9cbb5ec8062b9d631b8f95c6406e8e4b0a4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685881999, "uuid": "952ed7ae-b553-48bf-aa26-f4c0307aaa71", "comment": "Malware payload", "value": "be258e79fe3d8feed3521bb89d9139ca177885716b8fbefebc5a6900a15920d6df8a317c10361d4f13ff33f79d2ed8fd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685881999, "uuid": "c0f40593-967d-4087-a221-201f963f576e", "value": "T191F0B7813F2CBFF323CC5248057062A25B0ABC33A6393571447C891B58DB1C3046747B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685881999, "uuid": "de2c609e-bf88-4fb7-9fd7-929b6706dbd2", "value": "12:mNpI5iiLPIxCk77nC0cssrlEy6QvR5qNhw8UHN7JszZjlEeQp2g7:sI5ii7Ixn3C0OGwq85N7idj6e82g7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685881999, "uuid": "96668640-c896-4387-8226-81d2513f76da", "value": 598, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685881999, "uuid": "ca82fc93-2900-46cc-a6d7-a949bbbaba12", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685881999, "uuid": "fad116e3-b897-489a-a8e5-4a363b0a50ea", "value": "rtxjkhopsh.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee5554da-02d3-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685881975, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685881975, "uuid": "a44f6873-485c-4fd1-a98c-0399888dcb94", "comment": "Malware payload", "value": "0e936a72d5a9da884c60d581f3b4a839", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "pif", "colour": "#A6A680", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685881975, "uuid": "98c146aa-5094-478c-968c-b8f60ced2db7", "comment": "Malware payload", "value": "2f47ff147505c245cfe85ab62fc404f97e1a1eab468b0e55715ca8d3bf8c2be1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "pif", "colour": "#A6A680", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685881975, "uuid": "926c4cc6-ac6f-48e5-8abc-f8f1b2e2deaf", "comment": "Malware payload", "value": "b0112a5aadae346741da25a000df3c7f92412899", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "pif", "colour": "#A6A680", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685881975, "uuid": "498a62b0-1cbb-43cc-872a-940911e8eb8e", "comment": "Malware payload", "value": "8fd031fc99a5c37a51a07d67d0c13306ad812de3b95ab4335cf9e6dead67ac11fcf2af0db0a6682649aa2322037ce89f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "pif", "colour": "#A6A680", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685881975, "uuid": "a1550f6e-fa53-46b1-80b7-631dfaceb406", "value": "T1D785AE037340C066FE5B4132CE5BE6326639BC754523A52F27943E7EFE702A1252FA66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685881975, "uuid": "3582f287-6bed-4756-94ba-09d9f6643d8b", "value": "07f236b4003a1f1174171e18cad3b475", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685881975, "uuid": "1d3fb4e6-f0a8-4194-889d-2f461f907af7", "value": "24576:xYgAon+KfqNbXD2XJ2PH1ddATgs/u2kaFIW5uX6VkYJXtjEqi/:x37+KSbq5e1diEnHaFIkrrI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685881975, "uuid": "25026ecf-f3bc-42e5-852c-3109e3d61f9e", "value": 1705086, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685881975, "uuid": "b3244ab3-a733-45e3-9281-6a1d4075cb96", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685881975, "uuid": "dfff11e9-37d4-4c7d-a17b-b801bda35d32", "value": "rcwhvst.pif", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0cc7524a-0303-11ee-b3cf-42010a9c0076", "comment": "Malware payload (njrat)", "timestamp": 1685902212, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685902212, "uuid": "20ba1ecd-b760-4f74-9836-d5ef420ff21f", "comment": "Malware payload (njrat)", "value": "426937c153dd506951c7f40a94094c48", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685902212, "uuid": "7ca02200-e7f7-4a4f-b7cd-c60163480903", "comment": "Malware payload (njrat)", "value": "2f5e7c5c9f1f697bfeb2341ce42743172950f1edacf9ca503328364354bca3b3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685902212, "uuid": "007c4548-d60a-49bd-882f-79ee611d37ae", "comment": "Malware payload (njrat)", "value": "fb1e60c760f716e3058e3187d701899ba136d6a2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685902212, "uuid": "2bcf5850-355f-498f-98de-f7c5b9a6d15e", "comment": "Malware payload (njrat)", "value": "f36d8902625b9f195738b4ac2363ab4906696156c2a45f7c09a595fd0577d841393b52c51116d4f2d36bc6d45affbaec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685902212, "uuid": "ec40b654-cb9e-4b55-9df1-456da2e8152e", "value": "T15815124A37E46069E5B547B184FA03935831BC712B7A92DF23D0D57A4E237C4AA32B1B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685902212, "uuid": "7673e046-a7f2-46bf-a9ca-63f3c71a037c", "value": "4cea7ae85c87ddc7295d39ff9cda31d1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685902212, "uuid": "1ae778bd-4788-4a4f-8529-63e8643ab647", "value": "24576:Zjy6Akw+amJpYfdwzcfeJs9ReYWCW8kCt9g7:w6Akwhm0fdXO/D8j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685902212, "uuid": "e657148a-09bd-40a7-b108-44c9e188a418", "value": 883712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685902212, "uuid": "43021bd9-097c-487f-9339-25eb65adaa0a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685902212, "uuid": "7be02a26-b279-4b3a-b2f1-c56f0075ad19", "value": "426937c153dd506951c7f40a94094c48.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0fbfd14-0275-11ee-b3cf-42010a9c0076", "comment": "Malware payload (DanaBot)", "timestamp": 1685841607, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685841607, "uuid": "14819c7b-94be-4745-aca9-acc571d66c57", "comment": "Malware payload (DanaBot)", "value": "73348daba269cf2fab1b11edf6691e34", "object_relation": "md5", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685841607, "uuid": "6e3b9d9f-7ce4-478e-9392-9cdab3c4d615", "comment": "Malware payload (DanaBot)", "value": "323e603adf8bc36267e2a67844ede41626a05025d1199b6e4776924ee51ca011", "object_relation": "sha256", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685841607, "uuid": "cd17f0bb-4a1b-4157-b5e4-194998b905ca", "comment": "Malware payload (DanaBot)", "value": "8a17b4885b4b57339b196bcdb0ed907156771cc3", "object_relation": "sha1", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685841607, "uuid": "bd3a37e0-43c8-4182-a121-092571cdb0c1", "comment": "Malware payload (DanaBot)", "value": "20cf5c32153db10dc1f858dec8e5112e023f46f128cb20e1dd76602e4accc4937f5f02d639e890e261cb4ed916027c00", "object_relation": "sha3-384", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685841607, "uuid": "4b04a1d7-c505-4452-833d-919109938ea5", "value": "T1693512207AA1C034E0B752F9287A83B8E92D7A72972054CF52D659FD13397F89C317A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685841607, "uuid": "8d83bf2c-dcd0-4669-b3fe-82150642561d", "value": "8771048b1c01475c23bc95fc636ac433", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685841607, "uuid": "94816b4b-b901-403d-8cac-af9c0f387ea2", "value": "24576:gv1pSscKQuC1LPUD9UiG6bhz1oF/gEp4toGVEuycKRHU9:d5v1L8BbPXoF/N4toLujK69", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685841607, "uuid": "2b83bbef-017c-4cd7-bb5c-bcf40b2662a8", "value": 1158144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685841607, "uuid": "f9f2b7f0-5822-4518-b163-5b6570787a6e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685841607, "uuid": "05808439-1cbb-42c5-a7b1-c6330cd3bf3e", "value": "HEUR-Trojan.Win32.Injuke.pef-323e603adf8bc362.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91aea52e-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685905012, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905012, "uuid": "78e0491c-9fcb-47f0-a075-f8f29af41598", "comment": "Malware payload", "value": "0700af96ef9f51d77c7a6280337d47d3", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905012, "uuid": "b09af6f3-246a-495d-b912-0d707a8247d7", "comment": "Malware payload", "value": "326268b9b19ecd4f5943b6a0a63a338a31ec0fa63cd06d8bf49d4062af928a9a", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905012, "uuid": "02209133-156b-48e6-8ce0-d938b695c537", "comment": "Malware payload", "value": "e8e16017fd61a24e72d3bf72f229faed1e415f41", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905012, "uuid": "c519521f-8dce-450a-b72f-64a99712bbe5", "comment": "Malware payload", "value": "44f5eff636196180adf5f340b5148364414c9a5e77167d786667e7a54e93563b209e0d284fbf20fcbf781dbf7415b54d", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905012, "uuid": "39595982-40b8-4032-8ba7-837e5fbfed4a", "value": "T182C41207B7D85232D8B42B719DFB03830B35BC925D7817A63788A96F0DB3A946831767", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905012, "uuid": "c1263494-1bcd-4d28-8fe4-4998478a1a92", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905012, "uuid": "8bdecc89-8232-45cd-9d6a-091748f4d927", "value": "12288:XMrpy90A4jhMFjCNM+qgbzXJQhmjGqEGURLmP3WXxpGOqd:iy6jmFPKXJQhmjGjGQLoGrGOI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685905012, "uuid": "5a6e12c8-4292-4ad9-8d80-79c84887d0eb", "value": 593920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685905012, "uuid": "9a92e280-fac3-4f26-8981-a88cf6fa1363", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905012, "uuid": "f5ec8881-b9ad-498e-bf5d-412e21ef1461", "value": "05858699.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2dddfabc-02f2-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685894966, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685894966, "uuid": "6d85ceb1-2349-4c30-9e08-9a3beeab8aee", "comment": "Malware payload", "value": "bfe6f8581cc2b03a87ff176b63e03cf0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "redline stealer", "colour": "#0D59DC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685894966, "uuid": "22ff6905-d371-4391-ae7b-a5a96c7c6310", "comment": "Malware payload", "value": "32a0b2435282952f78156d2ed8a459fbd2ae7b376a6b80430934d29cab3d33d8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "redline stealer", "colour": "#0D59DC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685894966, "uuid": "ee39255a-104e-4714-92ec-1c762d619708", "comment": "Malware payload", "value": "eb9e15d544af9ec823c5603c5ba7c1692f7e6194", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "redline stealer", "colour": "#0D59DC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685894966, "uuid": "27671393-f377-4260-8d96-a08594e1ae6e", "comment": "Malware payload", "value": "40901465e62b5e84e4513739e8e846cb01775cdc275e9a103d0bfa048254697d1b20c5f61da3876d925692ecfe16ce55", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "redline stealer", "colour": "#0D59DC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685894966, "uuid": "0281109b-b56a-4699-9ea8-f987d4756fb2", "value": "T14566E1F05B5D6590E5BC6C70CCD9AE768313B336BC26EC73186469C0669210AFDEB48E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685894966, "uuid": "fdd45869-adf0-4bbc-a38f-6a09fa4e1662", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685894966, "uuid": "fdbe41db-a8de-49d7-a7f4-a0ee3e7b54bf", "value": "98304:5dn+cBiWwA2A5V5lqDS/XHt1o0tyGK5jCm+pZl+jRwOySBNmP9sDU9p4:50cILAlfvorGK5j7+pZIDt/ml2Us", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685894966, "uuid": "8a023b98-ab58-4243-9902-3033358d4873", "value": 6752296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685894966, "uuid": "914930e6-bbfc-44bf-923e-04b04116fb93", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685894966, "uuid": "ce35b17a-8aed-4638-96db-35f3202b96d3", "value": "57e8e6d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49242bc1-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685904891, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904891, "uuid": "1bc53dbd-100e-4b14-97b8-513cb2365d39", "comment": "Malware payload (RedLineStealer)", "value": "96fc25de0417fd00b76481f80e83eac3", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904891, "uuid": "d2a7a1fc-ac3e-4ef5-9e35-e79c5b119330", "comment": "Malware payload (RedLineStealer)", "value": "3684090b13afe4104bbbdbed48a341b1206b1715fe15cefc0bec33c3623acfc8", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904891, "uuid": "9b126e02-5299-44e7-8ecd-e230109bcd29", "comment": "Malware payload (RedLineStealer)", "value": "bb1175ceacd23b230ea694e1c2000a0aa41756aa", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904891, "uuid": "70d1a8fd-9667-4144-9543-d39990a64f91", "comment": "Malware payload (RedLineStealer)", "value": "87a05f657d3576575f18a3ea65db849ce4bbba0f52072d8c0b63ba37c46611a8deadc6e138fe5fae75207992bd678ca9", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904891, "uuid": "b36132d2-5c6c-415f-8815-2a7baee7c7e0", "value": "T12EC4121266E84423D8B437B069FA07C30F3ABDA26D35976B6714986E0C7339076717BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904891, "uuid": "2cdc3c5f-39f7-4e37-a13c-d7d78ac6ae94", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904891, "uuid": "a2c71e74-1b10-4cf1-89e1-67108367dbae", "value": "12288:PMr2y90W/17xQrCsR9j+RLlBojH+NZciGcWLOE5j:pyVlaGsR96XBojSDbeOEB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685904891, "uuid": "77f360b5-e753-4654-9e53-7d2062eba4aa", "value": 594944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685904891, "uuid": "19480056-15e8-45c7-ae28-9a33aca8ec90", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904891, "uuid": "931dbba3-8743-455b-b9c2-c1905155d0ba", "value": "03370499.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "66f82896-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910524, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910524, "uuid": "1b0ca700-0052-4b5d-912e-52bd8bad3227", "comment": "Malware payload", "value": "25d09e7211548a0efd5917f8db62cb70", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910524, "uuid": "e04e8681-fb54-4eb4-abd2-77b0acffc6be", "comment": "Malware payload", "value": "38d1de608df5579138f34a66229af63b5b42da65a6554fa2e535fe0539357db3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910524, "uuid": "dcdbc600-8de0-4219-90b1-9899daa094e3", "comment": "Malware payload", "value": "a0e413e7dcb7b0b20f6c2e0f29b2e57071dc4a9a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910524, "uuid": "e2c18bbf-7391-49a7-8a56-e75c7f2b6e6c", "comment": "Malware payload", "value": "a5598f50ace205ff080eeb36d56e17ba903be253e58fe7f977395b30d1081fd28cec784012d5730c4ac525600998cffb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910524, "uuid": "c0ea9696-ff77-45c6-a9f5-b859bd798546", "value": "T188926AA1F720CD8BC59806366C13D2BD72522E398C450E4B3BD91B8FBE72795EC2168C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910524, "uuid": "774ad95e-e07e-4938-97ab-6f2285b4e92a", "value": "87bed5a7cba00c7e1f4015f1bdae2183", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910524, "uuid": "a714bbc5-1b48-4e2b-89f8-7e1014177c83", "value": "384:5LDTs8hsF6qtK8lzQ8+Sych3mYvCPHxa+:5LXVhaTtDE8VfCPHxa+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910524, "uuid": "ac82c8a1-1f55-4216-bb3c-28516f7ee5cd", "value": 19823, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910524, "uuid": "73f1bac5-feda-413f-b137-0fe1294339b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910524, "uuid": "19c51d0d-0e92-4ac7-af24-7ba572dafd9c", "value": "SecuriteInfo.com.HEUR.19268.4206", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d721c5b-02ec-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685892496, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685892496, "uuid": "86fac4e7-55ee-46fe-acd5-696ed1bca4ef", "comment": "Malware payload", "value": "543e32d9617d5851aef813fe77310a84", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685892496, "uuid": "b5be1545-cc38-42dd-9632-e389e106a82c", "comment": "Malware payload", "value": "3aecc6a1a48d40fc706541c6f13d84d16508dc2b9277eb02d8bfc76b6cfce5f5", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685892496, "uuid": "d1ea0342-c466-4728-8de9-d9083ab6188f", "comment": "Malware payload", "value": "01ae324efba36e4978e9f816fc20651ebbcda3b4", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685892496, "uuid": "1ef93723-a64f-4388-9122-15a7f0542fee", "comment": "Malware payload", "value": "8b07fa838e5be70b700aa9f9dd7b6fa677acf55c65010b8570a08bf0ce18a6611c93093f48c5e212d33cb940f405495c", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685892496, "uuid": "0e1d6702-94f0-40f6-838f-7e3a6bde4aea", "value": "T14372FB21B7478236C8293F3748A5225003BAF3856A7BDF6E399D121DEF6338B5762750", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685892496, "uuid": "73b2851e-6094-4901-80b2-016b14a851d8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685892496, "uuid": "aaf1aedb-3b62-4306-b30d-6c3f5c11b475", "value": "384:H0YzTOhDd3LDRyEybkJ5nf9vwEG9/XwJwq6uJfq2GSLwqWJ:UHVd3Lty7b2542GLJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685892496, "uuid": "595e2b44-cd34-4d96-8e37-6f31ec5b95ef", "value": 16896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685892496, "uuid": "e8562031-49b6-413b-9e4a-c6da7874eeb8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685892496, "uuid": "a1fbce5c-ee99-4168-90d5-64001bcbc209", "value": "BBHhHhB.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34401108-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685904856, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904856, "uuid": "4aa71494-fd1d-4ab3-a87d-29dac16253a7", "comment": "Malware payload (RedLineStealer)", "value": "3c55ebbb45bcda9f5661f1de796e4df9", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904856, "uuid": "23e51d3e-a4d3-4d15-867d-ccf079b6b498", "comment": "Malware payload (RedLineStealer)", "value": "3d692603d526a30bcd3d5a4fbcb5f8efb7103141ae836df545f8d97b1da355fb", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904856, "uuid": "f5248ae4-bc64-41cb-86ff-a796c7d9563e", "comment": "Malware payload (RedLineStealer)", "value": "3f02782cc337651adb82e62bb6eb5df7dda14fb3", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904856, "uuid": "8a8f55fa-7705-4d06-bc42-27aab8a7a190", "comment": "Malware payload (RedLineStealer)", "value": "399dd5c95dc7da8d0cafb39ae17e145b0584f032415fd337c71067770cdfeaf442fa0e5e5de78984966a9fe799c81c33", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904856, "uuid": "c9222f32-b816-48a4-8fec-e0bbd6f99678", "value": "T189052303A6DD9032DAB1877019FF03D7193A7DB0AD389B872356D8191DF2690E93673A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904856, "uuid": "80c10789-ddea-4da6-b4e0-118b394bcb03", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904856, "uuid": "457da651-913f-47dd-a3b4-0846d353f2de", "value": "12288:uMr0y903ANob7Atw4cJ7cuACeUKpxX9OibZWoHS1yfO5uv7GrFxNy6ua9CprMBCV:+y3MAtw4ceuACsNO4fWEGLbuGCWMqG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685904856, "uuid": "52fa1842-3591-4947-9711-de5fdb330ff5", "value": 873984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685904856, "uuid": "278188ac-1816-4cdd-93d7-8c18b38265bd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904856, "uuid": "590c9774-9a3f-4cf4-b56c-faf25d79b9cc", "value": "02745199.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b9f2019-02b8-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1685870159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685870159, "uuid": "654689a3-288a-4552-a790-8032f11e1e30", "comment": "Malware payload (Amadey)", "value": "17e2bfb09df5919740f99e5b9f698425", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685870159, "uuid": "b2347574-a8c1-4954-b317-ee99b98601cd", "comment": "Malware payload (Amadey)", "value": "3ec6b295ec6e7d9441dc3fadd7969f9999916a0a8d6da41ef871abede9365bbb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685870159, "uuid": "6a5a56ad-3676-4d78-ae6b-83f35a18a894", "comment": "Malware payload (Amadey)", "value": "427be3fcabfde476746de131511b951c4760518e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685870159, "uuid": "38ce7e23-7545-462b-8829-20b06eb53ad2", "comment": "Malware payload (Amadey)", "value": "883c27dd8a5d4a2c464c2a2b2580f69dfc9adc364396604aaae2adf1c237fbced53546662547315782b6301f7d39004f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685870159, "uuid": "618ef687-6b5b-418b-ae9b-8a75daf8adf2", "value": "T17054199362A17C64E7158A728E2EC7EC769EF9508F5937AB1224AE2F09701F1C173713", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685870159, "uuid": "cd6611c7-6275-48b7-9f67-70d691ee66ae", "value": "647d30902de61ff48a5b635bd5d006b4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685870159, "uuid": "3d7d50dc-2c0e-4755-970d-fb63343eb92c", "value": "6144:hgYiADMYMb3tzBWtM7glLjRS3B7ASefa:C2pMbhB37gjuqjf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685870159, "uuid": "d164bb70-202e-477d-bdbd-4cf6a7bd1ae2", "value": 296960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685870159, "uuid": "0679e936-e81c-43be-9f6b-f5a96b789f53", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685870159, "uuid": "d2d250f9-04f9-415d-9780-4da066caef14", "value": "17e2bfb09df5919740f99e5b9f698425", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f37f9ef-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910538, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910538, "uuid": "1ef787dd-02ad-4e5c-bbbe-de0f69f57226", "comment": "Malware payload", "value": "c1621e680afb56a9eda2d1cb3f89fa3a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910538, "uuid": "ef42ccce-06f3-406e-a140-17f228ba9f9b", "comment": "Malware payload", "value": "458267c0897b49700c36e5331db5aaa7806a08c3ddde9a46d2acb8f685a961b7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910538, "uuid": "84403366-a81e-407d-a5d5-64f967bca858", "comment": "Malware payload", "value": "e4eb6f60385554a411bd8239e5104484ca1be07c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910538, "uuid": "fd504e27-4dad-417b-9530-a7b422631f28", "comment": "Malware payload", "value": "8ff2dbeb4bdf7f589f57fac24c41fe9ccd5d98e261cd6f34bd55c6647db4cef0630b51d7fff6b56a821b74ed10c19455", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910538, "uuid": "822a5e67-830d-4670-9786-4da8901aa03b", "value": "T1FA9260A296F44097D384C7786D93E34AF562BE6A9F01CB0F57DCB23E1A73341AE29510", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910538, "uuid": "0b9579fc-c0cc-4f49-ad23-4a9cf4244730", "value": "68c043e423f21a56128e9ab557cac25d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910538, "uuid": "d0f8af15-07d9-49d8-a5f3-ac5be6169e44", "value": "192:xxtUAEF+9VAFjUmthATm5LqI0I0I0I0I0ARtUA:xxtFz96R5LXRtF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910538, "uuid": "c0647120-651d-4f82-b70a-d748dbfb5474", "value": 20480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910538, "uuid": "b2bab0fc-f5fc-4b86-ae6f-a7a228cd98c2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910538, "uuid": "7339a895-46a1-4abe-9838-ce8432a852e0", "value": "SecuriteInfo.com.PrivacyRisk.SPR.Freeze.7574.29386", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74d323a4-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910547, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910547, "uuid": "3d7b0213-710b-447a-b547-a3eb5a6e6466", "comment": "Malware payload", "value": "543e23437656ddde6e1e5aea3c3b0d16", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910547, "uuid": "1e87ee56-4b9e-4b3e-b746-f56573c8e316", "comment": "Malware payload", "value": "47b6897be44f511cdb40649183d299f73355176c56c0bccd48ef1740c35dc8c2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910547, "uuid": "02cb378d-b0cb-493d-8502-75a9d04f35c4", "comment": "Malware payload", "value": "121afa563566782041dc5c95d91221d64e6e576a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910547, "uuid": "a3f64c33-d509-4236-a24a-e3f75d433f10", "comment": "Malware payload", "value": "83ed58950e708760a46a931f0f54850005d2354eef6715960d97489803c409fef34dd5544b0955dc8a9762c766292e83", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910547, "uuid": "6f725727-f1d5-4936-9826-98463f66c4da", "value": "T1FD928E56F210C88ED18913329D43CABC72932D3ACE154E5B77C91B1F3E763E6AD01995", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910547, "uuid": "7753d256-01f5-4664-ad65-72accb8196e5", "value": "87bed5a7cba00c7e1f4015f1bdae2183", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910547, "uuid": "8bfbf319-d5f4-4ed3-af12-ded3298a5fa2", "value": "384:5LDTs8hsF6qtK8lzQ8+Sych3mYvCPHxjPzo3BZ/gq0pj:5LXVhaTtDE8VfCPHxae", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910547, "uuid": "248a2442-e703-423d-88a7-26c849da1f35", "value": 19559, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910547, "uuid": "83b03060-8147-4af4-bc6d-0a45bb374261", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910547, "uuid": "a71850b6-7769-4b1b-972b-e15d05df0f0f", "value": "SecuriteInfo.com.HEUR.17773.4406", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "53a46380-0276-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685841772, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685841772, "uuid": "e03a8d8a-5df6-45e5-b0e6-42c819d3f88e", "comment": "Malware payload (RedLineStealer)", "value": "9e79d40d8c7feb69fc4a0f4834b70666", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685841772, "uuid": "d19648db-f76d-4499-902f-21174116fd4a", "comment": "Malware payload (RedLineStealer)", "value": "49f6d5b32be12b931d9dd3d89871aa3ae2658d36d117cad92ab256f2ee62caa2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685841772, "uuid": "a7bc5f36-0c9b-4486-b794-a17f174b1ec8", "comment": "Malware payload (RedLineStealer)", "value": "0f6c6edd0b24078c1dadb5471c6a27ee49e7b890", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685841772, "uuid": "d0c120fc-e42e-4a0f-9c18-3588f6ee74e8", "comment": "Malware payload (RedLineStealer)", "value": "aaf22e09261b332f86c3623ec17021aa226fd124d4db204743b349778e12e2c903f5cff2206f871a5fb65cb4c3351438", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685841772, "uuid": "251650d5-c975-4886-9a5b-b913a5a32416", "value": "T1D3051307E2D99173EDB127B068F603970F39BCB19DB8466B16856D5A0C322C8B4753BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685841772, "uuid": "3e40ff23-a5d4-4f8e-a6ad-81d09a29bbbb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685841772, "uuid": "22fb35a3-bf5f-4bab-84ca-5e1e16b36bc1", "value": "12288:tMrEy90LkmYIl/Sj6Kpe3aTorwAurnFP1VxfV5mzMoIHQ8vyHDlAsAL0Fuvs:pyHmGpe3CCwA8FNV4QVyys3Fuvs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685841772, "uuid": "44b97ec2-41dc-4ed0-8cbc-bd1467316b1c", "value": 796160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685841772, "uuid": "51eed7ff-76e5-4bf5-9fa4-4d17e0951963", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685841772, "uuid": "7c423dea-00ed-4606-b4fa-8f79ec450100", "value": "9e79d40d8c7feb69fc4a0f4834b70666", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "982e16c1-02ed-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685892997, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685892997, "uuid": "710f2d44-1bd2-497a-be9a-b09af328b8e4", "comment": "Malware payload", "value": "a5a287e329d02dd5d3d7a33927f8c010", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685892997, "uuid": "6ae3fd34-2692-4661-b319-14a83bb38248", "comment": "Malware payload", "value": "4c79b49a203edd1e36c026cb9751a805831703b01a0447361afcfe8db9707c82", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685892997, "uuid": "54090fab-e07e-4721-95e8-23bcbdf9919b", "comment": "Malware payload", "value": "de1c0df3338ae4a8e2bb2bb1555921dae6f1469c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685892997, "uuid": "7d97eeab-e537-4c9b-ad3b-faf302bf1d01", "comment": "Malware payload", "value": "e92b6e3d1d5724a11debb4d10c73bd60e75840d9e694069a572aa6b5d852d6468c8b189893599a6fb37f7dcc06a25415", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685892997, "uuid": "63a13343-0aa3-452d-8f67-9d29b404e795", "value": "T194E42311AE634A16CC594B39C0E3A22107F2F7C322B3C9CE79989156AF93782EF4575D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685892997, "uuid": "0c2aebee-a719-481c-b97d-8c86289c2e51", "value": "12288:mE/nsY/Q69IYI9aysA2GD6WBZz/nGwayjP02KW5IneVS5BM7lPUj7PQixb7V:951bIR/2GpDz/n0yaWunR5BM7lgPQid", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685892997, "uuid": "37c45dc6-e2db-4a2e-a8de-05974976dece", "value": 704064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685892997, "uuid": "7f1f079b-b50f-49b7-9202-edecdbfc0efa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685892997, "uuid": "18194eaf-3f1a-465a-82c4-692a2b136a25", "value": "H.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd740e50-02d3-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685881920, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685881920, "uuid": "e4ff20b8-514e-4c3c-99f5-bbfac448773e", "comment": "Malware payload", "value": "d79d9124080adaf897830a7ed10c143a", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685881920, "uuid": "646cce27-052a-4483-bc09-a92bff6b0844", "comment": "Malware payload", "value": "4cf8aa4903fe9e5ef094c61fc80e8766788de73f0785c347469a3444116416e2", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685881920, "uuid": "4f13a953-dc8c-4c67-9cae-4fdbcb4b1ff4", "comment": "Malware payload", "value": "dc19c458d95d5c34ce01e38147f33a45d0dfb1dd", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685881920, "uuid": "59da95fa-03c1-4b17-b16a-4af506a88705", "comment": "Malware payload", "value": "e7cb9d882d859bdaed82ff5f1dbeefd7f522a521be362008a5df68ca9cf1c2f910b772d504dcb85d12d0b8546649d45c", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685881920, "uuid": "c7b2c501-6345-4a14-97b3-5d4686f1aa7e", "value": "T13D6733A8882B8565CC3904368595CBF121B0C82BFCFDA4657188F319EBD77FD2E85D86", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685881920, "uuid": "a7b708d0-0e92-4c9d-9596-b46309f9accc", "value": "786432:AZBuzucvO7acBtOe3E1COtrXT8h487MjT0c:AZBuzucvwaxGEh1D+48Yj1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685881920, "uuid": "1ca31ebf-a33c-47a5-bf11-d21a8efaf51f", "value": 31871627, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685881920, "uuid": "455aa21c-dd8a-464a-84ac-d7ba0a4410dd", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685881920, "uuid": "d9b1fba6-4a1e-454f-9062-3474ffd00350", "value": "sample.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd7c2fe6-027b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1685844151, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685844151, "uuid": "14cfb7dd-4a16-470d-921e-5f0b799cc9ae", "comment": "Malware payload (Rhadamanthys)", "value": "efdfe7b453335af07c2b47cc91655763", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685844151, "uuid": "cbc5e332-ce55-4366-b182-bd8c9b5c8e46", "comment": "Malware payload (Rhadamanthys)", "value": "4d394ab71802f94b89ba5d62bdb2faebc5b500acbc2a362339ba451517710441", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685844151, "uuid": "a7824779-ec69-483c-a1e4-9fe3c50c887f", "comment": "Malware payload (Rhadamanthys)", "value": "1d43f1f050c68753d2a348d984a6514b84992ed8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685844151, "uuid": "0f0490ef-9120-45d4-ac09-1e34c05a7e53", "comment": "Malware payload (Rhadamanthys)", "value": "b624f727886e364eb189f26b1d7587c565274751a4141db763002b9755e48bbd066216bd6017cd10b2c9d12166dd6ec0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685844151, "uuid": "fce94f69-bef6-4964-9ea6-6be47ac95c8f", "value": "T1D3B4AF1A62F37C51E6154B728E2EC6F87E1DFB918F4737AB22186E5F06720B2C162741", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685844151, "uuid": "7459acf8-f3e8-4312-89cb-bebc4c1c38ea", "value": "08b56125ba7e99bd17ba88b830247aad", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685844151, "uuid": "86cd20f6-728f-45d5-bf03-23ef64608d01", "value": "12288:fj60x8RcGLqgAAbTrB6nOwYDAm5CaqP9:fjTccuq8bPB6nOXAmMb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685844151, "uuid": "0ac74586-1b4c-4ef6-b00d-570d6d257e68", "value": 521728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685844151, "uuid": "77e7b2dd-e95f-4c51-bddd-b98add824621", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685844151, "uuid": "4c4c68eb-f706-4108-97a9-581d0a7ebde6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74349e1b-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910546, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910546, "uuid": "70ac2c15-539a-4b64-b471-ea8985f05766", "comment": "Malware payload", "value": "83bc0e74d41e434c4fcb4ecb0de06b1a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910546, "uuid": "acfde46e-aa1d-4d99-aadd-5486af5a67dc", "comment": "Malware payload", "value": "53696972913c9b8187abbe7e30541a98e23a9d5cf455d40626458d27faf74db1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910546, "uuid": "e0bfd8be-dd32-4de6-980e-adf0cbb6f453", "comment": "Malware payload", "value": "edcc433b6888bec71ef895ddfa4097af28f8dfd9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910546, "uuid": "4d09f1d3-b50d-46c3-99e5-db2702976972", "comment": "Malware payload", "value": "5df95fa9cc3c0b3da0a26d068e22b5072440fd8d640993c28d5f844601dd8ffe5baed615b733be2d10f8ae59fe7fd659", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910546, "uuid": "2e138190-de2a-408c-9ebc-e872f8bb91aa", "value": "T1AF937C623BA79A67E261CEBCE0ABD042E20FAD353D79404B7CDB8B04DB364416FC5525", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910546, "uuid": "b296fcc8-b9fd-4566-b8e4-56dc03151ee1", "value": "768:HuTqulRAGofLRsYjriTrWhCJ8u5Mi5QIg5V/CpCEfAdHC:OTqul2HfChUg8kjI5V/CKdH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910546, "uuid": "d7e8c151-c7bb-4e8f-a3ed-10ea1262389b", "value": 94208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910546, "uuid": "b5b9f6bf-b3ca-4197-a6bc-c242d4720012", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910546, "uuid": "fe5df43c-6d59-493f-8597-912fc308f41b", "value": "SecuriteInfo.com.Win32.Malware-gen.24425.11156", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b427b3cd-02b9-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RecordBreaker)", "timestamp": 1685870710, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685870710, "uuid": "386d58a5-feb9-4544-a044-883bf455a9cd", "comment": "Malware payload (RecordBreaker)", "value": "25acb3c8a3c63f1a8831cf1ae31d8522", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685870710, "uuid": "0b528001-2c2c-42c8-912b-eb5c0450003a", "comment": "Malware payload (RecordBreaker)", "value": "53e00a4184accd0427b110d614ca18eeb37de902a4c6d2782cfb1f2302f78ada", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685870710, "uuid": "34e3124e-0f40-4726-984a-56e4146935bc", "comment": "Malware payload (RecordBreaker)", "value": "0b1770768ff7369835b9c17f50c8982e8183f177", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685870710, "uuid": "fe611943-777c-46e6-bbbd-007ed77589d8", "comment": "Malware payload (RecordBreaker)", "value": "1c663bd97ecc80e3cca8fab0e9ab6d4fbf4907dd3dbee77827f82759af3ce11d09679f602773c1d942fa64a0bc9df28c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685870710, "uuid": "8d8af928-869e-4603-bd19-596de32eae00", "value": "T1CE540A0362E17C65E7264A7A8E1EC6FC769EF9518F5937AB1228EA2F04701B3C173711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685870710, "uuid": "6b4dc3c3-63c1-4484-9313-4b04b4b03c1c", "value": "647d30902de61ff48a5b635bd5d006b4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685870710, "uuid": "4b43c802-ac90-40fe-8e83-28e743979f2d", "value": "6144:ZkVt6M3Wtd6sdjWtJ/KFvtp7zkIe6iPZQLHd:WXjWt3djlH1+ZQ7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685870710, "uuid": "6c1bf49d-a64b-454e-8593-3153b75444a6", "value": 296960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685870710, "uuid": "f79e2c72-769c-4bcf-8beb-5845638a55de", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685870710, "uuid": "d5bf7222-8820-4f81-9ba6-3ab80fad705b", "value": "25acb3c8a3c63f1a8831cf1ae31d8522.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c055486c-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685905091, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905091, "uuid": "bf57c4e0-c56b-4f4d-b3f2-b49aa638dc60", "comment": "Malware payload (RedLineStealer)", "value": "ff5d1e04d3ab7b200989a063c75e2461", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905091, "uuid": "0c09b59d-c555-4e96-a768-43a9d165e9c7", "comment": "Malware payload (RedLineStealer)", "value": "53e8c50e13111ea74fe9a0a315dc9311233c7bdde45702e80c40f168668a538e", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905091, "uuid": "7f69e5b1-d39f-4b7e-bfad-8f0f05087628", "comment": "Malware payload (RedLineStealer)", "value": "6088ab645636e8e954cbfead71308a6f56052d97", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905091, "uuid": "95161d0a-f796-4ea0-aa51-18a9a7c7b293", "comment": "Malware payload (RedLineStealer)", "value": "71ebb038510214993cd86dcc18ae9b6785701050fb18b304cec1889ab7724e92e2e2343cb6e48a3da515559da3d67cc7", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905091, "uuid": "1dff0989-1295-416c-9163-ef42573eba11", "value": "T177C41247A7DC9133C8B11BB058F612930B3ABCA64D75D72F2B4AA91E0C72295B13537B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905091, "uuid": "f31bb943-65af-4252-a793-31caf8bf40b0", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905091, "uuid": "5ad2e205-8cf8-48bd-a2a8-4f2b423e33fc", "value": "12288:8Mrky90O9+7mtSIoKH0XxaIVwomNUXpFs+5B4ZvO+uEs0CIPmsP:Qy1k7WEKMyUXpd5B4ZG+uX0COmsP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685905091, "uuid": "b95f1d8a-5e07-43ff-a955-4d1632a97e33", "value": 594944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685905091, "uuid": "b7bad72f-6446-416b-9af4-0c17e3be04ea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905091, "uuid": "62d4453c-3d12-4281-825a-ea26aa684929", "value": "08885799.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6128965e-026f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1685838788, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838788, "uuid": "263c13a6-8d7b-47b8-ad31-6a81f0a209b4", "comment": "Malware payload (Stop)", "value": "2628b429dd3d85a99e7ad9f0a7fd50dd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838788, "uuid": "cbc03c21-e20d-47c5-99bf-486a5b5ac31b", "comment": "Malware payload (Stop)", "value": "55d5702e6d30bfef8c4c036744bfe2330137d52dc32ee3399b1375614f815a9b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838788, "uuid": "727dd03d-7d4c-41fd-b6cd-341867faf59f", "comment": "Malware payload (Stop)", "value": "9df0de00ad72ea68c392eb883dbbffe09d8c22ee", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838788, "uuid": "793cd41f-7a18-4710-bb5d-d97df67b4ae4", "comment": "Malware payload (Stop)", "value": "4aa9ef070a5b9b9d54ab00366042d98e6231175cd7716b9be50aa8840ed7661097983086b7c9163990e922ea1000aa35", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838788, "uuid": "7f6933d0-d867-4822-8587-1f5776e6c986", "value": "T1A6F4E11263E33C64E5165AB29E29C2E87A1EFB618F4B77DF12146E2F08710F2D172B51", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838788, "uuid": "8524e9ee-d62d-4555-92c8-32e65cfa8f2c", "value": "382962f043b5a0413c587a899bceffb1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838788, "uuid": "7ce5ad55-9c97-4a26-9d2a-a5411bd2148f", "value": "12288:X/wtKwr8UC21CZYSzI0ojZ18P+jB+g7CIrrE0L/h0wFXO4uTApb:X/7FR21CjajMPYBh7C43Lh0MXObT8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685838788, "uuid": "1c89d9ab-e9d3-4d97-bcd2-7c055fe3087c", "value": 790528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685838788, "uuid": "2f5a8fe1-c818-479f-94be-0a2388cc222e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838788, "uuid": "d4a474c8-c947-489d-9583-30a9bccbb841", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a3f659f1-02ed-11ee-b3cf-42010a9c0076", "comment": "Malware payload (zgRAT)", "timestamp": 1685893017, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685893017, "uuid": "8916e830-63b4-4b8a-bfff-d25e88b9a0b7", "comment": "Malware payload (zgRAT)", "value": "c3dd72b922ea18979398813037f1c229", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685893017, "uuid": "b59bbdd9-1fbd-4cff-b0de-b5e3a4cf2f38", "comment": "Malware payload (zgRAT)", "value": "56056f62f0d0594433cfc2ac7c44131bf17fe55708b4b65faf4121e656059265", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685893017, "uuid": "fa40cb14-14c3-46e8-a3c5-c3230a5066a6", "comment": "Malware payload (zgRAT)", "value": "6445cf6fd3810defff59ae200b010573a7c5bf74", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685893017, "uuid": "dae4440e-65c2-4fb0-b52a-86a6e07d8c15", "comment": "Malware payload (zgRAT)", "value": "195b124a026b3921f943723423e344c57eb69e09a1d34157ad429115bd947b4ba465a44a220c090b45187fbab90e9e45", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685893017, "uuid": "27786c07-9855-4f32-8d0f-363a571b06bc", "value": "T15874F1423BE06B11C9A85AB4D5E7053507FBB6C337B2D6897E5003E24E813D99ECA74E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685893017, "uuid": "2dba56c8-1eea-46e1-9bc8-92be31d72b01", "value": "6144:wOFiiVZ442jCs5EM/GhW1428SokHEQxIT4wTfTj8hd5TqyJWQJ6aZR92vj5:BDhXsKTafvokHx2bfj8rI8WOBm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685893017, "uuid": "fd9b8e52-23f3-483a-ac4f-04b8d117b96e", "value": 348736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685893017, "uuid": "850ecd90-7bd9-4783-9974-20bf320792cd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685893017, "uuid": "ff975d5d-e849-4457-99a8-a281bc070dc5", "value": "HHGgG.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4af1f32-026e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1685838606, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838606, "uuid": "d205e969-1e6a-42f8-9efc-16f60be9e109", "comment": "Malware payload (Stop)", "value": "048e95092fde93da114bc3c42298537f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838606, "uuid": "70647cbb-e3a0-490a-bd48-1ace37b2d1f6", "comment": "Malware payload (Stop)", "value": "5704c33d0ca46764be7400992b40841ca391e9f68e0fde1394c2dde6e2fb8583", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838606, "uuid": "a37b2636-9326-4afd-a2de-5e5ff044d8ef", "comment": "Malware payload (Stop)", "value": "d8c283276c75ac43c8c27ed6024c6a6563409129", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838606, "uuid": "ce80f8d1-c705-40f6-b473-ad9f981c7c17", "comment": "Malware payload (Stop)", "value": "c0bc445e1e31e268e76bbe1bebcce901b2439382d91691ac702ce22933f4c9628263d4385c27e2446e051d8e787c1526", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838606, "uuid": "85506736-8fb2-4a59-bc2c-6a629ea64b53", "value": "T1D4F4E11263D3BC64E5125BB29E1EC5E46B1EFB618F4737DB13146E2F48721A2C272B42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838606, "uuid": "342ed211-fe86-4a0f-bc5a-1c4f432404c5", "value": "382962f043b5a0413c587a899bceffb1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838606, "uuid": "77f38904-8593-4497-ba87-4c0c98790bdb", "value": "12288:CdptB61o+cCo2ObN6/9g4Lz/XBHdBXOmDaUBNScw32xs7E2eT:Cdp6m7C2bNwD/RHWsumA9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685838606, "uuid": "0803fe04-b412-4f73-83ee-13bdcd9e2ce6", "value": 791040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685838606, "uuid": "3736cadc-35d8-46d0-a60c-4df21c5be275", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838606, "uuid": "736848d2-37e6-46a9-aeb0-cd5d308a7ef9", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72533a4c-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910543, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910543, "uuid": "3953f219-d2be-4faa-8368-1ef067a8f0a1", "comment": "Malware payload", "value": "efd3acfb42d4c95108e4aae1eec99bad", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910543, "uuid": "1c423f81-9f75-42ef-8671-dafb89c9c881", "comment": "Malware payload", "value": "5857a286bb80cc33c0a157e4a8c0313b96244f2a5c71c57189265a907af325b6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910543, "uuid": "f8c604c7-46b3-4462-8153-6ba8570082bf", "comment": "Malware payload", "value": "58a8e71b1e11d4d5b46ec80e773249057677ac4b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910543, "uuid": "3757293c-139d-4b8d-a723-9434e16b8192", "comment": "Malware payload", "value": "ab2e758568c205c996667444064197ca0d7497092b7be52fb9f31df4acf5998e7812af4f88549a81131857496049f488", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910543, "uuid": "6ee8699b-39a1-4d8f-9acc-66ee95e00aa0", "value": "T15E52B4C7BD587272D062C0B200256EF5EA30F0B35853656AF6ACD268673E934B76E14E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910543, "uuid": "1243973a-83c1-43df-bf1b-f4baf65dae0c", "value": "696c75a74cf388c8e059fcd4224aa273", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910543, "uuid": "5b1aeabd-0681-47f2-8568-cb85ee7178aa", "value": "192:PAabIm4G7+G2uxKksnU3ncKdNcJ/YOXL0GzNe4LWRAdeNIFC7kXwIEw:ZIi+7nU3nPdsPdWweN/kXwIEw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910543, "uuid": "893512f4-5635-4e61-befd-8a86ccd3f720", "value": 13824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910543, "uuid": "9dcefc32-b97c-4509-9162-ec0f24a14512", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910543, "uuid": "64650cb0-ffa5-4fe4-9765-9b4409aafe95", "value": "SecuriteInfo.com.Exploit.Win32.Aluigi.gr.29396.21949", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cac8e2d7-02e0-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685887499, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685887499, "uuid": "06451487-6e02-4e47-a20b-d54645487e68", "comment": "Malware payload", "value": "b66938f8b8ab81aef4aceeea87bbe7b5", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685887499, "uuid": "10a3e97e-9af2-44e8-8bf4-70d97766d5b1", "comment": "Malware payload", "value": "5a6374adb1371c63cace395445818f4b83dcdd2494da86062b0ab3cbfb201e0b", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685887499, "uuid": "67789635-8556-4ede-ae87-bd40de89979e", "comment": "Malware payload", "value": "2f140f44c2f74ecff2e24dcb0b3fbd72080e090a", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685887499, "uuid": "edc9741e-a149-486b-8a8a-8f6366368a65", "comment": "Malware payload", "value": "54fe8cdef9916da4ff7ce1709b623f3c7a58bd891a9d7a3bce03be4384a1e42c535473ed3744db82bb01516d4b53e405", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685887499, "uuid": "cecf7e89-716b-4696-af86-9ff48b712fa9", "value": "T19E127F39BF65EB8CAA0EC996CE6F63A0ED229D0587B9CB0D6104514F117284FB7C7524", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685887499, "uuid": "18e35e5a-c968-488d-b261-6144d25427ea", "value": "48:bnlrCVFFIlV2rVboysaqbwYHppKZ2I0wiin5I2c1YleGE/+:jlrCnFSmzs/3IKin5I2c1Yle9m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685887499, "uuid": "bb6f10e2-5d2e-4f85-a70d-e45ae1d11868", "value": 9599, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685887499, "uuid": "14092ba5-57ca-4919-9cdc-4c476dd73cb4", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685887499, "uuid": "71e6d0a0-5bc2-49f9-ad77-de3fe15e952c", "value": "rORDER-023603_List.xls.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6bdbd9f4-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910532, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910532, "uuid": "1047bf6e-8a69-460e-afba-35a068444bc8", "comment": "Malware payload", "value": "f88f9333c373ed722be50e092ec17a57", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910532, "uuid": "fcfff8e4-b0b7-45fe-8e07-d24e07934470", "comment": "Malware payload", "value": "5d9749d15c6ec9adaa59655cbcab4fdca79644f80820fcdb1689b70b8ca265e8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910532, "uuid": "202d8a5a-ffc9-47bb-9fc0-568f0c6bde86", "comment": "Malware payload", "value": "3da5af9521be7bf817b8f7034d145a53b8ed8024", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910532, "uuid": "a228bd5c-0f1c-452c-99cf-f6c3cc90a6be", "comment": "Malware payload", "value": "b97e4bfbf0b24c96071c9f08186a45b76f2f5dfb3350914ef31651730d7009a6ff499f34e16ff400edc184c6ae1f9c90", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910532, "uuid": "6744c6d7-d5f6-4eac-aa7f-3cf3e49fe212", "value": "T1DE829E95F31CD98AC2A419351D13DAB876303C368C168D973ED0770F7E32729AC06A6E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910532, "uuid": "ed63f57a-70c0-4183-bf78-efff0919c86c", "value": "87bed5a7cba00c7e1f4015f1bdae2183", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910532, "uuid": "dbb7d531-de8e-4cf1-aba4-059953c7ce40", "value": "384:ySLDTs8hsF6qtK8lzQ8+Sych3mYvCPHxwU:ySLXVhaTtDE8VfCPHxV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910532, "uuid": "4f28e0b8-ea92-4e25-90d8-4e61508b96f3", "value": 17964, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910532, "uuid": "5772dd6d-0a2d-4ce1-a88a-441c676eb58a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910532, "uuid": "2d1f6187-256b-44d6-ad9f-23945a89f6be", "value": "SecuriteInfo.com.HEUR.19243.20328", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71cae9a4-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685904959, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904959, "uuid": "3be694a6-da96-4947-b0e0-fb78580f8cf4", "comment": "Malware payload (RedLineStealer)", "value": "c7299a035099602fdb268749eee95fef", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904959, "uuid": "279f7e7e-4391-4baa-8ebc-8f25d913fa17", "comment": "Malware payload (RedLineStealer)", "value": "5f2193a7bce10d8aed8c3747a0ce384f6e6d93ae3e026c8bd59015f9cd0d4487", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904959, "uuid": "30418914-a890-4165-acbd-a5b174f60df1", "comment": "Malware payload (RedLineStealer)", "value": "759b44dcc80b766689f05b87dca8ecc24b64431e", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904959, "uuid": "3c80414d-ea3a-4613-8d27-fce23af8e025", "comment": "Malware payload (RedLineStealer)", "value": "6538f06c18429627934e3a342d4bdb7904e73df01ba0ea254af979205337edb06aa1b31629b35ee8b9d7c160e3e22dac", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904959, "uuid": "785f3384-2e68-4181-a082-60d73bbff6b2", "value": "T18F051256E3E98037D8B46BB96DF603C30B327DB19835139B1B54FC0A09B3B94997076A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904959, "uuid": "f6509a34-b7bf-4220-ba0a-d7cfaf0067a7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904959, "uuid": "8f9e1521-1729-478b-85c7-d6c04c0e06af", "value": "24576:Vy0AiWrvCyiuZdqaI7wpyZW4IiE70Ce2d+R:wdiMSaEwpx7nd+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685904959, "uuid": "3e4e82b2-3c79-4d4c-a6c7-a3dd29ba4029", "value": 872960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685904959, "uuid": "2489fddf-6588-4f40-a424-003b320f9f32", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904959, "uuid": "669f65da-3ac9-455e-a564-9fb90025eea7", "value": "05120399.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4466894c-02e1-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1685887703, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685887703, "uuid": "fc235851-f22e-435b-9ca3-94d040694551", "comment": "Malware payload (AgentTesla)", "value": "41b402f4dd2d4499d2cf8a2c767011be", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685887703, "uuid": "e315d431-413f-41d5-ad35-e70a3053d468", "comment": "Malware payload (AgentTesla)", "value": "601dc4de31bcaa59570d7ec039396da0c846daa9fca986721617c2574d7c11f6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685887703, "uuid": "71d55e42-a34b-4ef5-9677-3c84056f29b4", "comment": "Malware payload (AgentTesla)", "value": "04f6f1876dc2ad221f05f0e9c9dd706551860988", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685887703, "uuid": "6816e965-b98a-4a21-b290-e6d35abc1906", "comment": "Malware payload (AgentTesla)", "value": "0e012a8531f6d9c0e22784023168da4159f54663df478ade9a1b6a65839dc913ecfa776fba675663f390f5e2e940d476", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685887703, "uuid": "fcc64eb8-4b7b-435c-9033-518798208189", "value": "T1EA652302BED694F2C4B21E3259756B22A97DBE201FA88DEF53D4092DDE314C0D7357A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685887703, "uuid": "ad0c70de-0fca-415b-9491-f52e53e40437", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685887703, "uuid": "c88e5922-7bce-4b73-a165-dd84798f5151", "value": "24576:NTbBv5rUan8ztIMs1hgtrCxDKvMrBW4ey2Tygt90e+hoxktMpO:HBj8ztI0RCkvMr8Maygt+HYO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685887703, "uuid": "1e309583-43f1-4ddf-b428-948f41a0cee7", "value": 1412533, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685887703, "uuid": "46f44c2d-aadf-4913-a94d-6827d732c99e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685887703, "uuid": "a8a6441d-9a01-4276-b05b-2d641f02f44c", "value": "nFra. 23-25.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ddf88c6-0283-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1685847346, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685847346, "uuid": "8aee40c9-34fe-4cee-96c6-88e7418307ff", "comment": "Malware payload (Amadey)", "value": "ea15d9dc0723fd173945c7c35be4b3a5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685847346, "uuid": "4b683477-cc8d-49dd-bda1-1782212a4ece", "comment": "Malware payload (Amadey)", "value": "60bb3e66aead037051760813844818c37fd1194d1a1e285e25fc0ded8201d56f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685847346, "uuid": "4150fb59-15d5-4418-8343-44699ec22d56", "comment": "Malware payload (Amadey)", "value": "91fb7a7092a5cdf8178b84f6f5cff6d7dff01806", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685847346, "uuid": "d42eff74-af6b-4b74-8e7c-d3ab9146812d", "comment": "Malware payload (Amadey)", "value": "8845deaf2db4833782ea8821e7c9f5c60f03472c57998354281341fe4c7667f04e5cf614d0e3c0acc9dc8bdc4bd1c447", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685847346, "uuid": "d1575836-6b0b-4577-9c4b-848a43c29ed8", "value": "T199051293A3D88472DCB1237059F603871A357EF24D789B673645AD2B0CB2794A83937B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685847346, "uuid": "7a5c0cb4-bd65-479b-89de-fc1bb016d0c0", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685847346, "uuid": "5e0a86f7-5b7d-4af0-a971-58081108b8e6", "value": "12288:5MrUy90hxJPsrljMW+JDUnKqfihr6uiovKkXNmQw3FvbvVDyAJ62mep:hy4Po1BfSeuhfXxuFvbvVHJaep", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685847346, "uuid": "9b83525f-e9b1-4800-b1a1-3a2fba3a7606", "value": 796672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685847346, "uuid": "4b5fd921-3144-4afb-bc9a-4ac27d859403", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685847346, "uuid": "9395c304-7787-48a3-8232-22faca45e9f1", "value": "ea15d9dc0723fd173945c7c35be4b3a5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7acc4eb6-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685904974, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904974, "uuid": "981fd8e0-6b23-4d31-949b-7ab8b2f239e3", "comment": "Malware payload (RedLineStealer)", "value": "7c11fec39a8a9769deeee29f1caa59d7", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904974, "uuid": "d89422de-c27d-4ed9-aba4-bf82e4b9fa47", "comment": "Malware payload (RedLineStealer)", "value": "6197980f627107e1b864a3dcb93c888201814df164469de084ac9dddcb9ccb8d", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904974, "uuid": "c330e390-d028-44ac-9f31-9bf5c7fd4972", "comment": "Malware payload (RedLineStealer)", "value": "5bb005bf9f9a305de214c65eac889ec34cf782ae", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904974, "uuid": "01a96016-5540-42b1-a214-3b6c49849246", "comment": "Malware payload (RedLineStealer)", "value": "234911b365c4986b7e26c01e18e2a5ff562aa76d85f6fc49cd38aaa426db71f1f4e2231d929217c5b99a9331ed19b128", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904974, "uuid": "079ec876-3804-475d-8802-5930277630e9", "value": "T107C41213E5D98062D8BA1BB168F313971B35FC629DB4936B1246689D0CB3680F5B273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904974, "uuid": "1232d977-a8bb-41b2-ba09-d2aec41ab743", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904974, "uuid": "2fb5ef6f-7a2e-4d7e-86e2-67fb6ad9cdaf", "value": "12288:kMrYy90JxwCDHeJ3fyxJ9pY36eQt9zKxQac35gQLhROHjC289/6:UyHJvyxlY3/QXlLhROD189i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685904974, "uuid": "e1adc78f-5713-4bc2-a464-37f7a63a2dba", "value": 594432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685904974, "uuid": "42a4e2ff-1b0f-4066-b892-7cfaf2fab074", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904974, "uuid": "ec62225b-b8f8-4757-b839-9c20bd745942", "value": "05464599.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "910f0c97-02ed-11ee-b3cf-42010a9c0076", "comment": "Malware payload (zgRAT)", "timestamp": 1685892985, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685892985, "uuid": "c3f25536-2718-4930-ac9f-df7a5f30560c", "comment": "Malware payload (zgRAT)", "value": "1d45466db6f73b1f93161e33b9cad371", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685892985, "uuid": "080d0884-287a-4671-84fc-be2375b7a0cd", "comment": "Malware payload (zgRAT)", "value": "622735f3c745567f645eed34be6cb762ce33ebe3db431af27f907575f1f05ac6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685892985, "uuid": "ef8aa4cf-2d49-48cd-acda-5069fcb0542c", "comment": "Malware payload (zgRAT)", "value": "3fab91c4124cb97b7aaa2833adf6acc193703fae", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685892985, "uuid": "17b2e9f9-2ad3-4cdb-a0e6-af28ae39de3b", "comment": "Malware payload (zgRAT)", "value": "55ceeaf3ebe82bf957a0ddaeeec5006b43bda6a1365f2b4f49492a1c20c96a6e41f3ef5dd03fc6020c8bd96cf815c3b6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685892985, "uuid": "62894896-f76c-466e-98fe-11ac1c90204a", "value": "T12074F242B3928462C14C1571E0D7093803B6BBC726B3D74B3889439A4F467DE6DEDEAE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685892985, "uuid": "0bff3a31-e965-47e1-ac96-18cfb060763f", "value": "6144:NV7xmB8E7nM52dxckDf++leD4c9PvMAm6AsIIrQEG2RWPDnvj5:37xmWEI52dDW+QDhFM1sIIrQEFW5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685892985, "uuid": "5d203b07-6473-482a-bdea-aa0d6a418fd3", "value": 343104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685892985, "uuid": "c4a04229-6704-4601-a5db-5d989732fd84", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685892985, "uuid": "cbf76024-c481-4355-9591-bc0fcfa17f68", "value": "BMKNJPO87.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "47292af5-026f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1685838745, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838745, "uuid": "8ff2fded-56eb-4fdd-9610-782ff08a749e", "comment": "Malware payload (Stop)", "value": "3e2b7136c86601bf075d2ea3b3f458cc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838745, "uuid": "67a4c962-7f13-496b-820c-8ba93a1bcb91", "comment": "Malware payload (Stop)", "value": "642e4877dfd059fa22e49ba686ddf84b6a70deb613ebf122d66748742ce9fd2a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838745, "uuid": "d5ec6f32-1d86-4066-9dad-30710ce987bd", "comment": "Malware payload (Stop)", "value": "a4ad29e427726d5166bbbfa45e31fd7f2557bf2f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838745, "uuid": "b1db192c-8d07-4c64-bb5c-f45a14cd2c1a", "comment": "Malware payload (Stop)", "value": "4443ce5a06a2daeb500824dc7449ebd1e2c7ccec9b085ecf8ddbc66d8694ecd52286037ad3b29a3ed2fc59f4440925eb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838745, "uuid": "9e8068c2-446f-47a3-a446-829a364ad7d6", "value": "T1D5F4F21362D37C60E5155F728D2AC2E82B1EFB618F4B77EF2214AE2F05761A1C572B42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838745, "uuid": "434007fb-b8eb-45e6-b952-b40cd4ce60ff", "value": "382962f043b5a0413c587a899bceffb1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838745, "uuid": "d9eeac85-a341-4566-8463-5d641e40c060", "value": "12288:ZjaLNzlZC8EjOvIBBatXDtAOl5++53EPPocgpYx9hu38kjBx:ZjcjtkBaqqs+5Unoj6x9hA8kN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685838745, "uuid": "6a8e6552-76f4-4850-989b-daa246b30255", "value": 790528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685838745, "uuid": "7a9877d1-d510-492d-90b6-8e7c187be645", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838745, "uuid": "b69a3457-e899-4af0-a84b-5070a70a5097", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "acec762a-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685905058, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905058, "uuid": "7750bfe8-f626-4101-bc28-a82cb9993023", "comment": "Malware payload (RedLineStealer)", "value": "c44826616df37fd18d63d4b4b347e6d3", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905058, "uuid": "7115e305-41f8-4101-9270-9fd1474e7d88", "comment": "Malware payload (RedLineStealer)", "value": "64863426d6659c9fcab038ec152a617aeb884c9cd78a4545f40eaf4df2c3c115", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905058, "uuid": "294d784c-9431-4baa-9844-0edb23b60743", "comment": "Malware payload (RedLineStealer)", "value": "a9822d5bc31a7e4f6bee7585623b8ce8b3d9c8ef", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905058, "uuid": "16f0dde4-47a4-4eba-aa93-1aa1076f9c8f", "comment": "Malware payload (RedLineStealer)", "value": "5c902c078baac9a3f9d8c393934af1e8ff5821409497af59079f825ddc11b0fe40519e6d681f3de9e54044fe8e8f7c0c", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905058, "uuid": "931a2b10-c82f-498a-ab05-de466c1c2817", "value": "T1D7C41252F7EC4523D8F50BB098FB12931B313CA19D28825B2696AD5A5C72AC0E53637B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905058, "uuid": "6b7d1cd4-eae9-4c8d-81c7-029167cf6874", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905058, "uuid": "f4926504-bd58-47a4-ac97-b31102eb14c5", "value": "12288:fMrqy90uNFeRAe4J5Yiz6pLp26Mb6F+DCl8UJQhBfM:1yBFeWe05Ym69pmq+DCrJOBU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685905058, "uuid": "0ace7a58-a1f8-4ab1-be4d-37c20bbd2401", "value": 594432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685905058, "uuid": "d45ff354-843f-4cba-8bf8-7da619e890d0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905058, "uuid": "8f9c3d58-807e-433b-8a1b-f1349dc840b5", "value": "06935299.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ab8bcae-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685905028, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905028, "uuid": "71b4e7ab-8017-4127-af21-3e8c35950f2a", "comment": "Malware payload (RedLineStealer)", "value": "be34d9defd842eacc8847f254ad3b29c", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905028, "uuid": "ce4661a2-4e95-481b-83eb-cc97b4a95f7e", "comment": "Malware payload (RedLineStealer)", "value": "683f5114e5f6f5b9397b80b4fccd1d3e2f0ff02b8c1ab1c98781a1b344e0324d", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905028, "uuid": "3d311c4e-376e-4787-871f-c141e457d151", "comment": "Malware payload (RedLineStealer)", "value": "e826092ec3504659b37bdcdb3626a648effb48d9", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905028, "uuid": "dbfbd8e7-3d28-4fb9-a1aa-e848efc86685", "comment": "Malware payload (RedLineStealer)", "value": "1bbd5be9ecfa1544d9a1eda7de7970c8a736b082516ffd15222f9fc9f508bf17757eb88fda7af9630cda6581f05e19eb", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905028, "uuid": "114052db-03a8-41e7-97ff-e0c38dc85aa6", "value": "T12FC41266A7E88076E8B5177038F303930B367CB25D35835B2745589E4DB3A90A97337B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905028, "uuid": "d85cda4c-e8d1-4e5a-9b25-e6de639d73ea", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905028, "uuid": "2a294379-2bdc-49a2-93d8-e7dead29ba8f", "value": "12288:bMrMy90KKEQUOHiIz1mqu/Jtx6O0bE9ljsyFQJljIqX1qp+cB22:Dy3vQl/zsZHx6FEzF+KzgcA2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685905028, "uuid": "ae60afeb-b94d-4c6c-a622-5e65aec48477", "value": 595456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685905028, "uuid": "9b25ef1f-1665-46c3-a71f-24b52cb8a65f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905028, "uuid": "2c21a14a-025a-4d26-9c55-00828cb10037", "value": "05947299.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6c8112e3-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685904950, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904950, "uuid": "337085d5-b40c-40c8-be27-bf4f25f558ef", "comment": "Malware payload (RedLineStealer)", "value": "dba1e663ff001121397055b00effc2f9", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904950, "uuid": "7ce18fe6-f9d4-4126-ad4b-1295bbfac9bc", "comment": "Malware payload (RedLineStealer)", "value": "6885ecb2b36149f68e94ce2292838ea9e54bb730178cc31bbfa3d316e1596fde", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904950, "uuid": "c5bdb617-a275-4864-adca-2fd3c758a3bb", "comment": "Malware payload (RedLineStealer)", "value": "7cabee1e90cd3a7328106e2acdd54b37dbb1f893", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904950, "uuid": "efbd8f26-5424-492b-a0ec-5d22936cc62d", "comment": "Malware payload (RedLineStealer)", "value": "e24eefe0d0100220b5bbaa2c18804478aaf2b7a139ea19fe7fcd20b7d023b8eb8e5f91e81c151944788cf33529759af2", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904950, "uuid": "3c46e07f-5d9d-4660-9f35-d1c90158a49f", "value": "T1B1C41253B7D85072DDB60F711CF607C3163ABDA24AB842AB2784EC495DB22D4A53933B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904950, "uuid": "522686b1-fe31-4f4f-a38d-5974a9c1bd90", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904950, "uuid": "a4ce0e25-ec9b-4e13-bc7c-9e30a62f736e", "value": "12288:AMrmy90kKJnZCjo1piGE76wMab39sWO9mx6eWz98iTkNBDU/:WyYV1pJE76wMaxsWOu6t98mkQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685904950, "uuid": "99aa6d96-f396-4a36-a7c3-c013357701bf", "value": 594432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685904950, "uuid": "cb109521-6c31-4945-a8da-db124d303b8e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904950, "uuid": "5322d0df-dc8e-4fce-82cc-f19ff07e9645", "value": "04979199.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9579137c-027f-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685845748, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845748, "uuid": "86a8d110-229d-40a0-9295-4a4ec0bee40d", "comment": "Malware payload", "value": "65f35ae4203cf5041a0aaa358dd3d74c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845748, "uuid": "8b78797c-c87f-4acd-9789-88a65a210ca1", "comment": "Malware payload", "value": "68e5caa3f0fd4adc595b1163bf0dd30ca621c5d7a6ad0a20dfa1968346daa3c8", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845748, "uuid": "915c45a9-43c3-4392-897c-32092a645ee5", "comment": "Malware payload", "value": "ea1f7940271fc80d06b2f222506020b650ad41bc", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845748, "uuid": "6ecfbdb6-b92b-44b9-bf4b-3d2455fab8aa", "comment": "Malware payload", "value": "1e068fc033fd30516dd2ac825dd909a819d0d130be8a2c3c7a6f638c45140cb0483fc931c055df64913729b4c88a7e91", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845748, "uuid": "6f6e9155-cb97-4846-af5a-9a66e7a50be1", "value": "T13F848B107157C031D55E12B16825AFFB9BBCAC245BF584CFA7C42F3B8D212C27A36A5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845748, "uuid": "bbd5f84c-5877-4d3f-9ef2-dda5f33b1352", "value": "0701e1e4ad265d4729291004d2dd906d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845748, "uuid": "4be8f9ea-fb58-41d2-ae63-36803cdceebf", "value": "6144:48BBZH8L3/KoHJh2pgCkiWoOx0nxcCDlX/TNBUnjF444C48t9g4/R/:jBBTY0pl6x0JDlXJBWj/48om/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685845748, "uuid": "6654dc01-faba-45eb-a5a8-7bc4609c13a7", "value": 380416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685845748, "uuid": "12e88c7b-be1f-44ac-9d89-3ca10201aa5b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845748, "uuid": "3e87f779-4ed0-4a0f-933d-20fe6b954a57", "value": "1ce30fbd_dll.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14c02a6a-0280-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685845962, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845962, "uuid": "7ce5fc93-d085-48c7-97ba-939d11ce0f48", "comment": "Malware payload", "value": "bd69a645fa69fd8d5ba56b9c3f468711", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Locker", "colour": "#0F83CA", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "windows", "colour": "#2DEF59", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845962, "uuid": "f0ea3054-70ac-4cf0-b966-44a8a70507d7", "comment": "Malware payload", "value": "68ff9855262b7a9c27e349c5e3bf68b2fc9f9ca32a9d2b844f2265dccd2bc0d8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Locker", "colour": "#0F83CA", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "windows", "colour": "#2DEF59", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845962, "uuid": "65efcf01-473e-44dd-9a8f-041264db0074", "comment": "Malware payload", "value": "12dc0a2de3ad30201107bfcb679de5acacf31e5c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Locker", "colour": "#0F83CA", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "windows", "colour": "#2DEF59", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845962, "uuid": "e222fc84-1f8d-45a2-a7f0-fc465ab6defa", "comment": "Malware payload", "value": "c07bdb8d2ad0caaa7dd907450051cbc4d1f5e1b8f3130eeb393d7b467c383b43421e6dbcce594b204cadaa79c185dee9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Locker", "colour": "#0F83CA", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "windows", "colour": "#2DEF59", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845962, "uuid": "4b2a6c52-67a3-4041-94bd-56215a942fc8", "value": "T1E6847C113247C032D66212F25925EFBB96BD9D245FB264CBB3D42F3ADD102C67632E1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845962, "uuid": "71dfc198-1f47-4c5f-b825-08e695df992a", "value": "32351cf60239b33e61f3bb47f3c05274", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845962, "uuid": "57c18904-2720-4d33-9b67-fa37d2aa5c75", "value": "6144:oZXC9cv63fpRQEbHhx0sOKVKKaIAwhBUnjF444C48t9gIoC:oGmwQsOTyBWj/48oXC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685845962, "uuid": "bb0108c7-0b98-46a1-989b-bb057a5338a0", "value": 381440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685845962, "uuid": "30483bb4-9740-4c93-8b39-5db732c1b029", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845962, "uuid": "69f7dc7b-ef54-4c11-bb6a-9cd460ad2076", "value": "No_Escaper_Locker.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6c8aebcd-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910534, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910534, "uuid": "e2837b38-29ed-4238-bea8-b8d847a11be5", "comment": "Malware payload", "value": "b19cb7724c0be19001aef738f37f1e94", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910534, "uuid": "49525fe6-8287-48ff-9399-d189ec47cd57", "comment": "Malware payload", "value": "69e52d34f49684264d760cf98a98244b89619a62b28bf6a35f5ff93b4c90ee90", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910534, "uuid": "7110793f-ed65-4552-a1be-f87f98318f9f", "comment": "Malware payload", "value": "5b6cb38d685965cbf3883d61ce90ad0ed6ca7247", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910534, "uuid": "4c9c1688-2cc4-4d53-884a-549cb433fc54", "comment": "Malware payload", "value": "236730cd16f167ae5cf16a0f266b302805fa6df2425a87d4d6ee8e66a7e5ef2e1fee4bf34ec151c48f20a1f3b575a8b0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910534, "uuid": "735841d0-f945-4843-a145-4c8c4d412b57", "value": "T132829D95B320C89EC1C819361D13DABC77253D3A8D295E073EE05B0F7E3A756EC06A96", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910534, "uuid": "9aaf7941-6d1f-41ce-b511-2088deb4816b", "value": "87bed5a7cba00c7e1f4015f1bdae2183", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910534, "uuid": "815810e1-2873-4d32-8a0b-cc301c77309e", "value": "384:MfgTYLDTs8hsF6qtK8lzQ8+Sych3mYvCPHxA:MfgTYLXVhaTtDE8VfCPHxA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910534, "uuid": "26204077-cf84-4fa9-9ce4-cf23c87d1c56", "value": 18037, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910534, "uuid": "f43e1fe1-3572-477f-9ae1-f50829fa0f4f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910534, "uuid": "b0e40f6b-1611-4451-8916-22c57ca03d76", "value": "SecuriteInfo.com.HEUR.8103.22804", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33c83475-0323-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685916022, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685916022, "uuid": "41d76e3f-9d6e-43fa-a8eb-b8d354f806ce", "comment": "Malware payload", "value": "dfd563d229f9f203217d66df57ba3084", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685916022, "uuid": "b0df05c4-adf2-40ed-bc88-4199ae7aace4", "comment": "Malware payload", "value": "6b0b3288c0797e1199661330e30bce99ea22e9d1175258f2cace9063943565bb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685916022, "uuid": "b368795f-8375-4256-81b5-e95cd116a7bd", "comment": "Malware payload", "value": "fbe45679a8d15b26ac6d7f648bddffab0455eeed", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685916022, "uuid": "6fd53574-b6a4-425b-bc07-c8951c82a020", "comment": "Malware payload", "value": "7bf2cc93d645dfaa81136a1c80f2d9f5f4bda9c8a05e9fbd69b4fab5e81d86de92bd5ecbcaf685c6cacb2c2827d94dd8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685916022, "uuid": "fae3e725-80c2-4920-9630-5691f03863b3", "value": "T1BAA36C01F5C1D4B1E8B25D351875EAA24A3DFA710B158EFB2798062A0F780D06E7BE77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685916022, "uuid": "4239cd41-3524-4f10-8274-02e8d55e665a", "value": "043efe89168e849c5ce468cb9084837b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685916022, "uuid": "b6e52b91-e1f0-4778-aa9e-759045b6adaa", "value": "3072:mPYOl+2oTiF2Tso4cqFOfFA9vhKeAd+eRp/qzgf:rWFOsoQVvhKDFiA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685916022, "uuid": "760fa7aa-cc25-453c-934d-651193a85313", "value": 100352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685916022, "uuid": "e22f0fc7-f99b-41db-b0d7-393de03ef7d9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685916022, "uuid": "61b49dbf-0b35-4629-8772-3ebda8b19625", "value": "Monoxide-sound.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2e4c44e1-0278-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1685842569, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685842569, "uuid": "9033f4a7-ece6-419c-9b9e-0503069c0455", "comment": "Malware payload (GCleaner)", "value": "102b4dfc354276c27bc8cd3cf7f50ed8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685842569, "uuid": "0beeb78d-1ac7-42ff-b24e-9531da23478f", "comment": "Malware payload (GCleaner)", "value": "708d6fa8d0f5cb40efb1f7bd168cdc52737d99e3fdd17d6cb9d14dfc8da59deb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685842569, "uuid": "877ac609-13ad-4f7f-8582-30e240451a25", "comment": "Malware payload (GCleaner)", "value": "faa53dd36c10d6e5289ac9e961cfb5ae67bcd053", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685842569, "uuid": "3cdc5aa3-8b92-4943-8d0c-de77796f2d85", "comment": "Malware payload (GCleaner)", "value": "d3fe03bf613878bb9564ceac2ee92a0f6bc6e1dbecb32b2f8f2eb700b806f52ff0446583dedc899ddcab08963547f9c7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685842569, "uuid": "91bbaa1d-0ed7-4306-9ecc-5e34cebdae69", "value": "T163953326F2CAC873D3578E366A91D6235023F56B582D506D322E8BCC7F5EB91500B68F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685842569, "uuid": "b5e0662d-e269-4ce7-a5d0-f80b1a8ba045", "value": "e92b45c54aa05ec107d5ef90662e6b33", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685842569, "uuid": "4cd9a98a-c002-4b70-87f8-070dccfbfae2", "value": "49152:Mi8q11RcyvdzeajCGWR/grhiUqKlK0IwhuCkpx:Mi8gRcwJVBWOrFl5huCk/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685842569, "uuid": "89bcf955-00a6-40c9-b77b-5ace1a108035", "value": 1891847, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685842569, "uuid": "400c339c-fb61-404c-8d86-76d46cb449d0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685842569, "uuid": "2d3f60c6-04f8-4ff8-9fa8-f4dabd9bf360", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5681890e-0276-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1685841777, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685841777, "uuid": "7a39392c-36bd-40ba-8fcc-ba757549db06", "comment": "Malware payload (Amadey)", "value": "8dee1641565195210f8d18051ad931a0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685841777, "uuid": "3f758527-165c-4b05-a3aa-717c417cf8af", "comment": "Malware payload (Amadey)", "value": "71a35fe403a4e41182eb707e3a7d76821034b494551ee67432afd6e7fa82e864", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685841777, "uuid": "00649c39-9204-4b14-ab87-39112fc123eb", "comment": "Malware payload (Amadey)", "value": "73865a4c1c11ff4fedab50a8d836cc610a91a61e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685841777, "uuid": "ce710787-9e28-4378-8ced-949d99b8b7ed", "comment": "Malware payload (Amadey)", "value": "c6294850e9727da66df0e54e9bfc0bfc138fa012113c73f2ea49002572e8d15530b26d864b4d69f59c1759cbc4a17ea7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685841777, "uuid": "ca1d4eae-a2d2-4898-a07f-7d6889fe324e", "value": "T1FA0523969BD99432E8B5873024F607C30F35BE65467C563B27826C5D0CB3A88B93637B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685841777, "uuid": "ba2df314-bb55-467d-961d-44f0198ee527", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685841777, "uuid": "b8503643-d93e-4722-8a5a-3825b5202b7a", "value": "12288:KMrUy90cXzROk0/pCiYVU87wAJctr+D/FKtZIA3ktnM87atscTPO5YoUDqAZAah/:Ky1XFg4pP7jJctU/0onH+GYoUnZHLEi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685841777, "uuid": "3b986415-058e-498b-ac54-54ea8c089086", "value": 796160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685841777, "uuid": "c6338796-eeb4-4fab-b801-62c093340afc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685841777, "uuid": "c91c2b3e-3e45-477e-82a6-b6942be077ee", "value": "8dee1641565195210f8d18051ad931a0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9efda9a7-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685905035, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905035, "uuid": "4b987c6c-6399-436b-a8e5-01a9af0fb382", "comment": "Malware payload (RedLineStealer)", "value": "fd1cabf04c59c65e0e1e413097a89348", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905035, "uuid": "549f74a3-f417-4cda-89e4-6739e0e3109b", "comment": "Malware payload (RedLineStealer)", "value": "73394305fc8f5a428bd67442d9b4c23d8c35e707efca250f463c09e3dd184b78", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905035, "uuid": "7d9b1c20-cba7-453c-ba25-fb2c36a068b1", "comment": "Malware payload (RedLineStealer)", "value": "73731f977c631ac2b2a53356ff18ef10f82b5221", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905035, "uuid": "764a86f8-e694-4380-9723-df17f5bf5f4c", "comment": "Malware payload (RedLineStealer)", "value": "e9813a1fab37db4122c0b077c24b5c18d460216f8794d5f5675564e3a48e04310cc5bee3ca563837b2e809f401c52595", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905035, "uuid": "d4af6c97-7864-4808-ab83-a97b8c49aff9", "value": "T147C41213E7E88132D9B5277069F303930B3ABCD15E38562B1792E94E19B3790A47277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905035, "uuid": "0dcd756d-c2b2-4128-ad7c-a46a964506cb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905035, "uuid": "77a49c7b-562b-4fcf-a4a7-a820d583a082", "value": "12288:mMrvy901/V8OJ0dam87njXlMuZdurIxw4KLTM+m:1yWPJnmzuYjRL4d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685905035, "uuid": "d5601177-d445-476c-9a83-8c19151a2fa4", "value": 593920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685905035, "uuid": "fbb10566-8c21-4228-b4a7-d21d543ab1b0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905035, "uuid": "29b4f43c-5d73-45dc-86ed-816064fd24bd", "value": "06684899.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb94092f-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685905083, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905083, "uuid": "d61f32c7-0058-45f3-a9b7-28629689c8ee", "comment": "Malware payload (RedLineStealer)", "value": "ec262529427d19e556cdd8878010aed7", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905083, "uuid": "2bacd564-709f-4fc3-99e4-acaf491816cd", "comment": "Malware payload (RedLineStealer)", "value": "7394d787cf49c58cc731bbe776323b2525c5689ce630df4bbd57e00adea638b8", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905083, "uuid": "4af191e1-a97f-4431-b89a-2ae5ed677953", "comment": "Malware payload (RedLineStealer)", "value": "fdcf6240902b81f6a8fca32ec50f7089a66138b7", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905083, "uuid": "8eb1e133-c234-491b-ac4f-dc0db20b0a64", "comment": "Malware payload (RedLineStealer)", "value": "7d0525003be3c721fa920d3ad540ea8789e46f99e2ba9d9beb6600083b26bf6ea2528c73ba046f7f6b9375ded1705d90", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905083, "uuid": "2db69107-93e0-47cd-b4c3-5c1bc29840ec", "value": "T180C41247EBD89133E8F5277058F313830F357CA18E78936B1746A56B09B2A98993533B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905083, "uuid": "c35224dc-01fb-4887-a5f5-2aeba9ba582d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905083, "uuid": "b0addb15-535c-426c-9ddc-a36ba1e9027c", "value": "12288:9Mrly90bsnpSE+f4LMtoaKlVP7MjJMrvDnkgOKRhRfFa59NBjn:YyauP+AL5I1MbDngbjn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685905083, "uuid": "cd796e77-24f0-4d35-99ce-34d50abb5fdd", "value": 594944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685905083, "uuid": "aad5ad39-fe76-4d31-a95e-74c4a1730f41", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905083, "uuid": "d2527d68-da4f-41d0-96f9-12acbd720040", "value": "08428899.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6956e64e-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910528, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910528, "uuid": "9ac06551-a5b4-4692-bd68-a25485c0f145", "comment": "Malware payload", "value": "dd14f6f937031600148fcbd07d5a54fa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910528, "uuid": "ecc3be19-ef20-47f5-91fa-083180798d75", "comment": "Malware payload", "value": "7543f108a40f6ac77210d9a4b6a9c6aec9e2efd625b16b69a295d2995ea7def5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910528, "uuid": "5cb29338-8404-4a60-acb1-249ce9322c71", "comment": "Malware payload", "value": "73eb935cb30817d5d060325be84e0d65e850dee8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910528, "uuid": "97437b76-78ca-4f81-a107-9c61531f479d", "comment": "Malware payload", "value": "322b10b9b5b9b540b85ee686646913bdc3bed011c53971544a3e09d671fc6aa2028d8e4d436634923904857c60bf5b29", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910528, "uuid": "2319baa8-3d8c-4f5e-bc72-6362d0bfee23", "value": "T15A828DE9B210C98BC5D005326D13DAFC76253D3AAD195E0B3FD4274F3E3275AAC06A96", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910528, "uuid": "bdffcf04-d81d-470a-ade5-dd103b3ba78b", "value": "87bed5a7cba00c7e1f4015f1bdae2183", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910528, "uuid": "4cd2791c-4c13-48bc-bcf5-661864ad98b3", "value": "384:UMM+LDTs8hsF6qtK8lzQ8+Sych3mYvCPHx47WkQ:UMM+LXVhaTtDE8VfCPHx47w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910528, "uuid": "0841025f-5bc7-4bae-ada4-94edcd4e6b8b", "value": 18019, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910528, "uuid": "4e8248a0-76a1-4f75-904f-a3a5c2729d00", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910528, "uuid": "ef5bff7c-c103-47a6-b183-95461307f0a2", "value": "SecuriteInfo.com.HEUR.11340.21761", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "588ee52e-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685904917, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904917, "uuid": "76f97212-ab3d-4582-9085-462da4d33d21", "comment": "Malware payload (RedLineStealer)", "value": "70e2448b32cb926dc4d8d15cf08c2637", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904917, "uuid": "b7603ce8-295b-44d0-bf74-031a1ee8f3ed", "comment": "Malware payload (RedLineStealer)", "value": "75d26022fd8d5fed4cad1a8564e304b3de9560ede0d1c0ac1ac215d870730bb2", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904917, "uuid": "63136cda-4141-472d-93fe-f1c1684b5cf0", "comment": "Malware payload (RedLineStealer)", "value": "2ada10c149f47c6b83ac51aa9b5a026cd2c20de4", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904917, "uuid": "313ea7ec-4771-4007-8b38-077ac4d86b53", "comment": "Malware payload (RedLineStealer)", "value": "0ea76c7ebbf1183757a33731602e07dedd8276f8f918bcd1174cb845bab1da57b57f4ce1443d50a783675d78a5eeb431", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904917, "uuid": "78e035e9-6e15-4a6f-8e36-238b177533d8", "value": "T104C41213AAE84472E5B91B742CF713C30E3ABDE15E34431B2B8AAD590D33695293137B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904917, "uuid": "410dc6b7-61fa-451f-ae8e-a9935709ba5b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904917, "uuid": "3b17a4d4-9556-4399-8d79-9c22165bb46a", "value": "12288:2Mrwy90E7K5XMMyv/FdZokVFxiW2hhmRLSxokWzMqRPnAPL:Cy5bJ/xFj2hhmxSx5oM6vAPL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685904917, "uuid": "144648b9-5b5e-4dc4-9ad8-29dd254455bb", "value": 595456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685904917, "uuid": "f41a24d8-2d57-4111-80d4-5035944c13cd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904917, "uuid": "e30bdb1d-1d9e-4177-aa37-183bc1539565", "value": "04280299.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f75ec3c8-02d3-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685881990, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685881990, "uuid": "b857f161-6969-473c-92a9-7cdb918a541e", "comment": "Malware payload", "value": "800c3cf0234453c72b324122fc89be60", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685881990, "uuid": "c33c365c-b1ff-4c8a-99ca-13dcab73281a", "comment": "Malware payload", "value": "778962522edd75aa47f1b35c8fb3a41c44952b4e9e64db2ed6336c0420c684e6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685881990, "uuid": "91947cc0-25a9-498a-b307-b6db84661925", "comment": "Malware payload", "value": "d1ab6cc3981abf4e7800852a327ec9c2994b10c9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685881990, "uuid": "11335bcc-52ec-461b-a519-2b008e564f7e", "comment": "Malware payload", "value": "a7e80511e7937946586c9bbe393587f34901014116637d9e44ed1cc8d9150faf642b4dfd834639815c2a2a06e39f6554", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685881990, "uuid": "6fd8ddcf-273b-4ff2-b2ae-16dd661ce22e", "value": "T1A8F02033072AE068A868419105C01F30639C7C8DA35CA9600642112BD1FEF7342B969C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685881990, "uuid": "83081375-5360-46f2-8ec2-49ab541042b1", "value": "12:T0brQh2aundRuOlSryeNgNQTeTZrfEPOMj7sIU6GjtAxejd:wbracUUk8C2r+YIUZJjd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685881990, "uuid": "4edfa678-e74f-4a96-9c44-446e2178d56c", "value": 539, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685881990, "uuid": "2dc2b73c-3f55-4350-8f85-d1fa7a7dbde4", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685881990, "uuid": "e61dc245-dc38-47ee-9b5e-0af9c8670765", "value": "rvswd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94d05b78-02c1-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685874094, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685874094, "uuid": "ad5c1660-33ef-4aaa-a8ee-1a9e48f853df", "comment": "Malware payload", "value": "29e462c930b250f02af3f731c5d0f8ee", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685874094, "uuid": "64cee08b-d3f1-49df-8871-783ad0cb7780", "comment": "Malware payload", "value": "8027e6c921561fddb01426b501b67b87cb5f65f7dafbbb77c866df4986092c6d", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685874094, "uuid": "99c60900-7d89-4506-bba2-c00843d84d2d", "comment": "Malware payload", "value": "e65f70c0ada440cdf013ce007f942a9861ed08a7", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685874094, "uuid": "4a46784e-8032-49f8-b902-9dd9396d3214", "comment": "Malware payload", "value": "7ea042fbb6b51d8df74306377211eb4ea5a6b366140b4e00ecf430fbaaae5a05958ace13cd35b390e3e31efc3ecb4555", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685874094, "uuid": "257e7a8c-3837-42cd-bdfa-3c8625e59d64", "value": "T1E6E63328D6688388F201C236EB3547B63219B55309D73D3DB992D16F18EC9E9EC724DE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685874094, "uuid": "854fdde1-894e-4ea6-8325-4a48c2d2db5c", "value": "196608:MYpvuwfEwQ3Z+2gb8FMJqSGMuPLGS/QtA9cR7+dPrBFYVqqXwel8jaHA/qd+p4Q3:MYpv7fnQp+hbpGNcVqPwNAmHguYl/nfX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685874094, "uuid": "07c7d56c-52ed-401d-8cac-8c795e22586f", "value": 14139887, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685874094, "uuid": "9e0355f3-3b10-4123-a835-bf2558f01357", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685874094, "uuid": "62487169-95c8-47c8-b41f-b186a85bcd49", "value": "Meta_Ads_Manager_setup.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a4364de-031c-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685912946, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685912946, "uuid": "b2624b3c-df0a-49c3-9c99-6f3068281fce", "comment": "Malware payload", "value": "0b24028737fa029d0c75ec0195cd60ce", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685912946, "uuid": "5b8da7d4-8deb-43e4-be8e-8c7d42fd8e30", "comment": "Malware payload", "value": "80ca096a0d229900a697be7595d65730a8e7fa1de3bdc015578e87ec996ebd4b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685912946, "uuid": "5c8fb0b2-edb3-4559-bada-c31fae822ffb", "comment": "Malware payload", "value": "86718c37bb8e7782e12ee577de095738c1dd7a69", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685912946, "uuid": "2bc086ed-49cd-4ab3-8b73-bb0d9f8708b4", "comment": "Malware payload", "value": "155284647f81143e7ec71205b5a9c46974842f96300dab50b688f643c447ace98a7745c8e986021e827e0099c84cee50", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685912946, "uuid": "ecf1113d-8061-4ea1-a5e7-0365fd72cd02", "value": "T18B063317AC721264EADB73B50CFAC6E678FC996596841D09F09240B3603F45244FF6BE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685912946, "uuid": "322f80f8-dedd-4224-a6b4-254f6c58de5a", "value": "baa93d47220682c04d92f7797d9224ce", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685912946, "uuid": "711e7d9b-5295-47c2-9e54-56850d0faa1a", "value": "98304:PjYWYwhbmTmf0uldA6pK5offSMsMc7CUMqNYGNWP4NeFB:PMWJhm6lq6pKKWMkCXwwpB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685912946, "uuid": "276a0cc2-5e28-4fd3-b255-64b32e7d8c64", "value": 3935232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685912946, "uuid": "f0b781bb-5ab3-474c-b03c-dd19627be666", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685912946, "uuid": "2c614885-99a2-42f9-8e46-e79de83b9260", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "368b8cef-0271-11ee-b3cf-42010a9c0076", "comment": "Malware payload (OrcusRAT)", "timestamp": 1685839576, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839576, "uuid": "4ed8b5f2-4a45-4cbb-912b-05793439ec41", "comment": "Malware payload (OrcusRAT)", "value": "72a422fba2b26a75fdf719d54282d4de", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839576, "uuid": "21d40a9a-4784-400b-8845-b82783468e89", "comment": "Malware payload (OrcusRAT)", "value": "83b50b30ae99a3348ab5195f89e78103aec652ad2907d111a14b553504703599", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839576, "uuid": "335e2d7a-17e6-4c8b-8671-cdd8f1f1eb18", "comment": "Malware payload (OrcusRAT)", "value": "d7fd2c2bc6d3f503fcab6b1466a267fc146751c7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839576, "uuid": "653d2704-1161-4a6a-a190-4613267288ca", "comment": "Malware payload (OrcusRAT)", "value": "18b0c5edcc435c0c7c11ec7974aeaf6c478d631b1143cbc2d6f00abc8cd3a2d6e62416299db93b2a621eb5f70b96ca1d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839576, "uuid": "b5cfdd3c-460a-471c-a025-40a29ac651c7", "value": "T15A36BE013BECBD07C1BE2778B6731AC90BB8E8066052FB5E095861AD1D9FB01BD56367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839576, "uuid": "ef542347-c2c8-4f72-a6a5-f6a587ea155f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839576, "uuid": "9c25d1f3-b6f7-45fe-8881-693c38f6c0bc", "value": "12288:uoHWszy2LkjKgEX0pq5g7dG1lFlWcYT70pxnnaaoawBm7cfpLF9VV64QrZNrI0AG:Ieu4MROxnFJrZlI0AilFEvxHiVP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685839576, "uuid": "eac467cc-f32f-4f2d-99d5-ed1da4778de4", "value": 5242879, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685839576, "uuid": "34a5de8e-ad8d-4027-897c-e01339aa0fde", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839576, "uuid": "28aaa367-5e5d-42be-ba14-cd91078381a0", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7392daed-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910545, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910545, "uuid": "42f0ac8b-310d-403f-99a8-eaa38e143db0", "comment": "Malware payload", "value": "faa702f5db295f715405a0a4c53536f4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910545, "uuid": "4fd7975e-0d69-4e51-8202-b248e0af0ed1", "comment": "Malware payload", "value": "84e7891a7682b65560f2893ce42689afa403da5cff4d9f2bc51ddda5363c3c70", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910545, "uuid": "2bbd907c-3ca6-40d2-85cc-9e12356d2fb9", "comment": "Malware payload", "value": "a12c60321aa4567d73c619e0dfdeb56f5a69cd0f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910545, "uuid": "c912f568-16a2-40bd-bf04-5970eff4d2ad", "comment": "Malware payload", "value": "32c834623991abd4ca759f74625ec8be23fcfd6afaf855274ee31f773a1d447617ae6973fef5639b7a50fe26c96a6bf7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910545, "uuid": "e8b61d4f-a7e1-4fbd-9757-a69ce17ed5ce", "value": "T1C283022D439140D7C3DC17B1837746AF2E4CC2A0A255E8B748DBF14AF8E78366BA5919", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910545, "uuid": "406c37f7-0576-4a5c-86f8-03703a81751b", "value": "16d92a38706972c773f3cf5bf659bdfa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910545, "uuid": "2ae63c3f-495a-488b-9601-12b61d8fa1a0", "value": "1536:UU2ttvNHIwJ8CyG1q0IknW0uVC5zg0PCtSZNaN28zRQf8DkychJr:UU2/FJlB1Yr0kog0PDDaICRK8D0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910545, "uuid": "cf179c21-bed5-4141-b1ad-82ab185c0050", "value": 86528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910545, "uuid": "89630087-714e-4d98-9e21-1cb0a5b828cf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910545, "uuid": "e0a3b487-08e8-47a2-92d4-42de96337c5c", "value": "SecuriteInfo.com.Trojan-PWS.LDPinch.25802.24677", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "998443e8-026e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1685838454, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838454, "uuid": "e4863267-9905-4e64-86b3-048b5b453e67", "comment": "Malware payload (ArkeiStealer)", "value": "86e0d9143fa954f306970a163e60c384", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838454, "uuid": "e9dec0a0-d754-48ac-b13f-0b210eca7772", "comment": "Malware payload (ArkeiStealer)", "value": "8532a39ee1ff5934c30e3e1ee2d98ecd7949dec7817c21d17cc25434456c1768", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838454, "uuid": "7a1e902b-28ea-4288-802a-8fbd91302581", "comment": "Malware payload (ArkeiStealer)", "value": "6a7654a8f141777ce365e22fc013805d46088767", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838454, "uuid": "b213f21b-1a66-4c64-ba2f-b8eb069741f0", "comment": "Malware payload (ArkeiStealer)", "value": "70cd24d3d7d10ea8a381403136789999a9557263470fbfeb5accafe2464a7e313038ba075a5e975f3699447b17e437d2", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838454, "uuid": "e86da179-8728-46ab-82eb-7b71276404e2", "value": "T15B948E1372A3FC51E5264A728E1EC5E87A1EFF918F5777AB12186E1F04B11B1C272B42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838454, "uuid": "2b417016-ba9c-40d0-b0e8-7abc845ce5ad", "value": "382962f043b5a0413c587a899bceffb1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838454, "uuid": "1989d1d2-4615-431a-91c1-455cb21bf53f", "value": "6144:N02ive36Eq1XueW/2aH1KjGb21csiWYjKiwq31C:Wta6tgF+aVKy61AzVD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685838454, "uuid": "114b1e93-df9a-46b1-9ac6-4ffa9a45474c", "value": 410624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685838454, "uuid": "ef6d6e74-b5db-4874-b38d-9a3aa80ea2ac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838454, "uuid": "70c94fed-b958-4464-ac9b-857def57b9a1", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "775a8983-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910552, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910552, "uuid": "510ce933-71a4-4b20-933f-6055b2138206", "comment": "Malware payload", "value": "acd968f83a4319c1b65a279a28caaccb", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910552, "uuid": "f5e6ac9e-25b7-4655-872a-0f0a924a99b0", "comment": "Malware payload", "value": "870f3953349983ca0232d74fec59da49148d51620e8a6f6ffc319bf0235614be", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910552, "uuid": "97744bcb-3c6a-4c16-bd5e-d2f3c487adba", "comment": "Malware payload", "value": "d79ed26ed84ddc431299e261ae88f30805db6db2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910552, "uuid": "68efec4d-695c-4196-b021-70cd85368dbf", "comment": "Malware payload", "value": "1e0d41d0d661babf1e3db809685fccf0f9d9d69ce6fcd4d34eadd2b5fad11e6e2efd04442c82db1b859413b80d29ada3", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910552, "uuid": "e4a2a124-1cf1-43f6-a21e-b61bd81ecf40", "value": "T174B39D203530C472C49B4A7A88A6C722A77AB5613F794FC377840ACDAE257E55B3F342", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910552, "uuid": "85f7e493-a2d8-44f8-8c0a-9acdae981206", "value": "b7f4eeb653532e3745c92fe35699b838", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910552, "uuid": "4ccb9563-6169-478b-901e-aea9b7aa3da2", "value": "1536:8suul/Yqxe4wiSZgB8lJyTTzTrcZ/b1hFu8odcotjfn0SY/SC6p:8sP7x+uLcZ/b1zu8odltjMSrp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910552, "uuid": "3f740270-5e07-4a8c-b87e-cdcacdda940f", "value": 116056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910552, "uuid": "d80ace9b-129d-4dab-8e52-fb616e87bc5f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910552, "uuid": "e371a6ba-2d0a-45bd-8c37-d9014abe815a", "value": "SecuriteInfo.com.Patched.Initx.30200.5573", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77ea4bd8-026b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685837109, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685837109, "uuid": "6be91d3d-c4f3-4e8a-bedf-f70b4b43407d", "comment": "Malware payload (RedLineStealer)", "value": "664a21b73c5ab7077c67eba8af1ff5e9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685837109, "uuid": "59c9565a-e2c7-4d2d-b544-50c06f070fa8", "comment": "Malware payload (RedLineStealer)", "value": "8bc707aff162203fac3e0d5e270707b8e068d9770a13c48ccef61d0ff06687a6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685837109, "uuid": "46f515e2-9c1f-413b-8de1-7d5d4cf4b340", "comment": "Malware payload (RedLineStealer)", "value": "6ebee371dfcda19aeee04aa653bb8a16945c32cb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685837109, "uuid": "fcaf7293-4fd4-4153-8e44-d9e480c6f13b", "comment": "Malware payload (RedLineStealer)", "value": "dea805e23954967bb18cb84373b4fbc9cbb57c4ff9bcb9cb4849da5d42b6c2a5a824c0af7d0ef1d91796933a1505cc89", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685837109, "uuid": "f33da3de-96dd-4cc8-9c99-5b8a898173da", "value": "T15656331BF991D470CA3D4434C2E12BF75078BC5097618CA7E2743E395A35AA1BA3AB73", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685837109, "uuid": "4792d300-c428-4e6e-aef5-f7fbfca36435", "value": "ae9f6a32bb8b03dce37903edbc855ba1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685837109, "uuid": "bfde0f7f-a796-4fec-9bd5-1b0e9c239181", "value": "98304:9KMxc7kwwjOSveWbjOEgyI2HxFhQ4wS7irMx4dpW+RIyOaGOBeuMsg4OXyrxILyu:9ti/wqwvbYCRFhASGwx4dpW+GipMsgzV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685837109, "uuid": "d56192b3-b538-4684-8862-d60e68c3e3c9", "value": 5917884, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685837109, "uuid": "faad3ef6-1799-4af9-8e55-c9c808e0af76", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685837109, "uuid": "b6a63dc2-9f35-4b8e-8c62-2ee74bfe2a94", "value": "HEUR-Trojan-PSW.MSIL.Reline.gen-8bc707aff1622.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f790ebd-0270-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1685839108, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839108, "uuid": "bcfba9d4-290c-433b-84dd-f212dfd30326", "comment": "Malware payload (Stop)", "value": "16e3b11690f4d5e34f01556df4a34d47", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839108, "uuid": "b3a7c321-c8a2-4026-bb20-502ff3af450a", "comment": "Malware payload (Stop)", "value": "8bcf576fd6d74fd51de30459eb0b40ae1e7743fef04034444113c81c44059e92", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839108, "uuid": "9b5aec4e-a267-4939-b030-3560b94e65d6", "comment": "Malware payload (Stop)", "value": "83b39818d9b0931b10141790d4ffd45b0be62d2c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839108, "uuid": "b42199fb-3fc4-4f49-a3fe-cc8416c7615a", "comment": "Malware payload (Stop)", "value": "9f825abbb7f5cd9ca5b3b5d997db9cb3a8d390637d20d2fb1d65dd65de489396cc260877abcc3840facd8b84c5b39411", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839108, "uuid": "7b4c0afe-d44f-4bd4-b3ee-93ad3a9b6229", "value": "T13BF4F11373D36C65E6264B728E2EC1E46B1EFF618F1B36EF12146E1F08721A1C662B51", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839108, "uuid": "7bf04457-601c-4f86-8cb3-8b950e0f0143", "value": "9bbc9ec767e0d044dbe137327e0459fd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839108, "uuid": "b1001f86-af5e-4bce-9b22-b70ad842fe6d", "value": "12288:J5G7IIHTiNCtuZwFIdWyuPeY4FStxeGiUFvdN1YmW8nn1xectRlYFD:J5JaTi4u1dyPltdiUFvdN1oc1xvRSF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685839108, "uuid": "05cb9e69-912b-4696-953b-59ddd040a238", "value": 791040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685839108, "uuid": "bcf8f2bd-b1bb-4d26-904e-7fbd2e947e91", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839108, "uuid": "510621ec-4f30-44cc-b987-d8b3e6454076", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "79b8c0a1-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910556, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910556, "uuid": "fcf1a7bc-adfe-4089-9503-418b6f005686", "comment": "Malware payload", "value": "d2a32f402538f6c4620e5c16a2e1c470", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910556, "uuid": "f8e128bc-ef1f-41a4-8f9c-edd5ef853fe8", "comment": "Malware payload", "value": "911f82f90fd79341fba7783708ed09b30c22c09fce7f56670a7410ef5dc9df06", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910556, "uuid": "63725f3e-404d-4d9e-bc40-01ccbbc4b1d8", "comment": "Malware payload", "value": "2d6e2b8fb37c5836bd140822a2b631ca64fab519", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910556, "uuid": "4c7f6eeb-07e3-44aa-a4a0-864be11ed437", "comment": "Malware payload", "value": "033f7f371d8bba83d1c84835d496f208ecb425f9e99b41933b7cc467fa0be22a940d846e08747296e84a51dae20d48b1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910556, "uuid": "b21a4670-6775-41b1-9aee-035269daa17f", "value": "T1BF828DA9B310C89AC69405365923DABC76303D3A9D291F073AD43B0F3E3275AAC06A56", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910556, "uuid": "956ffb94-60ed-49f1-9187-3e2abd6349a0", "value": "87bed5a7cba00c7e1f4015f1bdae2183", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910556, "uuid": "a5c54846-61f9-4abc-b345-285955c2a200", "value": "384:CLDTs8hsF6qtK8lzQ8+Sych3mYvCPHxSK:CLXVhaTtDE8VfCPHx3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910556, "uuid": "52bf3206-da6d-4104-b1ea-e20a217cfc07", "value": 17982, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910556, "uuid": "4e2f0880-8468-4504-943d-7e91c85d3220", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910556, "uuid": "8497b163-da4e-4267-ae34-721695fef2dc", "value": "SecuriteInfo.com.HEUR.27543.1862", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "207d5ed1-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685904822, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904822, "uuid": "8791aa36-1e30-4aa6-be86-64c08d251219", "comment": "Malware payload (RedLineStealer)", "value": "f8e08514387b7ae5bae8a18c3e14c225", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904822, "uuid": "a7f45b82-d47a-4158-85ff-8f5c6431f79c", "comment": "Malware payload (RedLineStealer)", "value": "9525e8b569b5d1a3d82ce1fff7ea457c286de6e3241e60539ed141d8eff3c53f", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904822, "uuid": "89d76d04-5da2-4a54-bd05-50cd8d50fb9a", "comment": "Malware payload (RedLineStealer)", "value": "ddb2edfda17342bafbe380996289374bdeec2269", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904822, "uuid": "2669253f-9c56-497c-a718-1632269836eb", "comment": "Malware payload (RedLineStealer)", "value": "b1e7b40537bac828da3a1ab93c67c1438509cca5b4ca9b9ae987927c2945f906055067c471863eb0b0fad7b7cb7fa9ae", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904822, "uuid": "5e5a057c-98d8-4146-92cb-e272f2495370", "value": "T140C41213BAE85072EDF61BB018FB52D30B35BDA24D68C7AB3B55745A0D73684A43132B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904822, "uuid": "5dd09316-e975-4caa-8e0b-963de28646f0", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904822, "uuid": "dae1d8b5-064a-49e2-ad0a-8178fd6cb0f2", "value": "12288:yMrKy90/a6oXImvtHL58ku6n1FiOqrMptEy/9KGSM:Uy4aVXIQRU6n1UitEo9iM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685904822, "uuid": "26a4c1a8-92a2-4db2-8654-3938ed090c94", "value": 594432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685904822, "uuid": "1a41b327-5a01-4844-9258-537a2170a8f1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904822, "uuid": "b3e400cf-9ffa-4ade-8a67-871e5f46bd7e", "value": "01398999.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3fbf2690-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685904875, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904875, "uuid": "78d364b8-413e-4ab7-b3e9-2123e53d64fc", "comment": "Malware payload (RedLineStealer)", "value": "d79fe6e67dcf018a8506b6ca58e4d1c2", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904875, "uuid": "1277e556-8b4b-477c-8ef2-69075e7b54e0", "comment": "Malware payload (RedLineStealer)", "value": "9641fb4f77b56c4110bb56faf002b03f021f7acb2b2153ed468f1ab96b5703ed", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904875, "uuid": "3018e08f-da1b-4238-88a6-329abde7625d", "comment": "Malware payload (RedLineStealer)", "value": "30e4be6957f134245b5073bca3dd395cebd33caa", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904875, "uuid": "2c0c1559-4e32-4c05-a0a7-c874e3cd6a44", "comment": "Malware payload (RedLineStealer)", "value": "7dc3e592cc53535ff2b890f56f21c9b1931ff4006b26e8d750f0e50f95498b16e1e3ce1db94d759ae35de7c14d4691b0", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904875, "uuid": "99da807a-f636-48de-ad78-5973bce3a865", "value": "T164C412076ADD9477D9761B7458FA03930B3A7C914D78936B2355A88F0CB33A0E93632B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904875, "uuid": "657c3a21-0de4-4843-8e23-582a2de836d5", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904875, "uuid": "f1432027-f2ae-43dd-b0b7-998516828f29", "value": "12288:xMrwy90AGIvXj9MDG2HYXUkW/fCIRkewx0CqQPGYXnunepM:Ry1X7v2HYXUjnRo4YXnA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685904875, "uuid": "638df7dc-074d-4734-a2a4-e6c1c7297b37", "value": 593920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685904875, "uuid": "efb957a6-1074-4d2b-a2ec-08019882b8fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904875, "uuid": "2fb1c5d4-ccb2-4c53-a03b-5912c515ffbf", "value": "03043699.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "710f0e31-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910541, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910541, "uuid": "9e338a8f-ec35-4e83-be33-a4e6058f7a68", "comment": "Malware payload", "value": "a93cf20984e3a9106e7e1a99cb90c418", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910541, "uuid": "d0a52ef1-a361-4717-8c6c-01126845d4be", "comment": "Malware payload", "value": "9983159fb0c738a0645114c310b48e965554ba64f60b1b37380048a14ee9b9d8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910541, "uuid": "e6886ae5-4602-4e6a-8847-a7307306cd33", "comment": "Malware payload", "value": "545fbb87acf2ef5b20c43bdbb020f9e6feacc194", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910541, "uuid": "94a7bc73-c99a-41b8-97f7-7a85196e6cfc", "comment": "Malware payload", "value": "c48ed0accb0d371a5be109777269645a6151c13d9db9836e8f9b4fca44984cff550eb26209a88ec4eec427d885edeb21", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910541, "uuid": "eddcf7ba-c509-460f-90e9-1f49a8154961", "value": "T12F5374FDBB57D458DAE0FB32A351AF4C4AB630F2A945386A74214EDCB2B9380091D45F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910541, "uuid": "43b4059a-4e2a-4933-9edb-9dc29864b649", "value": "768:jGK53qBYEL3rwWxHoAyqC1PX74l0CiNC3:jX5aD1I1z4Wk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910541, "uuid": "b882bdfc-268b-4846-b918-4c6da0eced80", "value": 61440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910541, "uuid": "d34c9538-2e0c-4f75-8f18-d526d17c62f3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910541, "uuid": "fcd234c1-231f-45e2-8c52-4854e2eb08fb", "value": "SecuriteInfo.com.Variant.Lazy.208379.24477.21111", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c477ae7-026f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (TeamBot)", "timestamp": 1685838861, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838861, "uuid": "30c1a5d1-2b1a-495a-85ec-156fbafac4b8", "comment": "Malware payload (TeamBot)", "value": "04154397593e63629871c43a2809bf26", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838861, "uuid": "3af7c606-44ab-4e8f-b2a9-9d5fd441f5c0", "comment": "Malware payload (TeamBot)", "value": "9abfc9b2147efe1d8e7bda2fe6f981661cc3b461d91913578890ee6df86f8f88", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838861, "uuid": "46bdf650-b9db-4d1e-b12a-25fc3bfa3a68", "comment": "Malware payload (TeamBot)", "value": "591b76e24983bf36480753e0104c0638e92be418", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838861, "uuid": "ae0af15b-b073-4ba8-a71c-cc68df73c66e", "comment": "Malware payload (TeamBot)", "value": "709ebf68a6621c5087f4bbbe4dc8c391b2e1a399d00c8716970644504b1f820ec83593419dfe3d1a9e393d3a5a11ce98", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838861, "uuid": "c879139d-9bb2-49dd-a5fd-6e967f7e53e4", "value": "T16FF4E12367D37C11E9161AB29E2EC2E86A1EFF518F5737DF12146E2F08720A1C672B51", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838861, "uuid": "598a3598-d87f-4b84-ab31-9ec42f79e718", "value": "9bbc9ec767e0d044dbe137327e0459fd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838861, "uuid": "ccd4a794-23fa-41b6-be71-39035c2c1590", "value": "12288:zj++9YWqoZSkW9kLTLABuCH7ouT1PJ+aYxODZ5viyS6yLYZ45j5MHThDvG:zjpYWqocLanYRH7oufBPDZ5MLq4HM1D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685838861, "uuid": "78e47316-6c5d-4eb6-821f-46e8e43f0d99", "value": 790528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685838861, "uuid": "a9bef9ca-8416-4c02-b135-1f6613f27923", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838861, "uuid": "f7c0ee1d-6e6d-4893-9e9a-c12e9d101060", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9269c71f-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Gozi)", "timestamp": 1685910597, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910597, "uuid": "dde749c7-6641-4d65-a820-8fb0c857f78a", "comment": "Malware payload (Gozi)", "value": "e1129f2486fc4920a233d54002e2a45f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910597, "uuid": "772e9483-4afc-43b8-a929-b9793d8e5282", "comment": "Malware payload (Gozi)", "value": "9c8d5a09d9f9634876274d50349dcc617ad7f354aad6e71762e08b089f40fec1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910597, "uuid": "25f03a08-74a4-44a6-8de7-40cc044298c6", "comment": "Malware payload (Gozi)", "value": "84990f7eb25b8cc496af6da002571fc9c233e8a5", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910597, "uuid": "cc503ca4-3eb0-4291-89f8-180a25b49390", "comment": "Malware payload (Gozi)", "value": "81142fe84fea2c8140814258d80479cfb909785f076e73b6b87782a0c8e7948d8af950edf0ed0090b8cdcf2733e363ad", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910597, "uuid": "9afa8493-5cbe-46eb-a434-cec3ef442249", "value": "T1E684F1507106B375E1DB53BD5E28E37A025BCEDC879DA0CE725B9D60471E0A824A3FCA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910597, "uuid": "10b1a205-1a62-475e-b5f1-1cee115fc2e4", "value": "2b4e5969fa84547987f5e0cf94ca707b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910597, "uuid": "cc243a12-2028-4f6f-9ecc-f39e78ecd226", "value": "6144:kjdnRFtAFltU6XbQY0cZAJaHCXeYCrEhMRr+xHBgq4+:wdRXmtpXbQYbZAJY0eYCrB4HBd4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910597, "uuid": "0f3d5edf-8361-4e6e-bbf6-72ee957ae518", "value": 401408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910597, "uuid": "e3e3758c-ae74-4768-b863-b5db67a1ca5f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910597, "uuid": "7b7bf524-57e1-41d7-94fe-4729b1210d39", "value": "9c8d5a09d9f9634876274d50349dcc617ad7f354aad6e71762e08b089f40fec1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f7c21ea5-027f-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685845913, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845913, "uuid": "25d09f27-8307-45ea-b25a-061ae734de92", "comment": "Malware payload", "value": "47ae17d89c2d9b6acdc7458f5df1c6f7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "No Escape Malware", "colour": "#BBE6E1", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "Windows XP", "colour": "#1E176C", "exportable": true, "hide_tag": false }, { "name": "XP", "colour": "#E04FB6", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845913, "uuid": "581f4745-9e63-453a-a9c0-d82b13fb8039", "comment": "Malware payload", "value": "9d346518330eeefbf288aeca7b2b6243bc158415c7fee3f2c19694f0e5f7d51c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "No Escape Malware", "colour": "#BBE6E1", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "Windows XP", "colour": "#1E176C", "exportable": true, "hide_tag": false }, { "name": "XP", "colour": "#E04FB6", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845913, "uuid": "07a16e9c-f3ed-4fd2-aa1c-c4bd40641713", "comment": "Malware payload", "value": "d38c613020cb4616783c8535380e28404f7eaebf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "No Escape Malware", "colour": "#BBE6E1", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "Windows XP", "colour": "#1E176C", "exportable": true, "hide_tag": false }, { "name": "XP", "colour": "#E04FB6", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845913, "uuid": "7a6a82d5-783b-490b-8d36-38ab802cbdc6", "comment": "Malware payload", "value": "372fc42713a47ae0cb94ece8aac85a308542b5224c4716e915bdd0087a3e57eec8bb0349bc89b0ccfa3aca93b90bea67", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "No Escape Malware", "colour": "#BBE6E1", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "Windows XP", "colour": "#1E176C", "exportable": true, "hide_tag": false }, { "name": "XP", "colour": "#E04FB6", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845913, "uuid": "c4799fce-65ec-4305-bbea-a85f93e1cd8a", "value": "T14F747C11BA02C035D66202304E68FF7B81EDBA144F7516DB77E40B5D6F602D27A36B6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845913, "uuid": "475a2810-8e1f-4327-bbd7-f213f7790385", "value": "256e19374d43612e41713f0d2bbf0b44", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845913, "uuid": "b241c051-d53f-4455-ba07-9ace089e6c0d", "value": "6144:DXwT1UV9rYDVgi6dYGXZdisUmYs7kMDOlh/5Zy6vbx3s3ONH:MT1UbrYhYld1+M0+6tc6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685845913, "uuid": "63d9dd79-b4ae-4225-bd8b-44ed859b85e6", "value": 368640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685845913, "uuid": "c80909d1-4ef7-438e-bd05-6d15113fcb26", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845913, "uuid": "85d60eff-4b18-48dc-84b5-63e20c7f6590", "value": "ca3ec998_xp.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72f4cc29-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910544, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910544, "uuid": "a33a80fa-bced-4cde-a3e5-05d30cc31d12", "comment": "Malware payload", "value": "a1515a495f2f2273365d91030d6b0b93", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910544, "uuid": "1b3e452f-1ced-4eb0-8810-9b5e0508605a", "comment": "Malware payload", "value": "a0d1a3afd5afd2dc9240f20a3fef59883156337f6947aceb6ae24ac00049bd27", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910544, "uuid": "d2a6f259-f152-429d-8be8-0df2d3e79c0d", "comment": "Malware payload", "value": "1933cfe5291973cd2eca6e37bbf4ac1e3a928172", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910544, "uuid": "bb039e60-bc84-4357-b6ec-d2272f09977e", "comment": "Malware payload", "value": "2c6cad5a1ccc9b29c470ee8ba8a1b14ecf0c8c68ea6fb1a7bc84a5f6824d24f91e3f187a135545e35d46b75c6d5ef159", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910544, "uuid": "d17a49fd-f3b2-4fda-bc2d-d57b4d4f6831", "value": "T10633AE41A841DEB3D9E18F3190E39F56FA8AE806B3A3D74326137955F7B206B734620D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910544, "uuid": "7925e95b-8231-4562-9c6f-a9424de23c07", "value": "1536:L9go4R94QonuKU+nJp3ggggggggggggBpMBRKVAi:L9go4R94QojU+nJtggggggggggggBCBK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910544, "uuid": "219b5e54-3995-4d92-92bc-3a240eb2f377", "value": 53760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910544, "uuid": "a33f157a-80ed-4550-b884-0aaf02a6a56b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910544, "uuid": "f0f62f59-70cf-4706-bc6a-31a88e98677f", "value": "SecuriteInfo.com.W32.Tibs.P.gen.Eldorado.23518.13038", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6661ceba-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910523, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910523, "uuid": "9c831ece-44c2-4b88-b6ca-478fde54a70f", "comment": "Malware payload", "value": "00ece5c3da845a559557c6b5d9dbc8b9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910523, "uuid": "1b73a232-89e9-41ac-92a8-9c33f6f5fe5b", "comment": "Malware payload", "value": "a14d4f17f520b3cb4a6f0e082a0d057a9dac882c3384c10a9def8f72fea6a605", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910523, "uuid": "952cb5fe-056a-4573-8b3d-72baa3d22f20", "comment": "Malware payload", "value": "bf793285b034ada411641db01ae9464a5f51319f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910523, "uuid": "64839508-bbae-477a-b20b-ef4b242e5fec", "comment": "Malware payload", "value": "6adb39dba532f5f9944344fa7fc1c7db044c9b7f8720148dce750335205d02ebc4a4d4a30f70ae0ac980ccc070bb8348", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910523, "uuid": "2e44491f-5283-4825-9f02-c7d5a3dbd1fd", "value": "T1CA828D55B310CD9AC2D409361923DABCB7203D3A8D245EC73ED4674F3E36729EC06A46", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910523, "uuid": "1524420a-3e3c-42d3-a9b8-d68c75a520b8", "value": "87bed5a7cba00c7e1f4015f1bdae2183", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910523, "uuid": "bb08a8a2-ef2d-4159-b897-d9676600740f", "value": "192:nQx88wO8qU/LDZJpuuU8hsTJ6jPyztWz8lpZ2vlr8l+Sykth3et24Yvm1PHwlBu7:JLDTs8hsF6qtK8lzQ8+Sych3mYvCPHx7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910523, "uuid": "c80a171d-0564-4a81-9dbf-52418e3cc396", "value": 17964, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910523, "uuid": "c40a619c-df9e-4ba7-b077-a15569b02521", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910523, "uuid": "46a72fd5-9bfa-439f-bb93-6ff32c82cfc2", "value": "SecuriteInfo.com.HEUR.15006.31637", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "37cbe9fe-0270-11ee-b3cf-42010a9c0076", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1685839149, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839149, "uuid": "05a9fac3-afd7-4ed7-8bbf-f9849d2bf47d", "comment": "Malware payload (ArkeiStealer)", "value": "c2744b88c411faeb12046d6fadac9311", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839149, "uuid": "0939c8ca-5c6f-437d-a775-62805c88c757", "comment": "Malware payload (ArkeiStealer)", "value": "a26ca054725b5b6ab140e88300e7294925e5357199ac4feadde0f7eeb2f09fe5", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839149, "uuid": "a14999ea-eb4d-4a5f-9f53-f7b56aa8766a", "comment": "Malware payload (ArkeiStealer)", "value": "b17b3a843caeaccde9e71017c923eb764dd0e044", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839149, "uuid": "4cdcf553-e839-4332-af22-9546d8b02ac4", "comment": "Malware payload (ArkeiStealer)", "value": "91c1f54cf4236253f42d5cce0c20864414c13f957dd9a4c315481c9e9815e3bf13849f5dfc1792eb6a1ebd0642f969bf", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839149, "uuid": "b6540c14-3fc1-4f87-8844-104ee455f191", "value": "T161849E1362D37C25E9164EB28E2AC6E46B1EFB918F5777EF12146E2F08711B1C272742", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839149, "uuid": "50a9bc4e-ffcf-4f1e-98c8-f5d0f6e37770", "value": "9bbc9ec767e0d044dbe137327e0459fd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839149, "uuid": "42ae757e-6357-4ce8-9657-4cabfccd843d", "value": "6144:D67QpFhV4Z2wWDZgEJOktovLzXygkMyEhiU15W:DsQp3VblJOEoDzXygkM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685839149, "uuid": "b463c593-c2b1-4840-b5d7-e9416543d360", "value": 384000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685839149, "uuid": "fbcf75b5-b3e5-45cf-871a-27423527c6cf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839149, "uuid": "07a63d85-bae0-417d-a149-3ec898f33c32", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2fc92471-0323-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685916015, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685916015, "uuid": "6b2bcf3c-ccf2-4268-92e9-989a13e439cf", "comment": "Malware payload", "value": "567807ffd4dc5918c342138051a07902", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685916015, "uuid": "7016fc7c-3d5e-405a-ae03-ba62bbe4c7b2", "comment": "Malware payload", "value": "a4ad6bb531bd8268d624f264910b15600f902fd634cef18a500c0f75a25a8042", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685916015, "uuid": "c8d47499-689f-40e2-b4df-6edc1dd319e7", "comment": "Malware payload", "value": "b2e19490673977db2442a10cab691f6bae2a07de", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685916015, "uuid": "58d51d9b-96e4-49b5-bcb8-b13b9c2ad841", "comment": "Malware payload", "value": "e3c16671af6857157d7f34b30f6762f96c96a7b3729c76b5783b3bd9c3d548e1d1489a4ebf398a77d8bfcda0a01bccc0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685916015, "uuid": "319d59da-4233-4ccf-b579-04777968819e", "value": "T1A5C37D50B4C1C871E5B6093118B5BAA24E7DFA704B259FFB2798163E4FB80C09A73D67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685916015, "uuid": "69482ed0-f887-44d6-bb71-e3459e858df5", "value": "0de8407f15a5c7f8e2c8b53b74e5c049", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685916015, "uuid": "08246d35-c798-49ae-8244-cb766ff85348", "value": "3072:j+HVWvWAJhX3OFeOc7l+BoQ/40bMBNeuO9dH3+n:jGVWvWAf3gI+//Ngg16n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685916015, "uuid": "b9dda533-7180-4359-a0e5-d22447f32887", "value": 119296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685916015, "uuid": "4f0b3d8b-fc74-4359-ade0-01c21059dbea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685916015, "uuid": "b66ce136-5612-45fe-811c-e8485a7942cb", "value": "Monoxide-GDI.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6fd13cd3-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910539, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910539, "uuid": "d22d2be5-aad7-4965-8ca2-3e14c00963ff", "comment": "Malware payload", "value": "6badb8c211b7bcae31362cb0453cb869", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910539, "uuid": "457150f5-525f-42cc-8d16-9ffe8131e94e", "comment": "Malware payload", "value": "a6e3faacb7dcd0652f05b363d0b17880c5468024e0195983fb041793a9c5f880", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910539, "uuid": "88148361-8085-4a7f-97c9-e1071c32a527", "comment": "Malware payload", "value": "fb924afa9e0b5b968e02a95cf545afeb56a12257", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910539, "uuid": "977b7164-a936-49df-91fb-b1b0576c2815", "comment": "Malware payload", "value": "1c3a8bed1a93dd55b9471645215f571c89a72e71d81eada93d35144550fe71776943c4e8f8bb5970cf51964278549acd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910539, "uuid": "5e431b51-2c28-4faa-af31-8fc56a106c7c", "value": "T14BD2E282AC70AA8FD3364FF0DA0F8D2E1476157B98B8E6D475234F3DA8507B4665108F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910539, "uuid": "d8c2cfc9-8385-4420-95d6-1057a7854e66", "value": "647b2d25b4821905b4195ff7a6455b54", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910539, "uuid": "d8136687-83e6-4294-9dc0-f4a9ef94cc59", "value": "384:vRKcXQrgpDjJ//SL5DG15GzWQWZHzb1NUwssfloLGgWp2A5A7MKSoCk3e98zhZ6z:jXfjJ//AyggnJoa3pedw8G8wD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910539, "uuid": "a1b98666-3d54-4eef-b166-effd3123ae9d", "value": 30208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910539, "uuid": "25724f83-779d-4efa-beac-2f9240b11067", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910539, "uuid": "90a02ef8-843a-4ff5-8dd7-138aafbee3bf", "value": "SecuriteInfo.com.TScope.Malware-Cryptor.SB.28945.20403", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb5ee0e4-02c6-11ee-b3cf-42010a9c0076", "comment": "Malware payload (DanaBot)", "timestamp": 1685876413, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685876413, "uuid": "6556a13d-360e-4e64-9d89-81be4826f615", "comment": "Malware payload (DanaBot)", "value": "e19fc2c2485093be5db8883bd76c5b1b", "object_relation": "md5", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685876413, "uuid": "029af1e2-6a89-4d4f-acfb-fe381c618398", "comment": "Malware payload (DanaBot)", "value": "a835d0a363da3392795acfd5a23004c04e9014b5eea42bb65c1564803514e62c", "object_relation": "sha256", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685876413, "uuid": "61db1ef6-d02c-48fb-9176-ece6b89f001a", "comment": "Malware payload (DanaBot)", "value": "08108bc08bc7c367784a9690c88fe604c8bddd99", "object_relation": "sha1", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685876413, "uuid": "b948bd5c-b68f-41c3-a196-d47cd866c6cc", "comment": "Malware payload (DanaBot)", "value": "746f8e7c68efd20e1eba37f58955c4319e701f6ec789af54b678070b829dc554f3246fd087ae17b9a005e4e358685c8f", "object_relation": "sha3-384", "Tag": [ { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685876413, "uuid": "f050cc52-9006-4dfd-8d90-fcc942de068c", "value": "T1DD556C33B249A53ED0EB0A3A4527A984443F777177A6CC5F66F448CCCE2D2801B7666B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685876413, "uuid": "76b393c1-2900-46cd-8c0e-52379a7ef29c", "value": "f9e81afd2870aaecd8ace36b2893b1d3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685876413, "uuid": "3763389e-7b86-49d2-8fd9-e2f272823ac4", "value": "24576:V8FG6VuIFaXYLPt2vPUzE29sZK2iGTiaPV:2bL9stTL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685876413, "uuid": "8526b85f-5ef4-4ac9-9b85-a5662b48d844", "value": 1395712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685876413, "uuid": "42d921a1-1dbf-4117-9b88-06223b5158ab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685876413, "uuid": "5b68c349-054e-4dab-8fd7-f927033c621d", "value": "Trojan-Banker.Win32.Danabot.jqm-a835d0a363da3.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7fd53c9-02a4-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685861778, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685861778, "uuid": "e600aaaa-97ab-41ef-a003-899b72f1253a", "comment": "Malware payload", "value": "ad42b92c5bce9c2d2f5697bc3aff099b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685861778, "uuid": "edeacc66-55bd-4077-87fc-2de6d148d3eb", "comment": "Malware payload", "value": "a8b702860e45bcf30d43badf855ba423b677de5becfb211c309b0c69a693f893", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685861778, "uuid": "fb6bd375-fbf1-4507-8268-14e6fd4006ee", "comment": "Malware payload", "value": "bc931868099b97cdab22c7553979f04a73e722c2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685861778, "uuid": "67082b2c-ec64-4b85-969b-ef1270357f43", "comment": "Malware payload", "value": "63f4927cabc273b0585421a993ee436e294409673fcebfecd6a634fd9ed4761a45967f31e36347ff6f7f8a0d4fae79ab", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685861778, "uuid": "6b59410d-c25b-4cd2-9bf8-e4213efc30db", "value": "T1CB54AE00B4D2C072D873153109E4DBB99E3EB9604B669DFF67E40B7E4F34290DA35AA6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685861778, "uuid": "f69fa554-2f78-4c42-b546-d1371cb8863f", "value": "0d79b1b8fc0d9cde0d054faaddd9241e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685861778, "uuid": "2a605e3d-b68b-4f45-b222-1507a3eb5a65", "value": "6144:xZC9jG6WWbGJsF0MrJasvAOrCqtmDJVpjwLZJzSQEDpDCV:xSG6WWbGgtvRNtocLThEDEV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685861778, "uuid": "9c422949-df82-4918-bc66-67502bbb22fb", "value": 292352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685861778, "uuid": "ed0deab0-c5dc-4297-b8db-4959730f5823", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685861778, "uuid": "63adcdcc-31eb-4ff9-9e82-c2066a847562", "value": "LilithHack_shrink.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c4d640b3-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685905098, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905098, "uuid": "d4572363-229f-4179-86e4-ace768b85ff4", "comment": "Malware payload (RedLineStealer)", "value": "810d3263ba0621f1109cfa873b1fd5f0", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905098, "uuid": "2654265e-7e61-4e04-99d7-ab19ad7dbf4c", "comment": "Malware payload (RedLineStealer)", "value": "a9c225ce7015d720d4442b9f6a7a458d8a00a4f4d636e788a8924315591b1422", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905098, "uuid": "fffe310a-9f2a-4ff0-a004-bf70336da3ed", "comment": "Malware payload (RedLineStealer)", "value": "0bf0e8353321185790ef9a77834711c03fb51786", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905098, "uuid": "3dd1a372-f9c4-4f5c-a4bd-e78d4d8e9d5e", "comment": "Malware payload (RedLineStealer)", "value": "dce54c1b739c89acb3976807e99d8ecea1ff283235703d7a22969328c7a0edef03a64f5457f6a0e12d58efa2f17271b1", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905098, "uuid": "46f22b9a-d8f8-4d01-ad8f-adff498ea2b5", "value": "T1E1C41203ABE81573E9F617B164F212C30E39BCA24D38935B2345AE6E1C73694E576327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905098, "uuid": "7395d980-026c-4d29-aecd-7cbf46a4dc90", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905098, "uuid": "ebd83249-2109-4544-9fc1-e532131785a0", "value": "12288:5Mray90YOFVAgyLaH/qIwMdF9BCsudkgvUh6sVzX7n++iQC4:Xy6vaaH/qIwK9AJevVzrn+gC4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685905098, "uuid": "46f36a5c-553d-49dc-aaca-dab4f97012b2", "value": 593920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685905098, "uuid": "c2c8b312-896e-4582-9c5a-d491d4c8702f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905098, "uuid": "07370b86-1284-4d62-8e2e-263cd9633fd8", "value": "09073799.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c5efd28-0280-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685846028, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685846028, "uuid": "d9dd29f3-1159-48db-995b-f0a8e8f6e573", "comment": "Malware payload", "value": "34de9725e232ba82275bb0dcf9282e16", "object_relation": "md5", "Tag": [ { "name": "ESXi", "colour": "#F3CB71", "exportable": true, "hide_tag": false }, { "name": "linux", "colour": "#27A4F0", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "shell", "colour": "#705F77", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685846028, "uuid": "7f313afa-86bd-4a22-80f1-f7ba2454c1d4", "comment": "Malware payload", "value": "aa5a487db37ce176e17c7abbb2b1d460ba926344e46737f2f64b65bf5a4a3e58", "object_relation": "sha256", "Tag": [ { "name": "ESXi", "colour": "#F3CB71", "exportable": true, "hide_tag": false }, { "name": "linux", "colour": "#27A4F0", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "shell", "colour": "#705F77", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685846028, "uuid": "db6870f1-a29a-4140-a773-8f0172966494", "comment": "Malware payload", "value": "b17403e7dcb992ba8d2b56dd843406264d3910e5", "object_relation": "sha1", "Tag": [ { "name": "ESXi", "colour": "#F3CB71", "exportable": true, "hide_tag": false }, { "name": "linux", "colour": "#27A4F0", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "shell", "colour": "#705F77", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685846028, "uuid": "085db6d3-c8d8-4273-beb2-92adab51f282", "comment": "Malware payload", "value": "6e1115404951a224d54c4ea3fec81523092cb2212324f249ba53a316186c6208df33fff1aa9cc030a977cd0bc5562daf", "object_relation": "sha3-384", "Tag": [ { "name": "ESXi", "colour": "#F3CB71", "exportable": true, "hide_tag": false }, { "name": "linux", "colour": "#27A4F0", "exportable": true, "hide_tag": false }, { "name": "No Escape", "colour": "#67B3C8", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "shell", "colour": "#705F77", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685846028, "uuid": "d6159d1f-7a62-4937-9543-b57d201ca2c8", "value": "T1508134CBF415EDB0788841386BE1BE1C6C47519E2C156A1BB9CB9238F4DCB6B745C40D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685846028, "uuid": "75167435-dfdf-4437-bfb6-1e3755cbdd91", "value": "48:ORO8vvDX8oAaNR4VrHEoR7iYphIpzW1eY1Q1a181j1o1E1S1Q1AL1h1VAz07h75n:Odr9v4VziYphIpzW1Z91EFaiIFL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685846028, "uuid": "2b4a1a5b-4dd4-4e0f-a0e6-4b7d15176af8", "value": 4096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685846028, "uuid": "8dae68e0-2fa3-498e-806b-8187f41deb96", "value": "text/x-shellscript", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685846028, "uuid": "79e9c75c-397d-457d-900d-c1030a1d4138", "value": "script_esxi.sh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ddd90a9-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685904899, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904899, "uuid": "7a2a5d33-1d4a-444d-a85f-df4d2a34f6ce", "comment": "Malware payload (RedLineStealer)", "value": "d8fc6def7413e81c32413cf5b562143c", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904899, "uuid": "5905be9c-2083-40e8-8806-507b27b1a0e8", "comment": "Malware payload (RedLineStealer)", "value": "ac854085087b61fb34ede24c3ca27bb10668f3db91377efa125bdf769d4f0e05", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904899, "uuid": "fadb1e3e-e714-45b0-ac65-8b74cd46da7a", "comment": "Malware payload (RedLineStealer)", "value": "81bf64d2c27d8c7ebce9bb807eef92ecdc5d6376", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904899, "uuid": "078946bb-773c-4501-a7e3-2802be98e592", "comment": "Malware payload (RedLineStealer)", "value": "5b39b1221ddde17643b16726e0b25e0fdf25ed639387f72100e570cd0315f21b0f21cc6c4cf5c8b619de92c9beb140f8", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904899, "uuid": "8f0d46d9-99f8-467f-a6e2-3b0894a16b7d", "value": "T1E8C41202B6E89033D5B213B058FA03F317357DA21E7D975B23A6D8590CB26E4683277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904899, "uuid": "c612bad0-c6b9-4e42-8f66-4e04b6255247", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904899, "uuid": "4c9bdc34-904d-400f-b624-6a5c25593199", "value": "12288:/Mr4y904puSVZD/JJpHNMGpvg6qtkMQjcOLQmLu:vyxpTV/dt1oVsjcGQmLu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685904899, "uuid": "537bd869-dd91-4936-a99b-83454b09493d", "value": 594432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685904899, "uuid": "eec4dc81-1957-474c-8e02-924a730d540a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904899, "uuid": "d1bed8c4-fd7d-4aaf-8349-9382ee976721", "value": "04080799.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be5d75f6-026f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1685838945, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838945, "uuid": "d7492a49-0cf4-403c-ba0b-9d4f9d1b8dab", "comment": "Malware payload (Stop)", "value": "62306f785eef4d8c33b4afd2c2f8b23d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838945, "uuid": "2e88d83c-b691-4d93-b1bc-e912d6fba583", "comment": "Malware payload (Stop)", "value": "ac87fab7abdecf6db9fec0c005ef7de1490c2a2ec15e887787ee093db0b4ac56", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838945, "uuid": "2954fced-4145-4a57-8692-6b258a235daf", "comment": "Malware payload (Stop)", "value": "a7e6f71eecdbfbeacce3d5d92164e443dbaa25f6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838945, "uuid": "b445ef8d-a2c7-4538-a23d-9c579aba22e0", "comment": "Malware payload (Stop)", "value": "ec778c4e79defdf11fdd3abb03ec16c4d59c59f43fa0c2a4b03b0a9c7ec4cea49938754941f302d739585938cc65874a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838945, "uuid": "4e02bc9e-a1ba-4cea-a138-9db9a73696b5", "value": "T1F6F4E113A2D37C61E5165AB28E2E82E46A1DFFA18F5737DF23146E1F04721E1C672B42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838945, "uuid": "359439a7-2839-4d02-96d4-b2e2ad1d3ed6", "value": "9bbc9ec767e0d044dbe137327e0459fd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838945, "uuid": "1fbe1af7-4224-4128-82a7-6d4d295863ae", "value": "12288:wdfVY349jM7auTjDz7XiO9kIuFUs4zeq27sSyYS+HLJ8tRFvSLhPn+Jc3BsrrbkA:wd+46Nv7XxkIRrSyILaFY5n4mBsfb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685838945, "uuid": "f9bd9e69-4874-4894-a133-2e9bfd43fb1e", "value": 790528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685838945, "uuid": "dcbea756-6e35-4a09-bf68-c324ceba1940", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838945, "uuid": "b333f9bd-c3bd-4b11-9a9b-dac1c73c93d4", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6800120d-027e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685845242, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845242, "uuid": "641391a5-c6a2-4d00-897d-5495f862d5ec", "comment": "Malware payload (RedLineStealer)", "value": "84b1e8daa1a39cfadf16efe89e8635fc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845242, "uuid": "c774e6de-cba7-42db-89a2-76efa6832704", "comment": "Malware payload (RedLineStealer)", "value": "b2726e5ca32f1905ea256f25a70c3c7896b373168365f33d43c38482da54513c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845242, "uuid": "bfd54959-2a67-4b2d-be98-4cfabcb5e9de", "comment": "Malware payload (RedLineStealer)", "value": "13e62beb9cbe975e5d26fb2ecdb5a6c59b92286d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685845242, "uuid": "92ca0ece-7510-425a-949e-fb3975780cb0", "comment": "Malware payload (RedLineStealer)", "value": "b2e5ce40599ce0065cbd5a7f1f01dd3f7ad9e2c7c2bdd9da269848229cc602b53c0af1fc10613168ab52684f52f1e71f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845242, "uuid": "026d7919-edf7-4f4a-b2b0-7d4aa70c711f", "value": "T13F54E0103181D436EA5328728AAAC5F69A6EFC750F356ACB3FC45A3D4F253E1D634386", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845242, "uuid": "ecfc7fe7-06fd-4c11-a38d-662fe9cef138", "value": "562d80e80506d670bb0daaf0cbeebb79", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845242, "uuid": "cf15386e-ed0c-4ea1-bd69-547f972fc649", "value": "6144:Dt03sTPjxkeq15roZyl2yAeThDMYJgy0SxZZpW1M+x:W3sTPNkeervl2t6VJR1ZANx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685845242, "uuid": "93eb2307-b78d-461c-a417-3fc5db37df79", "value": 279480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685845242, "uuid": "218ab61d-985b-487c-96db-c4b222426f53", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685845242, "uuid": "8e0ccc73-b146-4f69-9297-c6421f92ecaf", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b42299f-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910531, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910531, "uuid": "7aa70bf1-d3a2-470f-94b6-7189b121a857", "comment": "Malware payload", "value": "4231f4fa5bcbb5abdc00f71fb55d2280", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910531, "uuid": "9c47c58a-355f-4edd-aebe-a96c75f66900", "comment": "Malware payload", "value": "b850ea240a88a29971b5b5c3d216b7dbab5b7ca66d9f74e35a2e88e2fe9740b2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910531, "uuid": "962a60c9-1a08-4da3-b13a-ca69231b5373", "comment": "Malware payload", "value": "a13d1611a387f9be5fa1f17c6caf95dc264c8b3b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910531, "uuid": "1f835e58-aa35-4bbd-bf49-7b4e4780974d", "comment": "Malware payload", "value": "8cd9f359b2d6aa6655a032f3ec4055e214d7c919bff70a71e1545096bc97e6a8e5ea7d3c1fe5c01005d43b8d08a240f7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910531, "uuid": "ad545c01-c3a0-4b4a-94ca-96bf232eee5b", "value": "T1DFD4234FF3B4E5F1C9E20A740783F9314637351A395823176EAEEC0568B60D6B8EA253", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910531, "uuid": "78eeecf1-653c-4a84-8a55-0e5aa12a1ba0", "value": "854176ecb3521b6409125ea1e6cbc34b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910531, "uuid": "07e87311-d579-40b6-a18f-2eb04b19d30d", "value": "12288:kkqKmWGfcdSasxHz9Ef6OF+HZRTKMvO1f5aTsE1xkw8BT0RSWPyL16wvO:3q0Gr9IfvFKKMuxaTtFc0RSYEDG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910531, "uuid": "6144e0b9-123e-40cb-8774-38b53756e8ab", "value": 627779, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910531, "uuid": "ebf17161-b6a1-4be3-b2e1-b11cad01fa56", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910531, "uuid": "62e792da-c5e6-45d2-b1f0-582e6320ebce", "value": "SecuriteInfo.com.Riskware.f15000051.19454.28194", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6defbc8e-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910536, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910536, "uuid": "c47c57c5-17e7-4bb2-86b9-760588431d30", "comment": "Malware payload", "value": "6550b22c94a85cfb582fdaa6a3ceabe8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910536, "uuid": "aaedd66a-a3f6-47a2-8191-5f17a6f1731d", "comment": "Malware payload", "value": "b9125a14c9b33e6fbf8a60ff509a8771060a5174f07f1ca6412ea1c8ae531636", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910536, "uuid": "fb6cc9d7-1197-4053-8d98-70b928f04163", "comment": "Malware payload", "value": "d37893a4df32892a3ad4374833139b684a88f87b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910536, "uuid": "4de51dc6-50dc-41fd-ba18-3a273a526b7e", "comment": "Malware payload", "value": "b0ecec6060a71553e815a79c855646bcbd9f30f577d7c311604424b919cd1e3ffb0f445a55c557591b65e615fce421f1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910536, "uuid": "b4012eee-d9de-4ec7-b1eb-6125169eb5a0", "value": "T1A6739CDACE3EC502CFC18B3898D30621522BA706454D4B3A6B1554E976BE4F7D0BFB86", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910536, "uuid": "1c0393f9-7847-4184-ab3d-75c226daff96", "value": "1536:FhGuLUdAU2XG+BFogtOSe1XPNEZecKWNU:FhrUdAKhuSWN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910536, "uuid": "e632ef0c-d799-4826-9398-8840f72d0375", "value": 77824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910536, "uuid": "e7368cd6-f4a0-42b9-8227-8eae9f33e479", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910536, "uuid": "3ac38626-28cd-4bed-9699-890501c1f56f", "value": "SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen.9301.31307", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "63365867-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685904934, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904934, "uuid": "68709877-c8bf-4700-95e4-f17486fd7053", "comment": "Malware payload (RedLineStealer)", "value": "a19b0293893a1bf9ae8c8c5bea19b189", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904934, "uuid": "1300fd80-0348-4e7d-9b36-14926b646266", "comment": "Malware payload (RedLineStealer)", "value": "bf74919388072de003ec0109e0aa52c13d691ba722335e5a369febaff8378b8f", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904934, "uuid": "50dcf0d0-f5a4-4507-a358-b1fe880a736a", "comment": "Malware payload (RedLineStealer)", "value": "421c682f3c7145522f73c4e03940c53634a1f048", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904934, "uuid": "cd60d67d-ee30-45dd-b008-0af774d7710e", "comment": "Malware payload (RedLineStealer)", "value": "a0dbee94709ac228bf2a44b75e28919b102dcbeb6ec8dc6050fcf4975b882a01eba151b9ad9a8f99532dad75e5519921", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904934, "uuid": "216f5a57-b8b6-4375-9d5c-5c26a4eec0b3", "value": "T164C41226ABF89072ECB50BB018F703971F31BC91517883AB6352A98E5D722C1B535737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904934, "uuid": "3786c63a-a77d-4ec0-9fcf-7cde5c7839f4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904934, "uuid": "87486b13-3d39-41df-8a2d-425f3340bbe6", "value": "12288:AMrTy90n5sg52Pulm5EJwqGZIZA5YToli5Jb69q+:jyEj8mJ1GZIZdoli5l60+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685904934, "uuid": "68b9bdc4-a532-44a5-b778-56447cddbe18", "value": 593920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685904934, "uuid": "3d704c57-ad2b-41c6-ac7f-22162912dbc7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904934, "uuid": "d87537b6-c131-4bb9-84f8-58ef7a228832", "value": "04523199.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2573899a-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685904831, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904831, "uuid": "f0abda00-dd14-4b6d-8cda-c17b371ebc48", "comment": "Malware payload (RedLineStealer)", "value": "a85b45743d54e7f1a0f281c4a446c5f1", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904831, "uuid": "aa65c32d-16d4-43d5-944d-2904eafae803", "comment": "Malware payload (RedLineStealer)", "value": "bfdf2ff72fc38bd7cd4a31f63c9303428eddf931dd83f73e9ae35a29f1510027", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904831, "uuid": "2b407644-0bb4-49c3-86d4-1e75edf15af8", "comment": "Malware payload (RedLineStealer)", "value": "5248f066566c11dba274fe13f4bcee60f110074f", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904831, "uuid": "679b92d8-01cf-4924-87c6-26f1aea801aa", "comment": "Malware payload (RedLineStealer)", "value": "42bf93e48cd6775cfac7071c170692eaf2efa9bcfce8f2294bba25cc568f6969ecc1e5d7cafe8a89872b49fc1d759b7f", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904831, "uuid": "e4f54c14-dbb5-4055-88f9-be59eb6942bd", "value": "T15DC41252E7E88473ECF527B058FB13C31636BC625C29836A6386A95A1C73584F97133B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904831, "uuid": "be79e8ed-45ea-4556-98c3-cb9eab299fda", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904831, "uuid": "cce5f2b0-83cd-4065-9080-16b12b41dbec", "value": "12288:vMr5y90YssQIUeSoEuZrHc3YNpqBQKtZj1tIhNEslLiGeL/A9:Cy5HfSVYvq3jM5iv/A9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685904831, "uuid": "bce1abb6-9151-4a22-bbcf-b6e09051dc07", "value": 594432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685904831, "uuid": "81bb78f9-2023-4824-b804-967cf4effcb5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904831, "uuid": "8fe97480-f686-4e77-ae0b-9bc35eae674f", "value": "01593299.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "678b7d6d-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910525, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910525, "uuid": "55a04c1a-2f3e-4214-aec7-b4138282e86b", "comment": "Malware payload", "value": "66888f282da5cbefb884cbea1b63e3d1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910525, "uuid": "77f2b36b-c226-41af-9779-dcc4dcefebac", "comment": "Malware payload", "value": "c0362d85d4d87ceeb7c792d8a1e332d2d4a7667e8c398d6f62b14348ad97a30f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910525, "uuid": "2ab1a8e4-ec6c-43ea-bf1b-6ca406c5e7f1", "comment": "Malware payload", "value": "569ebdfdb44bfca5db138cfa52121be2220bf23f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910525, "uuid": "0674d552-1ccd-4ccb-95b3-1d0c40873e2b", "comment": "Malware payload", "value": "69420e655e82edf8cd7cdb7e6ef8e8af7d9c2e9ddb511491f24d6d0d9a1b0f462255d523271a9576841054d595e34a3d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910525, "uuid": "5fcde216-6b4b-49a0-84ed-aa891aefe4d3", "value": "T118F1090AB739A1DEC15A1232489B7D34A631EC0206DAFB0B5D719DEF6D724C0325AC8F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910525, "uuid": "8a88c09a-d6fb-47ff-8a43-c54ecd598efb", "value": "87bed5a7cba00c7e1f4015f1bdae2183", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910525, "uuid": "ac06cbf9-68cf-48e9-81ce-79e092d029ca", "value": "192:Px8g93j5FGblGRvdARWHISzNhAF83zA+8FSeV5lVxDT:D31FGblGRvdARWHISzTDerljT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910525, "uuid": "641c0a5c-8279-44ec-b041-308586894fd8", "value": 7855, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910525, "uuid": "d4939930-7e80-4f2e-8f47-334a6fef73b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910525, "uuid": "ab27120e-362e-494b-aa60-deb7deb26123", "value": "SecuriteInfo.com.HEUR.28192.32525", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6bb4ffca-026e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1685838377, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838377, "uuid": "372dd98f-5d7f-4457-9db9-1bbbe3cd8c23", "comment": "Malware payload (Stop)", "value": "fc573931de5bc1a3b8fd58ec0c2f6b57", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838377, "uuid": "d8800deb-7bf0-4b29-a524-7c4ee6a754c8", "comment": "Malware payload (Stop)", "value": "c402ab915a89ed76f00e7d86dd1fa1aa6ca69b7ca34344995c7ce3a1b51b7b25", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838377, "uuid": "80b44650-3c61-4b60-a8f8-29e8b8731593", "comment": "Malware payload (Stop)", "value": "1295fde3ea7bd272c63ee4e0b9d229de48eb2166", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838377, "uuid": "dcf89527-e7b7-4281-b432-b7d75841dc55", "comment": "Malware payload (Stop)", "value": "dd18b692f76d07e3dc279a3ad8e21f867485ca2e5d5a5ca6f8748f8185df24aa2188c5d7f01dfa30376165ebf030ebb0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838377, "uuid": "6c39bf91-76ad-4e8e-871c-a16b308ad448", "value": "T1D505E01262E37F74E5174A728E1E82E87A1EFB918F173BAF12176E5F04B11B1C162781", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838377, "uuid": "1f9db627-b15a-413b-b5a1-67a02c7a9ca0", "value": "08b56125ba7e99bd17ba88b830247aad", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838377, "uuid": "ae12e3e2-cc4c-44af-8622-1844454c5a74", "value": "12288:xlvmOdMTGkLd+7kH0s7/V5Nh4nBY80PyZMKpSHPdLQAWwlHYh6kQzxpR:xlPdCLdIkUsR5NSnq8ZMqc3HYoT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685838377, "uuid": "ec284ce4-3cb8-407c-b5d3-efb86b6f8725", "value": 818176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685838377, "uuid": "f8fd15ab-cea0-4c87-b367-76641dd9d3af", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838377, "uuid": "5b2455dc-ce94-471e-9eb5-033232c66a27", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a706668-027b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1685843824, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685843824, "uuid": "7cc4c863-eb85-4c21-8877-8517abe41908", "comment": "Malware payload (Amadey)", "value": "0e9174e9f3b52a4c5820c9c67466cf53", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685843824, "uuid": "70db9365-a561-4c93-a91c-d4e9e703ce03", "comment": "Malware payload (Amadey)", "value": "c4400514befd38c4870a6adba9e55b862bb249d791fae3cc6aae2666bacf0f04", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685843824, "uuid": "bedc6bf6-be34-4cf7-b102-53ea732922c3", "comment": "Malware payload (Amadey)", "value": "dc66222a7629b50743942d117b327daab27fe756", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685843824, "uuid": "b348e168-a225-4e01-b1d9-99ac5f09122b", "comment": "Malware payload (Amadey)", "value": "a8a9795b14c1df0025ff2ec89e34d301aa549eddd4b5309d7aed90b09e9bc3dfd14206c8acdf00f446df0fbc6b8e49cd", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685843824, "uuid": "610ef0b9-4c38-403f-a67f-513512f1def9", "value": "T18305221BA3DC4437DCB417B058F502E70A3ABCB68A385BBB22855D4A1DB22C056B577F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685843824, "uuid": "e55fac35-5201-426b-9476-af2b0e9a5469", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685843824, "uuid": "edf0cdb4-8fcb-410c-a4d7-71d4f841b2b5", "value": "12288:JMrTy90JN01dSHPrWEnVepXkOQoZbTWJ5ZEmvYqecBWj7FSm64A8sJySlEv:iyQN0z4PrW6M2eY5ZRohFH48FTv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685843824, "uuid": "a569b852-0f1a-4997-93cc-ed8500f2f0ac", "value": 796160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685843824, "uuid": "7543a2cd-ae47-474e-81cc-9eca1092a429", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685843824, "uuid": "f076fb42-e4a0-45c6-98e3-a1119da84913", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6816acce-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685904943, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904943, "uuid": "f6d0f5ca-71a8-4cff-a647-e5338a8ee86c", "comment": "Malware payload (RedLineStealer)", "value": "bc4b570df0d9df5c62c327bc3c306828", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904943, "uuid": "4f82532a-3cd0-4c66-89ab-9b9bea3f422e", "comment": "Malware payload (RedLineStealer)", "value": "c47365af2b67ea507a090894f5c199eec789f11c00aa02f5d309c4c200c88f31", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904943, "uuid": "8ead08c6-3ba7-42f6-ba91-70079b5f9d80", "comment": "Malware payload (RedLineStealer)", "value": "82b3c3de673b8c4029c3a14133d1240bedb98380", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904943, "uuid": "916e2e25-1a67-4fd2-8532-420bda9401aa", "comment": "Malware payload (RedLineStealer)", "value": "d3fe2b3750c8ec54a746c361fbbc0527ac690ce02f6ec95d8981c93c573001dab3ceeca9d8735234c2a8a32c3ffaf783", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904943, "uuid": "f9bdb187-35c1-4bcb-a368-b58928f266d1", "value": "T164C41211E6E94432D8711FB054F752C31E3ABEA25D39538E768A6C0E0C728C9B935B7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904943, "uuid": "1242d6c2-3449-400f-98b0-9369d8ad1ddf", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904943, "uuid": "1e9a97a1-781f-4091-8c9e-a5066dbe9ef2", "value": "12288:9MrKy90Zx0Bwh/gsYm/mPzV8xb48oBhdLbSolb5:/yi0BmxWR8xkPL2oF5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685904943, "uuid": "2b57caa8-5c6c-4640-8388-d632d8b4c17f", "value": 593920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685904943, "uuid": "6d8e20ad-0ee4-47a5-a356-bfad0898d7b5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904943, "uuid": "092ac34d-9847-4f75-b90e-443ff6d2a101", "value": "04571599.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7042a3d-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685905129, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905129, "uuid": "efb64421-e2dc-4b68-907f-ab51c73609d2", "comment": "Malware payload", "value": "a44567807c599e2870f9d19ba730c24c", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905129, "uuid": "955d0c5b-cf70-4212-bbde-d5f7559ec91f", "comment": "Malware payload", "value": "c5a8d98ae1a24a3f165719ac08c1d2dfaf47a3dd82821dc8d27a75513c6371de", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905129, "uuid": "66be3e20-40a2-41ec-bf53-0c50374f50d3", "comment": "Malware payload", "value": "86cff5860099d70e22bb62272724a8608270a6a7", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685905129, "uuid": "984133b1-67b9-442e-b224-41496a9dda59", "comment": "Malware payload", "value": "bdc99fee0f02544ca017eeab59ed8dea1bf78efd8f41bf1c3e421fae9e9e52754911455e9e45d4ffb81ff396712277e1", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905129, "uuid": "b90d4318-468c-4eb8-8f66-30c447f977df", "value": "T106C41303EAE85073E8B02BF06CF607970A36BD62997453BB3784651A0D73B58B53176B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905129, "uuid": "6c93c377-459d-47a5-a5f7-ce8d767f8a64", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905129, "uuid": "72e88443-88b0-4053-aabf-6f5255331954", "value": "12288:EMrWy90M34iareydz3GocenwEa1WW0wQJQMX9tl49XAOv:yy14iaC+zBcenw90w0n989fv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685905129, "uuid": "fb730dd6-2210-4caa-92bc-82a1d01c6ce4", "value": 594944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685905129, "uuid": "59834f9b-8cec-4f57-ae99-921481e1e84d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685905129, "uuid": "9ea67cb8-e718-4977-9f67-5b201edf9f99", "value": "09463899.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a206c41-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685904865, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904865, "uuid": "12d228c1-097b-4bbf-acd1-d5aa7b5070d6", "comment": "Malware payload (RedLineStealer)", "value": "b8a552548110bda4128f4898a2d91880", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904865, "uuid": "523e2833-a04d-4050-8283-d731a29a5680", "comment": "Malware payload (RedLineStealer)", "value": "c5c0d8259b0179d3893845ee37f6cf226e7b5f5e0f86d89c25f67f25c5111f5d", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904865, "uuid": "be78ad78-891e-4935-a037-b2d76fa9d111", "comment": "Malware payload (RedLineStealer)", "value": "f3157dcedfc0225ee4fd27d89aceb38f5755c17e", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904865, "uuid": "e40a797b-9958-4a15-ac05-c8ad7d8dacea", "comment": "Malware payload (RedLineStealer)", "value": "0d16e066cb07bff3b3f534ad391a78238947494a812092016faa219729592eb86eb943cf939b98c6b24268ac2cac9d2f", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904865, "uuid": "e3a5c229-0cf5-4cac-b9f3-ea300d07448e", "value": "T169C41203F7ED8432D9F5277028FA13D30B3ABCA149B447672659BC5A19B3A40E53672B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904865, "uuid": "4a1f34a2-4d7a-4177-815c-35fe3926f803", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904865, "uuid": "06fdcfb8-9cc3-4f06-9920-7b52192ccad4", "value": "12288:fMr3y90FMHuYwinCm9AWt7GJLNE789d1CvM:4yHfjCmGU7YLNTCM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685904865, "uuid": "c4a7742e-59fd-455c-b3d5-ffa85bc7eeec", "value": 593920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685904865, "uuid": "a9f017dc-a2e3-4118-a1f6-48b69c2dd784", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904865, "uuid": "57a4a23e-351f-482f-b6e9-637a6f188533", "value": "02823199.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "52b2f885-026e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1685838335, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838335, "uuid": "9fe1348a-09da-478b-bb83-76f91040dffa", "comment": "Malware payload (ArkeiStealer)", "value": "7c69825f3dbba41df448d37d03c0d634", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838335, "uuid": "70c65e00-dbc9-4a33-9b4b-e7f9f2f5e9b0", "comment": "Malware payload (ArkeiStealer)", "value": "c819bff14d4cff52015cde3b51d09c43515d6cadb4db674ed45cd26d43b1b5b1", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838335, "uuid": "6e2c3660-f4a8-463d-b1cf-9aa6830c4520", "comment": "Malware payload (ArkeiStealer)", "value": "fda7d8b2874402978f99113c76bfb2328cdf9786", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838335, "uuid": "0e8d782b-733c-45dd-9c6d-ba61abbe658f", "comment": "Malware payload (ArkeiStealer)", "value": "9c6631e5ca5cae23b312c072035203656e92734f53e564679291de464a832daf84edf8d305d34c6342bae332310733d3", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838335, "uuid": "e2fbd4a6-468f-40e6-be8c-8485ca5256a7", "value": "T181948E1362E3BC65E5154A728E1EC6E8BA1EFB918F0B37BB1E046E2F05711B1C172B51", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838335, "uuid": "28ea8c5a-32f6-4f51-9d97-521122ff2e19", "value": "08b56125ba7e99bd17ba88b830247aad", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838335, "uuid": "0b8bd8c6-0ff4-4b05-836e-431fabd22aa9", "value": "6144:K1Lph14+/YRS3QBPiKd2KkQKYX/pRySQsIa037c77yNVtixKq:K514x41Kd2KkQd/rTvIa0r4OF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685838335, "uuid": "5bcb1f9c-5507-434c-986c-0cb4fb16c9b9", "value": 410112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685838335, "uuid": "d70f14c9-4d39-45f7-a438-14523f5f9714", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838335, "uuid": "162324c1-70f4-42ca-9df6-b1bee1dd18dc", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44409979-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685904882, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904882, "uuid": "8b7e6df3-7f4c-487a-8231-d4f17d6bc8e8", "comment": "Malware payload (RedLineStealer)", "value": "ae0b9d82aa0782c3d26611a9ff103e7a", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904882, "uuid": "6c1d46c9-3aa4-4107-b26c-4f29af59d890", "comment": "Malware payload (RedLineStealer)", "value": "cce1cc7e752c3964d0707e98064f7b5609a4ea01ba272db43024fe71d7133c38", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904882, "uuid": "ddbf107f-2ef9-4ea9-893f-2ba93316a168", "comment": "Malware payload (RedLineStealer)", "value": "a27972280ac7bb4c04104e7f0831d7150f2ef544", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904882, "uuid": "5f986d58-589f-4d7a-8798-105ba9a769ea", "comment": "Malware payload (RedLineStealer)", "value": "dd08c61a65b2e40f12458096794b349a823777afb753911cfdc8f51f5b6f1e86d85aa88b5213f385ac3c51256b9653cb", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904882, "uuid": "ff05de9f-a56c-44f6-821c-d16a1445dee4", "value": "T10BC41227AAD99073D9B427708CF707970B35BCE05D78836B2785959B0E72AC0A43277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904882, "uuid": "6e048a5a-3b31-4b44-933e-3c869171f926", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904882, "uuid": "3061d2c9-203b-42b8-b2c0-85eb61bf74ed", "value": "12288:eMr0y90yMBlDMGV9UIVJXj4srftGKl68EdEmYcFrvdVl/7WmG3QSyF3:myKBrr1GKl68EMMrv7l/tSE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685904882, "uuid": "aeb85b6f-aeca-4003-bdd5-068476e31a3f", "value": 594432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685904882, "uuid": "b5e0148e-5d7b-4f77-8235-2044c48b876c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904882, "uuid": "7c1aac0c-e590-4f8d-b32f-d1b5dc5be7f8", "value": "03106799.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77f4bb7f-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910553, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910553, "uuid": "d2c5c569-5332-42c3-abf0-c292f318d11d", "comment": "Malware payload", "value": "39789c5f20097d7d3692997866024698", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910553, "uuid": "c04fba9d-3276-4e73-82f7-aeb065105873", "comment": "Malware payload", "value": "cd56b2133d2112ff9297a9cc246730a04344c6ca12501b75cdc834505f2652a9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910553, "uuid": "7a11d0cf-0a57-403a-b3bf-ea5437711296", "comment": "Malware payload", "value": "5b8c34c4ee94f312386e354df5bd35a491c4154d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910553, "uuid": "05d881b0-05b9-4755-834f-a2c551b28f89", "comment": "Malware payload", "value": "24881a45801b51ade7ac877cb615651c372a93963b10b651ed31eae1cd872c1b184438e03a6e94caab0b5cfc625b2651", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910553, "uuid": "efc2955b-9957-4f5b-8ae6-78ef8d425527", "value": "T107A37E02B99F65B6C88801B560BF87401B21CCEA5969D7E99D003672BDBC3E15F1EFD8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910553, "uuid": "8570baf9-6eee-49d5-b526-762eab7a154f", "value": "d6eabf75116abebe22b57407cb240951", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910553, "uuid": "ba7b0465-00db-46f7-b897-420b9a375342", "value": "1536:FUXAVD0WHoPcCUKKPKrmvAkWQ2vPYMnGgrp:FQAVD/oP+KKPKix2Y7grp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910553, "uuid": "2f979c06-92c5-4eec-b310-0d49eeacd940", "value": 98304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910553, "uuid": "e857fe91-6448-4ce6-aaf8-7f9e1102e707", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910553, "uuid": "b7b37497-78cf-4cc8-84ae-547f4b7ac702", "value": "SecuriteInfo.com.CRCK_PATCH.13285.30906", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a66e294-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685904839, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904839, "uuid": "ebe4f379-c2a1-45cc-880c-3c6bb14028ce", "comment": "Malware payload (RedLineStealer)", "value": "df725cc5affb15844d8f7ec66fb4b515", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904839, "uuid": "2bd5919c-c97f-4c1e-bc89-8c9fbedf5813", "comment": "Malware payload (RedLineStealer)", "value": "cf876c9186eb271b9a2384302f4ae2c58f42b32aec870399cd80de473434c5d6", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904839, "uuid": "3144317d-1b65-497c-871e-12d6c4fb2125", "comment": "Malware payload (RedLineStealer)", "value": "27917c84aa928ec2fc4ad1949e93e9aceaaaa831", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904839, "uuid": "b981fc61-62ea-4584-b259-55801bdb0651", "comment": "Malware payload (RedLineStealer)", "value": "a06e9ee2cfcb8c45855e52e02b240ad949ceecebb0400ffcff33655b12dffa5214d18d6abd5be6b0722c556cdd772dee", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904839, "uuid": "d723ab89-7118-4f91-aad6-dc06aa610c4e", "value": "T194C41217A6D44033D9F427B09CBB03836A35FDA58678839727C9AD591CB2AD4EC31B27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904839, "uuid": "da7968c9-cb54-4033-bf96-b402cef63029", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904839, "uuid": "7b0d6efa-8f7f-4ca8-8ff5-a579ea776885", "value": "12288:4Mrmy90imnulSHm64k5M2MrqPd7aXuYAirpzCXBHL7kiwoYMX5:+y9Vg358qtyHAKCiEX5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685904839, "uuid": "ba62db68-b37e-4fab-8e15-4b79ac513876", "value": 594432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685904839, "uuid": "548e8053-6e27-4571-9f7b-8e4ef25b4d51", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904839, "uuid": "bf3683a2-c2d6-4363-8ba3-e7efea6dcaee", "value": "01637899.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "881c9473-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685904996, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904996, "uuid": "70248a29-b386-4a83-bbbd-61d763f352c7", "comment": "Malware payload", "value": "20fe8fbf9b55c637bbb62a34df4886f0", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904996, "uuid": "725e3c73-920b-4447-8a80-ca6bc01aa048", "comment": "Malware payload", "value": "d08d7b4165fce25e8099f696e0d600f2e737498add7d71bbe3a1466015eb542b", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904996, "uuid": "493a495e-cc34-4165-8c31-5dbd87b5d387", "comment": "Malware payload", "value": "6cd1fdc64a25e290346280164806d4f7fb8783e2", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904996, "uuid": "66be7e32-6815-4d4c-a02b-63962c86d333", "comment": "Malware payload", "value": "7de36ed05c9458467ace5b8c8e427c61d38be889a55e79ed18d020d29ba81e0cf39cd7ad0f530ad167746026db0fe739", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904996, "uuid": "1b334816-b19b-43b2-bdda-1d696a3ad1b5", "value": "T16CC41252BBD85172D8B41BB058F703970731BCA26C78875B23AADC5F0CF3684A5717AA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904996, "uuid": "0ca3c177-8047-4104-8281-ba7ad68600d5", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904996, "uuid": "2824fc12-06e3-42c4-aa6c-e8550608cf9c", "value": "12288:kMr2y90Nj5xQa0v7+WLGGnO5H60mydcqJ2MPHn/pD8AL:iyCjIvapGnOtdmydnQ4Hn/SAL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685904996, "uuid": "a4cfb02a-fb11-4efb-9877-d8eca08062a6", "value": 594944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685904996, "uuid": "d60745bd-8e69-4d98-a98e-0a8b76947826", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904996, "uuid": "8f5cc751-6e23-495b-baeb-d438b2651b01", "value": "05661599.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5b9e8a7-02b9-11ee-b3cf-42010a9c0076", "comment": "Malware payload (NanoCore)", "timestamp": 1685870713, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685870713, "uuid": "69f11b62-9d74-403c-a3e4-283882aa0230", "comment": "Malware payload (NanoCore)", "value": "d2c96c075741ccd8bed558e39838a59d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685870713, "uuid": "b7794f3b-900e-4913-a51b-56a490c27ab4", "comment": "Malware payload (NanoCore)", "value": "d2a573edc893e24fbf245c4f8f918ec3b4f04fab928f073a24da3cb741d18388", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685870713, "uuid": "14f83564-c3ee-42a8-a4ff-4cbcf1d8fc0e", "comment": "Malware payload (NanoCore)", "value": "09667b1bef10f69697d997a26d9d963dfe4bdeb3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685870713, "uuid": "ce895687-362a-47a4-b412-68bea4a9ed9c", "comment": "Malware payload (NanoCore)", "value": "b00785ca118d7ff19cfa8745a9a1b3f92a98a3f2391923a071155824066da31a77e253b0246b6d018af6b9e6c87ca73c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685870713, "uuid": "6be3f8d4-c72b-4bc3-951a-baad3f4b5eb6", "value": "T15636051273F90556F2F36B31ADB191555F3ABDA99AF2D62E3240024E0976A40FE31B33", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685870713, "uuid": "0d6f20f7-3c9a-47b5-87a2-78a72bcfe96f", "value": "3d95adbf13bbe79dc24dccb401c12091", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685870713, "uuid": "65bbaf75-f36a-441c-9aea-8d042db69a55", "value": "49152:RVg5tQ7aoFsGabuKxN5GmoZgZh8Jjf1SXAEaY7:fg56ddKPo2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685870713, "uuid": "92ea090c-14ac-42a9-9416-c6ad75f08f64", "value": 4967948, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685870713, "uuid": "dcf04829-5b9c-4b39-b4e2-55d2071345ec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685870713, "uuid": "4aa37367-b80a-4475-8682-1ddce3be7dfc", "value": "Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7c2366e-026f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1685838987, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838987, "uuid": "7cb12e54-8cf6-4baa-977c-a5538e808013", "comment": "Malware payload (Stop)", "value": "e2d4231078a7022fd7daafe85d092aa6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838987, "uuid": "60ba8783-271d-4f83-a6f5-7083bcd74d33", "comment": "Malware payload (Stop)", "value": "d6421e6c85be648c18ff4ae6efeeded3b389f151027d052f156ff6fefc1c3bd4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838987, "uuid": "a14493bb-5c74-4a4e-b108-84ca9390d125", "comment": "Malware payload (Stop)", "value": "8bd5187b089c1df8c47ed90c37f6421f5911ca25", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838987, "uuid": "e890f14d-37d2-41a5-802b-ca56f29f3db0", "comment": "Malware payload (Stop)", "value": "6333f5ea096df5567a41808f803a2c52040006ac488192a46b85463a09eb539e354ca5302fa43f79b1ad2cf30357fb41", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838987, "uuid": "aa4229bf-16bf-4a2e-9762-dba382110fba", "value": "T10FF4E11362D37C25E9164AB28E2EC6E86E1DFB518F17379F1214AF2F45721B1D232B42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838987, "uuid": "685dc678-7ee7-45e0-8398-4201a06b353c", "value": "9bbc9ec767e0d044dbe137327e0459fd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838987, "uuid": "55528969-edb4-4a14-a0ee-567e5594f8c3", "value": "12288:ktUVHEoW7CEookQT0G3vnFDBQ0YG6dg70qUhw4w5ks3guziBNXZ6kxkvS:ktuz6oXQT7dlP6dRqUhw4w5kgRzgzV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685838987, "uuid": "ada2c182-d20a-49e0-89ac-592cbf59fd7c", "value": 790016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685838987, "uuid": "8bd8d834-ef7b-4626-85ac-183e32ecd26c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838987, "uuid": "d899d4e2-45be-4cc9-a602-e4be18b05d84", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d01b9ef2-026e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1685838545, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838545, "uuid": "7bede621-42cf-4f85-917b-bd074b17e863", "comment": "Malware payload (Stop)", "value": "8fd96a42e13b96a2229d048c5ba25f33", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838545, "uuid": "cc877e97-0f46-4ec9-a904-e7bec2c87e49", "comment": "Malware payload (Stop)", "value": "d6d3b8afca43e956e5d243b5fe86ffc7c5e5eacf31974108035d2678bde1ac73", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838545, "uuid": "c871c2f9-1f9e-4b11-ace9-d91e638b4885", "comment": "Malware payload (Stop)", "value": "f70be98b51d7a9b450959491def15e7afc9d5b7b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838545, "uuid": "7b6d0ce6-f47b-44f4-9396-fae2878e12fd", "comment": "Malware payload (Stop)", "value": "eb8b865b06c24a0b91e12fb20df707401759bfd8abb47ded71bf5bf21fc1a2a3250f660c93157ddb6b28530d8afad221", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838545, "uuid": "a9206cfe-2aff-4b4d-89b5-cb3453cb1d14", "value": "T12205D01A72E36C55E9254A728E2EC6E87B1EFB518F1B77AF22046F1F04B10B1D172742", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838545, "uuid": "aaf1eb52-ed16-4c37-9d57-7b79a04f7e77", "value": "382962f043b5a0413c587a899bceffb1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838545, "uuid": "6ae90ebc-0efd-40c9-ae5a-642f308dcfa8", "value": "24576:XmZjsV2mJOK/ibC8sW89vZ7CSj9KxJ8fZRQWXLL1:XmeLx97vdPj9CBe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685838545, "uuid": "77b64ba6-39fb-499e-a9da-7605bb9fe974", "value": 817664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685838545, "uuid": "2b95ad72-5534-4766-97d4-660fea80050c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838545, "uuid": "73025b67-3433-43f7-8084-7b243ed1980b", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f5077cb-0270-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1685839322, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839322, "uuid": "6eceb476-27d9-450f-bd75-9d5c11a4afbf", "comment": "Malware payload (Amadey)", "value": "9029d1f14f684731fd85ba8e80da92cf", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839322, "uuid": "91ce9761-5cf9-4722-9723-6b84948aaf46", "comment": "Malware payload (Amadey)", "value": "d7e1af2362cb778e3ba97174915da73fcd8fb4df49363fb09267eb28db27e77b", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839322, "uuid": "6bae6ead-7420-4fd4-866a-5a4e25665c7f", "comment": "Malware payload (Amadey)", "value": "8281a329b5ce0190541a362a24be52178b8edc02", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839322, "uuid": "1b70b7a9-d724-41da-995d-1217eb9d8a95", "comment": "Malware payload (Amadey)", "value": "e50bdff183ddabb526a6bfdc570c09c78e4168debccc9da43527c9a181a53f6106accf7a19717da8ab7f999ffb205c60", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839322, "uuid": "68e83089-e2fd-467d-b140-4c05a5966bc9", "value": "T185052343ABF85176E8F123B11CF202670B3A7DB1D978476B27855C6A0873790A83677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839322, "uuid": "8886ad9c-5dbb-4cd0-848d-941a7f9a7647", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839322, "uuid": "21bc3868-7c96-4aa2-a0c0-28debd03bf96", "value": "12288:sMrcy90cODqz5Ngvgc5z1pfkH+zMkFs8agtnZgHDQA3AtzVjhh:Qy1z5NBMz1pfwe2Ht3cPh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685839322, "uuid": "e43d78bf-47b8-42f5-ab49-a836874abf79", "value": 797184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685839322, "uuid": "decb38e0-c2c4-43b2-bfff-f390f7078619", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839322, "uuid": "5ed345e2-186c-4fae-810c-7e447b3a3b74", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5dc7963f-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685904925, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904925, "uuid": "6d950457-286e-45e2-9960-872c3aaa2a7a", "comment": "Malware payload (RedLineStealer)", "value": "ab03e1d4641686bc329fc2b44f0ab8e5", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904925, "uuid": "7eaa1baa-873f-4324-a720-358d129ef1bd", "comment": "Malware payload (RedLineStealer)", "value": "da8fcde10abb4d4a5fcf819e839811667795a72a48b07dad24d68f92eca2991e", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904925, "uuid": "21caf2ec-1680-4a2d-a0c1-11de16e76154", "comment": "Malware payload (RedLineStealer)", "value": "903269a8b77eb0367973d744259578195b23adcf", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904925, "uuid": "24a5b2c2-6acc-4ea7-99bf-ace3645e16af", "comment": "Malware payload (RedLineStealer)", "value": "68139cade9b5ba36b975bc7f59007f960311b5e86d12d7a2be35a3b927a0466ef11090a55e627a0fb2420c2fbc913632", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904925, "uuid": "863a3b35-c2c9-4646-aab8-e5b7b5cbd6c2", "value": "T1CEC41243A7D810B2D5B523B018FB02C70B3A3CF1AEB8865B2792A95F0DB3584A575777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904925, "uuid": "86afc963-dfde-4760-b578-815a8e71e9d1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904925, "uuid": "387da108-98e1-420b-82b5-3feb7ad10e0d", "value": "12288:+MrGy90nz+X1l5wSqnmqKtZbnVB4zf04QpckU0yRIYY:8y6aX1XkGtJnVBKfkcoyur", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685904925, "uuid": "055d3ef9-9757-4207-a501-b88d33b34ffb", "value": 594432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685904925, "uuid": "5dd6cfef-bab3-40f7-95a1-f1b2d08ecd79", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904925, "uuid": "7d8b76be-6745-4749-bc33-c49a8f85490f", "value": "04356899.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75962ead-026f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1685838823, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838823, "uuid": "1d1df5f0-0e52-410e-9018-0df3e9e27e6c", "comment": "Malware payload (Stop)", "value": "c928db79c247e5e40d4cde79d39f7cd7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838823, "uuid": "3fcba586-d9c5-413a-ae6b-566f770bf0be", "comment": "Malware payload (Stop)", "value": "db5a87871265beac473e5be77b89d354e8ecc5039a680c23403dd2e9ba9f4308", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838823, "uuid": "1eb0beb4-a183-41c1-9582-c87669546f85", "comment": "Malware payload (Stop)", "value": "2a8d8bad42ce4af3668e7bcb43dcdccd636bfd9b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838823, "uuid": "b4ee88b5-84ca-45b5-8346-8646de87c269", "comment": "Malware payload (Stop)", "value": "2c8d2f1a1ec2414adfdc64eed8aba514d52a539e683ebba562490a8eb596be8e62437bee2d81702be83e739267135584", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838823, "uuid": "3896925c-a4a3-4983-8faf-50ac5b0f50aa", "value": "T160F4E11372D36C61E51646B29D2FC5E87A2DFBA28F4B779B13046E2F08710B2D572B42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838823, "uuid": "ee9277fd-2d27-46b1-a195-b2602abf76b9", "value": "9bbc9ec767e0d044dbe137327e0459fd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838823, "uuid": "1dea8e4a-bcaf-4442-8d2e-ad19ddc2526a", "value": "12288:DUnksOc7anhWHIC4vZNi+fAWgJDagmHnCf2y8WBhRbYlMxsla:DUbN7uhPC4hNTfPgJW/iOX2eiula", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685838823, "uuid": "ebf39d14-b7f5-4313-9800-e1420fa3563b", "value": 790528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685838823, "uuid": "eb73d023-eca9-4c05-93ea-c95fc6a6ba8c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838823, "uuid": "325839b7-c10d-4b08-a707-3f24a54754fe", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6a5ef20-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910712, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910712, "uuid": "70aa8fab-9d3c-48a3-b8eb-ac8b2911c069", "comment": "Malware payload", "value": "600764b14a6e39961594ed8e67c3eeb6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910712, "uuid": "0982b8cf-79af-4be7-a87d-4683790f6b95", "comment": "Malware payload", "value": "dbbd275a4b1da0b93a1ef2c5e7c75f5f020979dcc502fd1bc28b3b40cf1d255a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910712, "uuid": "654b8414-3dc2-4256-8c67-52b3aeccfc8b", "comment": "Malware payload", "value": "5b5cc61391968958236d54eb0fe7229386b58c64", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910712, "uuid": "4bfd0a7f-975c-4e01-8d5e-97c576abe0ee", "comment": "Malware payload", "value": "9b2e3f7dc9c1d2b07cf7b4460f621d4ccba1357c82487f5ab97007ec905629f70c997fe72956a76941649b83f843cc78", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910712, "uuid": "7af10ec1-869f-495a-a749-2d7365ae736a", "value": "T19C148D8ABBA4DCA7DA11433885E5C335173DF1C4274A4B0B69369D361F33A86BED1782", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910712, "uuid": "5ce92ca4-655e-4e6b-bb86-60d3094c9cbd", "value": "f068b296a8df39a3a404d627d3a60c14", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910712, "uuid": "ca7f33ac-60a8-4127-aea8-35c4d44746ca", "value": "3072:Q4+YN4lPeFpVa5f8gy5q86UIQz+GypacRLu1O+TvTIGapG4S+1prXFnK:cCQ7y5qzzJpVRLu1fcjDV9K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910712, "uuid": "c80e616a-4fc8-49c5-ab34-61bb54164b55", "value": 192375, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910712, "uuid": "81f2b81a-1c53-48dd-8246-00a9e28d4115", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910712, "uuid": "4beafb2a-bb3f-4839-a103-0ddf9eba97c6", "value": "dbbd275a4b1da0b93a1ef2c5e7c75f5f020979dcc502fd1bc28b3b40cf1d255a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "757706b5-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910548, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910548, "uuid": "4f4d333b-43c8-444a-bfd1-3b5c3268f39a", "comment": "Malware payload", "value": "c9ea8ea5cf73dce6ab72c4cc138b4272", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910548, "uuid": "cbcb6a39-03cf-4601-ba4a-3b4a2e9933de", "comment": "Malware payload", "value": "dcbfd4ae0bf584e1e6e3686f78cce0afb647a8a8887d84201bbe8149917468eb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910548, "uuid": "486de94a-adee-47d3-965b-f825dac69c87", "comment": "Malware payload", "value": "01bdc09f830a298bf76cb81d416a749bbdad70d2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910548, "uuid": "15cba2ff-be54-49ad-bef7-958500929de5", "comment": "Malware payload", "value": "26864340e7a3bf7ad6e1de5bc3a5ec731d6993f5e97a7a2846432733b4a193ecad92dea2a481b9072d1361e0cc1f4008", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910548, "uuid": "ff0aec91-93c5-4c0e-a957-66159d0cb50c", "value": "T1E583AECA663CC61FD8080139C5A2C9BF2B31CDF927E84A13ABDC6D6F78542C5F594929", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910548, "uuid": "473702ee-f39e-47bf-97c6-8b9319f471f6", "value": "d09ec5c63d53a6dd3417fbb833297860", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910548, "uuid": "be2289ac-62fa-4e7e-afa2-115bc194eb7d", "value": "1536:LRhEGQoIek7lWPLtTjvT7X/OhQmaYuCsiJps1NIRR2VyeBshpS:LTEGpkJWzJ/TYuCxps1eCVBBD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910548, "uuid": "24da5e9a-25cf-45e0-80ad-e3caa92dc012", "value": 88576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910548, "uuid": "ab196283-acfd-4853-8c65-b9fb8bc64440", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910548, "uuid": "7395d87d-0f70-4441-b81d-797700f12fbb", "value": "SecuriteInfo.com.Trojan-PWS.Win32.Agent.12015.20771", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11403c8a-02ab-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Smoke Loader)", "timestamp": 1685864424, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685864424, "uuid": "986f7a18-b108-4d3f-9e40-307b9886b2e7", "comment": "Malware payload (Smoke Loader)", "value": "76de1225d8ee90cd515ef652f77adb7b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685864424, "uuid": "f875dfe6-1e24-4fb0-94b5-33ade3c79e6f", "comment": "Malware payload (Smoke Loader)", "value": "dd066e509004cb3c8e3f2d74cd1f186497c93ec5f30716832b89439486677b53", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685864424, "uuid": "4776c108-5b4b-42fa-9df2-d1c067849161", "comment": "Malware payload (Smoke Loader)", "value": "45c00d94aa11428c46b635ea740f7f4f4086e7ab", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685864424, "uuid": "48f5eb76-39cf-454a-87bf-ac353813cb0d", "comment": "Malware payload (Smoke Loader)", "value": "2963a10b05da0ad7bf8e53397fde4cc17f9ab7834a34781a08081375398233fccd74f7bb244a6fe87592c68728b61a2e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685864424, "uuid": "6b79c823-7c47-4990-aa48-14c09ab3567b", "value": "T1C7542A1362A36D65E5214AB28E3EC2E8FB1EFB518F4B37AB12287E1F04711B5C172745", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685864424, "uuid": "5ebd45b9-af41-43aa-8c0b-e2d9b88540ac", "value": "b4eb258dacf1941bebb674888f725604", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685864424, "uuid": "34a6845a-a6dc-40c5-8dc5-4032a3edf45f", "value": "3072:DNqmi3VYwOYuB4w5TnFXmkuOE8p7ooD/4FAG2X96nyj6MOiE+:pqrV7uywxn9MOE8p7BeAG2XQniF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685864424, "uuid": "cfbb290d-9bc6-4317-b586-3642590c3bdb", "value": 298496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685864424, "uuid": "46105920-4f09-40e7-bd5d-7c2bf0acd7f1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685864424, "uuid": "cb4eccf1-01bc-4dc3-b6db-bc671825c67f", "value": "76de1225d8ee90cd515ef652f77adb7b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76bad5c9-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910551, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910551, "uuid": "9d787efb-c25e-4325-a19c-83a1cc7ff36b", "comment": "Malware payload", "value": "7a0405e216e2bd70a83806360b56de88", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910551, "uuid": "10e7c9ef-bcbb-4f0a-af96-06fb7cf49b0a", "comment": "Malware payload", "value": "de1bda647e35bf21c41eb53b8b5194fa4cf2d00c50dd26a721cb4ea3af6f431a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910551, "uuid": "407d81d6-bbc5-488e-8a42-6b49f94ecce0", "comment": "Malware payload", "value": "cdc9ff9e57578bde899fdcde01e023b9817a214b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910551, "uuid": "9797b023-a4ff-4695-86e4-b444925f393f", "comment": "Malware payload", "value": "5dc022281718fde73a67c5dc54e704dc8bf6311d75dd8c99af600ae7f1ab5004716775439459f7d6ae09202737ee9015", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910551, "uuid": "6b3f3536-4e68-4797-8bc9-31c7d4dce6f5", "value": "T16D7289E2BADA9C86EA60627CD9E7C275763CF6E04B938B03593495375B52EC13DC4203", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910551, "uuid": "e2a9069c-4ed5-4903-8db8-d28e8d9b78cd", "value": "7c02303ba018681f15a9523075ee9e97", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910551, "uuid": "2b10fb18-7250-48ca-92ad-410bf0ecd790", "value": "192:QTHa70VwX3yqOp44ipPnx43xYv1kjyrWqcCD66:v06CqOJipPx4BCmeKqr+6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910551, "uuid": "af9afee6-5d2d-4f96-85cb-74ac651400b1", "value": 16662, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910551, "uuid": "c4655a0b-dae0-4709-ae72-f2d3ee044243", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910551, "uuid": "2148fc09-0f42-466b-81f5-cf2c5433563a", "value": "SecuriteInfo.com.Trojan-Spy.Win32.Small.29321.750", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69f1ee68-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910529, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910529, "uuid": "f47d6fd0-35b8-4486-89e2-175fa25c2284", "comment": "Malware payload", "value": "ac0923a2aebaf9dc249f42336012d014", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910529, "uuid": "e9a15d3c-56af-4ecc-a7f2-7d1c95e5a958", "comment": "Malware payload", "value": "df9b3b0d498e104dd1c54c80c9e2c740e084b922d9dbd9f1dd1617de64f22b82", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910529, "uuid": "72e10ddd-4784-45b3-9370-45d636b624c2", "comment": "Malware payload", "value": "82ce8e594398ce1df9da9f8f542ec717b05be1b0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910529, "uuid": "27883b62-ff24-4b5e-9e5e-6f3eb474e197", "comment": "Malware payload", "value": "9750e174d144baa27b62374d00aea3dc5bbcef7facf72a6a4e34afe086d573b1c9d06edbe13c3c311b5e9860b7ac991f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910529, "uuid": "5251b5f9-431a-4644-9bc4-4bc34ecbe017", "value": "T1134301E4AF85CA51E1190A36407FCF3453AFEC88C47B8FF6A671399A4C70B84A710B91", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910529, "uuid": "db93072e-470b-4dc9-8a43-77be0a5bbf0a", "value": "87bed5a7cba00c7e1f4015f1bdae2183", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910529, "uuid": "8d867aa3-c59e-44f1-b392-1498baa7ac33", "value": "1536:2aVHL4AAbijuyNxHvHqAsaUjtVNPuBObZ4vHjptm:JBpod21vaaUjfNPoOV4vHjTm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910529, "uuid": "466c2151-fa65-469e-9efb-bd5b835eb1a5", "value": 55454, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910529, "uuid": "f52431bc-2037-4543-822a-c27a534ebd6c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910529, "uuid": "7d386d11-a382-495c-b10b-b9dc47973202", "value": "SecuriteInfo.com.HEUR.4533.29026", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f2bf855-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685904847, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904847, "uuid": "f4f97169-6cb4-4fde-8424-81205d0e0a27", "comment": "Malware payload (RedLineStealer)", "value": "f0420c2012ae95922532e9849dfdafa5", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904847, "uuid": "4d08810d-d8a0-44db-9311-026ecff92cbd", "comment": "Malware payload (RedLineStealer)", "value": "e289930a7b6af4628ed931cc6ba3f31503482f050a4e6243767cb953f1a0fdf9", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904847, "uuid": "d3532d0c-25e2-471a-b4e1-47e085ae23d9", "comment": "Malware payload (RedLineStealer)", "value": "e4aaa0211c37b7cc79af2167a3a9ebee9b52cd76", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904847, "uuid": "5f104eff-37f6-469e-a7fc-f05fc29cfe76", "comment": "Malware payload (RedLineStealer)", "value": "307440721e9aaacc1f4480a6a98624470f1cb991243085320b26f622eb787851b557cb7ddcdca73876bf9ebf8d165a41", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904847, "uuid": "72fbad39-e0cb-43d6-8179-c6c8ffc04a67", "value": "T1C7C41213A7E492B7D9F5177008F607C70A36BCA15EB8872F3745A88E4C72A859A70737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904847, "uuid": "5d1094f9-00f2-4171-8523-a2ee8a5cd5f0", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904847, "uuid": "701e011e-382c-429e-bbd1-02354c28e640", "value": "12288:6Mrqy90cMxIzwWnTcav2bpmUyB/tYLxMz44/tE5yqelWLxLP+PIPB30:syL8IUgczp/yBlY6z44W5yqelWLxLPEt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685904847, "uuid": "990b8253-7b78-4b76-8eb4-203c1e93379b", "value": 594432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685904847, "uuid": "4a201b0d-c305-44bb-8dd8-a460677826a9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904847, "uuid": "8d6b0753-cfa3-47dd-bc0e-32184b4f8d25", "value": "02379999.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7074b3e7-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910540, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910540, "uuid": "ddd685e1-bce7-49e1-bf32-52b603a7e448", "comment": "Malware payload", "value": "c90a5e6759b8d03df89de8f9255854fd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910540, "uuid": "0d36b878-da02-4801-8eac-ba5b75f53651", "comment": "Malware payload", "value": "e28e2f85778bc6d4061fe35f9e164f3340969268ac46f54bdb8b6b4c318ab381", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910540, "uuid": "2b3ccbe5-53cd-4497-99ac-27ecfe6f63a5", "comment": "Malware payload", "value": "5e90a074d63f6a602c0d0336c4f7314e106be98a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910540, "uuid": "a52e6c7d-4e1e-4cbf-bce5-6468855f0c88", "comment": "Malware payload", "value": "d3b86186f50d350a3ef2b38836ddd42ccf0410e225ac53e8a12f174d7adc4ec8d102eb1cceb5d77aae4652f6d5eb70e6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910540, "uuid": "eb6bcbe6-28bb-4979-82eb-798df8e6467f", "value": "T1CF84E11275F1C473D06623700CBCAB7A1BB9A8362531A46B7BEA0F9FDF643E18625344", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910540, "uuid": "79bd20e6-5ff9-448d-8a00-7d29258ec77d", "value": "f3f1bd5f2c783c3f1335e7a652d0b109", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910540, "uuid": "9508fab9-0d24-4756-918d-67e29918eb99", "value": "6144:oo73dGuQb/0dBFhAOahc4nUvNy6wc356HYA/7aYLWtcZ8aJcGz7wDsF:b73dGuuIBFhEXnSy6wG5staYLWtcZ8aR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910540, "uuid": "40ff1f74-ca32-49d5-960f-4089d1da4786", "value": 385024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910540, "uuid": "da987668-9541-4a0a-a499-515bf4320468", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910540, "uuid": "d83d760b-13e5-4109-8dec-da42beb906d5", "value": "SecuriteInfo.com.not-a-virus.Keygen.SuspectCRC.8485.2689", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82a8f7e0-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685904987, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904987, "uuid": "d74fc5f5-f62c-4dc9-9388-e62574dec740", "comment": "Malware payload (RedLineStealer)", "value": "f2fe35f1e6219176cdd304946f654d59", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904987, "uuid": "2e007c67-f3f3-4305-a3af-cc0d081f366b", "comment": "Malware payload (RedLineStealer)", "value": "e3b177ecb9c3eadc4314bb22b37632027773ecfcccf906a00c566b471b10d073", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904987, "uuid": "318b5fa6-965f-4bb7-8057-4daaa6b22755", "comment": "Malware payload (RedLineStealer)", "value": "da1518125d94af40a6020142988964947036ca3e", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904987, "uuid": "ed951cf7-8f8a-489d-b1a7-9cffd0f061e7", "comment": "Malware payload (RedLineStealer)", "value": "65f6c39d2dcfee67fe810a0626856b2288dda947b3146abe5c416d422c1f86eeef929a0fb69cd9d18b2a670efbf0a621", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904987, "uuid": "fc0ee4d6-c44c-4284-ac7a-992c443d6f52", "value": "T1A3C41243E6EE8132DDB827B0E0FB43D31635BD6549B5135B3A89E91E0C72288A53177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904987, "uuid": "8ee2bc6e-8be3-4a6e-95fc-45158bc2dcd4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904987, "uuid": "667355b3-57cc-4714-8327-2bf0264ed037", "value": "12288:gMrWy90IhQwy9xCoNZQPwQCM01vLB+pBEfZ24ncJFe:mynQ7xBEwjMwIEfZ26cLe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685904987, "uuid": "2833acf2-57b8-4d31-9a9c-9aeb6ca3a309", "value": 594944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685904987, "uuid": "79cec231-c804-4a89-803b-0d8464e693b2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904987, "uuid": "62f26171-28cb-4d7f-88c2-a40135878b6b", "value": "05594799.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad24e3d2-027d-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685844929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685844929, "uuid": "e1bf69d8-6518-4e84-a236-7c6b4a183a3b", "comment": "Malware payload", "value": "3030755b60f7acbf21001e81fa59144d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685844929, "uuid": "616fca4e-a609-492c-8310-d0d3e68b3aeb", "comment": "Malware payload", "value": "e4806c8342dce668e106d8d6d18f1a64731d812bcc2cef175f6f0fb40cd9111e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685844929, "uuid": "c0cd2369-234c-4310-9416-e21229b6e3fa", "comment": "Malware payload", "value": "498ba1aa96d357c21460282e9de7ae6d062deba8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685844929, "uuid": "52ef5a42-06aa-47e6-9e71-6cb21fbcac7a", "comment": "Malware payload", "value": "f4b768637be213c4803ac7b6ad600dd5823ba3d0ba3d94a1c96e9ad53c3491b61cebe80a2f773481dd23a72383ea0b3f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685844929, "uuid": "4245b3d7-ea2e-457b-88d5-9c78a5df92e6", "value": "T12EC27E1437F853A2EAE98736DCF295404B72B7B66872EA2C18D050CA1D737448A95F3F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685844929, "uuid": "aace0345-525d-4ebb-a441-c2f5dabfc4b4", "value": "384:diXR5xMifCRQ9HLuZBkTfYNza2wm74dZAOApdHb2Ddf86MKazWPm0sGoGCJEF8ZE:mMYYuMivAO2OfrmbEFiRD+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685844929, "uuid": "8fedc19a-5b41-433a-ab8f-6205027d2af1", "value": 25976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685844929, "uuid": "e602f093-25e8-4bb1-a743-60e3f9da50d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685844929, "uuid": "f9f29cd0-5b2c-4d3b-b79a-be6ad8f28882", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d45b15d-02ed-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685892979, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685892979, "uuid": "431e90e2-4d7a-4482-b1fc-01b3e7e6fc91", "comment": "Malware payload", "value": "96b0ccf071277093a2e02fd89ae05dcb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685892979, "uuid": "ce1cc11c-7196-4c02-8231-e735f5bfe242", "comment": "Malware payload", "value": "e5504926ca13ec91db212d121bf60bf8c39674465cd825aed21fc59cc7bb9525", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685892979, "uuid": "b0ae2d15-c141-4f67-ba55-7ed6b152731b", "comment": "Malware payload", "value": "313c795817b5ec9683f6fcfe6aa2627e4d625399", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685892979, "uuid": "07659f5a-81d0-49ad-9fb8-83f9db26084a", "comment": "Malware payload", "value": "7bc3d38cd414fe8edc342ec32b8ca21bf39af97d17fd52a7feeed380cb300ef01ea9d8259834690b58ce826dd24e9808", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685892979, "uuid": "146a71f9-8d4c-4e11-b1eb-6b2bf9fa9b82", "value": "T1B404ED70A1F26AC9F896CEB29E60E609FFE70D819A51421FD17439F61233B84C2451FE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685892979, "uuid": "bf820e60-2f3c-4881-9604-e728d5d53fbc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685892979, "uuid": "42a12ee1-7b69-49fa-ad61-1422c37b4a9d", "value": "1536:nmxb1F1ZjhGIBOrPaOYdSkjiRNqOP36r:nSbD71hEbaFSkjiRrPq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685892979, "uuid": "c34e7b93-485c-4c9e-b21a-ea6607c4b298", "value": 187904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685892979, "uuid": "ce187326-e730-46fd-9020-177fc7ff7677", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685892979, "uuid": "62a6b42e-934f-4f33-9f03-7a7d589398ba", "value": "BHHh.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7cff23a7-02e5-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685889516, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685889516, "uuid": "90421544-9e73-4f05-83a7-e6efc42378fc", "comment": "Malware payload", "value": "1359c6354ca6f617b36c738abdb993bb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685889516, "uuid": "7c92c7a2-56ad-4f57-b0ab-cef4bf25367f", "comment": "Malware payload", "value": "e741fb9d0eb11801dd163875479a8b56eff8ae5f3ca1987b996026f752693641", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685889516, "uuid": "65e36400-33e7-4207-8f4a-812133b1b13a", "comment": "Malware payload", "value": "b0c6aff2a1725520bf76755375c2900ccfb2f742", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685889516, "uuid": "292f6558-4e2c-42e2-b68c-2c914604d2f8", "comment": "Malware payload", "value": "937f1d09edb93233482272cd2feeb43a13e08d6a692edbbada9e20d282726cf0e5d322349b4d7237fcf9944a917451bb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685889516, "uuid": "0ae960fd-ef2a-4f7e-b6cc-b241a760bbca", "value": "T143645C4296765AD1D818CD30059324F556FE2C1238079E56F36BFB1F39BBED0AE0E622", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685889516, "uuid": "ce3683f1-de11-427c-a1f1-cff672671765", "value": "1df8cb8522279878b0df9a32811e38ae", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685889516, "uuid": "39c74576-7d79-4c36-8be2-5d202fa7fc12", "value": "3072:0OXQ2G+IpQZQne73qe8UzT+nWwXjDRJWwXjDRgjDRbL7oZC:7vGlpQE4qNUzCr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685889516, "uuid": "4392eb48-d46a-4bee-aa87-75d59e883968", "value": 327680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685889516, "uuid": "969e8b34-8c73-4157-b243-c025599d7f0d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685889516, "uuid": "8d87c04f-b14b-45fe-a80a-ea2a3268bf48", "value": "e741fb9d0eb11801dd163875479a8b56eff8ae5f3ca1987b996026f752693641", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0b3c5fdc-026f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1685838644, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838644, "uuid": "c358c975-5de7-494f-9758-7f92e223b594", "comment": "Malware payload (Stop)", "value": "e38d451cb2bda2b516c763d60b016e32", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838644, "uuid": "df4e6265-bf58-4f97-b7cd-34c3d0c7b499", "comment": "Malware payload (Stop)", "value": "e91bc5755d9f1aa37e718b3f5350f7d1474e930898b177fe9cc1cc18c54ea296", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838644, "uuid": "71301f78-8bb8-453d-8108-a7560d60eff4", "comment": "Malware payload (Stop)", "value": "ad5f61eeb20ea6b4b3143439815c57e7428412bb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838644, "uuid": "28a023d0-e13d-459c-8795-f8b29d58f86b", "comment": "Malware payload (Stop)", "value": "a8e4031b08c127e4afaeb903ed884e54a69c367d6c1bec4b6ce08e7eabb2aa7ab1fecf3fd71f669fe6f2557f4d64fb8b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838644, "uuid": "b1dfad49-9eb8-426c-86af-339ab0ac2596", "value": "T1CAF4E11362937C55E5255A718E2EC2F86F1EFFA1CF5B379F12086E2F04711A2C562B82", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838644, "uuid": "c4dcc567-5ac9-47ad-a522-180f4a569935", "value": "382962f043b5a0413c587a899bceffb1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838644, "uuid": "67f9218e-3c8d-4596-8903-f4d52a211aaf", "value": "24576:B3vIFi+rIQy2QKBxYxR+VZ67F3Yt+iKobKb:B3Ny3ysYnIZS3YDDb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685838644, "uuid": "5d9cfc1e-67af-4412-b2d4-09a33136648a", "value": 790528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685838644, "uuid": "76db77db-f503-40bf-afa9-d1e2c17132d0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838644, "uuid": "c4cf99f4-ce29-4788-95af-284d83c4ad9d", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43e37c10-026f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1685838739, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838739, "uuid": "df340e2d-8efe-44fe-9199-3989835e56be", "comment": "Malware payload (Amadey)", "value": "463e2c4a1967b0a7f7f633a6215026ef", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838739, "uuid": "0b8aa1bf-1902-43ba-806a-1680e3b96dbe", "comment": "Malware payload (Amadey)", "value": "e9bc1461c10946308fa4a0fb16f274108d80c351068ca95b5698a5a51d3b6de7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838739, "uuid": "93ef01a1-d5e6-429d-94e2-4db077f9fea4", "comment": "Malware payload (Amadey)", "value": "8a5d4e457909faae63080b6468baa7e7872bb38d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838739, "uuid": "8008492e-d6ff-479e-b839-6f72dff88dd3", "comment": "Malware payload (Amadey)", "value": "e37d18c57f1135724f76b7ec56a8aaf7d8792cc188d93c36f6c3934d0e30feebc223c0b6adf03c81e6fb87b1c205e4d8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838739, "uuid": "e0680a6e-176e-42cb-93a9-1c15cdcc0591", "value": "T1420522429BD84072E9F823B169F703A71F357D60997C671B7B428C1A1CB264878397AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838739, "uuid": "7136f236-6386-4024-8b27-82b55d6db8b3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838739, "uuid": "7cd43ab9-bae6-43c6-9984-bd58c1959cb9", "value": "12288:mMrGy90AzyV/gLkSSdzM++nrtXQxLssAFi9sSEerdqaZzDBAxe6XAX4:cynzyV/YkSEur5QxLv9DEeZqYOx3AI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685838739, "uuid": "4e2e5e4d-e1ca-4ca7-9b73-a05d007713e5", "value": 796160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685838739, "uuid": "f29bea6e-5575-4673-a700-bc50d55d5d03", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838739, "uuid": "141ff614-283b-48a9-a75b-e9813ad9f481", "value": "463e2c4a1967b0a7f7f633a6215026ef", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8233a5d3-026e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Fabookie)", "timestamp": 1685838414, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838414, "uuid": "7b47f91f-837c-4d57-acd6-4f7f180867b3", "comment": "Malware payload (Fabookie)", "value": "91d224124cbde7266bc85da1cd43713f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838414, "uuid": "f8c2aa5e-48e4-48e6-b306-10821c8d6db1", "comment": "Malware payload (Fabookie)", "value": "ea28c1d33484880d613ebaaf9dfb107df493b43b0365897eaf7b608aae98f1e7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838414, "uuid": "c3515ede-2a19-4da3-a491-b622f4dce2f1", "comment": "Malware payload (Fabookie)", "value": "6361f8d355b9044b4a3e393fbc6edeb9feafe193", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838414, "uuid": "398b472c-cc34-48a0-8127-c907f46d26ab", "comment": "Malware payload (Fabookie)", "value": "41487e4401f547663e56b4ee09133a59963605856ac1b394b64dfbd725f6c88a5ee590ec931f101dda013c447e14c5b2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838414, "uuid": "8b12ffda-d8ef-46f1-abf2-9b9df6f371cf", "value": "T110544C1B62EF7D61E5154A728E3EC6E83A5EFB918F4737AB12046E1F04B11B1C272B41", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838414, "uuid": "95f49093-59b5-4a0b-9ee1-ef90b23b2b6e", "value": "382962f043b5a0413c587a899bceffb1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838414, "uuid": "49fab274-136c-425b-bfd8-69ea4243893f", "value": "3072:NOqlERktL+kzUHmCFtf2k6/wjjotsQeMshRKC8guZLYF+VdZ+vL/EmodXi6+:N1lZtQHNFeYXAeD+9guZEcB+jcmAG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685838414, "uuid": "3043d80c-32f2-4841-9f7f-688c2daff070", "value": 296960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685838414, "uuid": "9dd647be-4b88-48e4-8dd9-30095f004771", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838414, "uuid": "500bc5b6-62f8-4832-94d8-3a7d7ab7e083", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9d6cfc88-0284-11ee-b3cf-42010a9c0076", "comment": "Malware payload (DCRat)", "timestamp": 1685847909, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685847909, "uuid": "56cfb07b-da43-437b-8821-cf034d58437c", "comment": "Malware payload (DCRat)", "value": "86855a4c90ef303681ee3d2139033042", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685847909, "uuid": "a266207f-6abf-4ebb-a2b6-b80fd6c69891", "comment": "Malware payload (DCRat)", "value": "ea8525ed14bdc8f98f18f97b86b2853749eb99f1a517b7dfed4257dae18a7ce9", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685847909, "uuid": "7da2ca9f-9ff4-4e87-8f82-e21c4201a933", "comment": "Malware payload (DCRat)", "value": "8492cdedf5f5a61c08582607c1bbede20c325020", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685847909, "uuid": "74e3b64f-c914-4e8e-bb92-ce086ce569b7", "comment": "Malware payload (DCRat)", "value": "a189ee7efac9254c7963e116218075312b1d85bda957c561c8927dc529c066265676c5a0b8b112683b31c62c7123c2e0", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685847909, "uuid": "ea4b15ce-5079-4bac-bfbc-401bfcde04a7", "value": "T1256538027E46DD12D0299637C9EFA52807ACFD017B67CA1A7E9F335D69123A38D0D1CA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685847909, "uuid": "17a60b65-a000-408a-9069-f203932585ac", "value": "fcf1390e9ce472c7270447fc5c61a0c1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685847909, "uuid": "1ff4bb3f-7a10-45ea-ac1e-bab2a943ca0d", "value": "24576:q2G/nvxW3WuU7l19j0EF+b9ZEFMwHjM7pyscuEHvbp/lgN+4:qbA3Q2BZEHw7pWIU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685847909, "uuid": "8cceb0a0-0256-47ef-9d11-0280c45c572e", "value": 1423750, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685847909, "uuid": "66e3dafa-1cef-41f9-9a35-54ade605fb6f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685847909, "uuid": "67b1e21c-1990-4f2f-8d2c-91284d2af089", "value": "HEUR-Backdoor.MSIL.LightStone.gen-ea8525ed14b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff8d61e8-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910780, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910780, "uuid": "1fc3d09e-c2ce-4cce-bf94-f37b26696ae9", "comment": "Malware payload", "value": "2763da6d112f11ff936c2656d3d541ad", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910780, "uuid": "0026459b-5b3b-4f9c-9227-9bc5b502122a", "comment": "Malware payload", "value": "ea97b4d1bcbfa99d2e3f04defab98ff45204245797067b7ec3bb68709e7b23bc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910780, "uuid": "0847c8c5-b5c1-4a41-834a-8e2e529516f6", "comment": "Malware payload", "value": "94c195708f8198b2fd17735426636afb514401fe", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910780, "uuid": "b25702b5-efff-41b8-882b-774a559b2075", "comment": "Malware payload", "value": "b3364a090bfa8eeec84e8857fba987a854a91c4ea36def40cefbf712deac0b4416d56f64fbbd6613436e3622c4775f45", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910780, "uuid": "2f992cbb-ef5e-403e-bacc-78b0772a0985", "value": "T142663309932DED20CAB5563057952CA5FD0B4F169DB43620BDCDF2BE8C32BC2879616B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910780, "uuid": "24a4c16e-af9e-4b6c-880d-f93663c25583", "value": "56e0de7403c9b30b16e6c0da6727f760", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910780, "uuid": "67564418-35ca-46c3-b055-5913ec56376a", "value": "196608:F0lHDSlSXD6hWKySrRwnGtSYesZHN8ec4F:yjYu6h3yTuSLsZJF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910780, "uuid": "0aeb563c-2856-451b-b27a-c8f1fcd8fcbe", "value": 6660664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910780, "uuid": "bdb47658-e5ee-4955-95ba-055ad0b5efb3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910780, "uuid": "c2698f39-5bd4-4feb-810b-890a2031b75d", "value": "ea97b4d1bcbfa99d2e3f04defab98ff45204245797067b7ec3bb68709e7b23bc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7aec9c67-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910558, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910558, "uuid": "79b646b5-a425-49ce-8a5f-0ff34b6e04d1", "comment": "Malware payload", "value": "239b9e5eb634f5cb6e1c6ea95f3a6484", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910558, "uuid": "5db7c875-3cd9-4f6e-8b04-b55d961abbb7", "comment": "Malware payload", "value": "eb2628d8867c76edefdfd6826b7ddc9332dfb7aaea04c73ab3026ecdba55e33b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910558, "uuid": "92f37d08-ad3d-4852-9f71-3b62aed88447", "comment": "Malware payload", "value": "26b387a469a2c9769c30261cef5493995504127c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910558, "uuid": "67b82e3a-000d-487a-ac6a-c1e8752f81fe", "comment": "Malware payload", "value": "3959c0a520632f9b490545da7709edb48b41f892334ac7969d27b548aa3393dad412957463f42bf8649bb8c92bf12542", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910558, "uuid": "00e8266b-e24a-4181-be1d-9dc0294a5a52", "value": "T1E1047C0277E1C479E46F1A7154B26BB99A347D616C26CB8F6B30FF6F683118189293C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910558, "uuid": "38e7114b-e770-4e82-b97a-6e185903fd46", "value": "97936dc1021a2808226499e5875aa24c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910558, "uuid": "135f9966-5cec-40ef-b840-809f2c417e26", "value": "3072:0E5TLaodC43vVdKSar8yG3thJSKzIEt4jxL:pp33PXrr/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910558, "uuid": "fd594214-60f6-4f9e-98da-3c44df8ccfea", "value": 188416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910558, "uuid": "6b94a16e-3fb3-4084-a921-253c703b5c57", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910558, "uuid": "95d53b1f-ec1d-442e-a5fb-9ceba21d299d", "value": "SecuriteInfo.com.HackTool.Crack.Retail.927.26313", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b558c73-02d1-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1685880869, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685880869, "uuid": "59d67e50-1238-4c1a-8fff-70c78ff94af0", "comment": "Malware payload (AgentTesla)", "value": "dd2b3fc2deec626cc91ff2706c8ab619", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685880869, "uuid": "cde1ee2f-c327-4b78-b303-cefee148bfa2", "comment": "Malware payload (AgentTesla)", "value": "f1ccd920dbc42310993bc9f927b0012d255737346e14d7c7f73c8430913ecd27", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685880869, "uuid": "aecc724c-08de-4cba-8a10-d2151209a609", "comment": "Malware payload (AgentTesla)", "value": "034043adfa5e7b4514ba218bc6bda701a8055711", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685880869, "uuid": "20f22961-c434-4f5e-99ab-d51f0dfba0f5", "comment": "Malware payload (AgentTesla)", "value": "f5178f8d8b6139bc3dfa7079ed816b59264b6d437c45fd91740ff14fd98522dc67a52ba392a4f70699c0691f6c6ca2d3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685880869, "uuid": "f6ba6fb2-8f99-4293-9c6a-b16f13732caf", "value": "T153F32A6896C98ED2D33D4074D4601258CBB2D146811BE79D1FB3A8F6BF467C3722E8A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685880869, "uuid": "47388cf8-861a-4868-8e33-adda0fe7a3b5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685880869, "uuid": "4d636a94-a599-476a-8439-fa9c5e3c4a6f", "value": "3072:VuQi7Am4F271mhhyirDVk7CUMtvkzDWZus:GP+ImhsykC/hWOu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685880869, "uuid": "6fad31c9-49b1-4d41-9ec5-d76dab7cf70f", "value": 168448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685880869, "uuid": "83cf0d63-93f7-439a-a606-320ab7e407ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685880869, "uuid": "3f7c4e77-cf36-4f20-bb3d-7fd54781293c", "value": "rDOG.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7616c7d7-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910550, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910550, "uuid": "4e04b47d-90d7-44d0-923e-f2bf5ab4db66", "comment": "Malware payload", "value": "c8348d94a015cf5c613faf8ac2464ffd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910550, "uuid": "6be80174-a67c-4b26-bb5d-f525d7ea6768", "comment": "Malware payload", "value": "f4102a178fb0f229db67044ec2cf2202e6eab3581afa7c1fed72cc4d287ac468", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910550, "uuid": "8555beb7-aef1-45d9-a2aa-a6ef180dc111", "comment": "Malware payload", "value": "2529132618f59f4f7e63ab7221b29f898e4488db", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910550, "uuid": "8180efbc-ac35-49c8-9aae-41193d5bc21d", "comment": "Malware payload", "value": "cf9942e541f96fd713fb94f8bf15b705c9224b0404535cbdbb98ea3e4f500097cb10fce0960f3f498af8ab2a60a34d7f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910550, "uuid": "bd210b4d-fede-4664-8af0-1fd73dcacd94", "value": "T1E7035A0F3070DAD3E1E9A3B915550B94B9BB5D402234AFB6DC12ACADD7382E54F2852F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910550, "uuid": "1b13c301-bf45-440a-aaf2-93453d8d8ca3", "value": "768:ESw0zG1xg4K/dZcVFP1YxhaIDFbBsDA1dxbE:o+DcVVQBFbB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910550, "uuid": "cdcf377a-9331-4e5a-9d24-3e689f921929", "value": 40960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910550, "uuid": "edc5fee0-8d6a-494e-b6e2-d138172eca9c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910550, "uuid": "17c19a25-75b3-490f-a8b0-806c92b9e012", "value": "SecuriteInfo.com.Win32.Malware-gen.19849.28636", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb62ce86-026f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1685839047, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839047, "uuid": "af5cdeff-8453-42ec-836e-5fd6cea9c05e", "comment": "Malware payload (ArkeiStealer)", "value": "b24d31bc78bc571dc481b9e2ad259a79", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839047, "uuid": "c505aa71-526b-428b-bd17-892b753854da", "comment": "Malware payload (ArkeiStealer)", "value": "f41a52b26618cc929bff3ca1371cca58bfa3ecb782722b2ee7e466758b53a5a4", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839047, "uuid": "9703af4b-63b3-40ec-99c1-8bab875cc963", "comment": "Malware payload (ArkeiStealer)", "value": "b876edd9aeefce1458d1ed2067b89b08b73ee06c", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685839047, "uuid": "5cd176bc-9ab3-4b44-9116-d80ad9aa845a", "comment": "Malware payload (ArkeiStealer)", "value": "4f79b50a49107e57dc10e504b3222c2eb44e29ae3d46a06802b47997d409dedbac73fed94547769c3ca8a36d992600a1", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839047, "uuid": "dfb82edc-2377-4e47-a11e-98e016e3a9a0", "value": "T12584AF1362D37D74E5265A728F2EC6E46A1EFB918F1737EF12146E2F08711A1C272B42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839047, "uuid": "c5600dc0-537e-4a51-b641-850d3de6bc02", "value": "9bbc9ec767e0d044dbe137327e0459fd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839047, "uuid": "6759d8e7-e7ba-41fd-b72b-63b6f59ed1cd", "value": "6144:CiG8yFXH4RKIbspeevpo9xxB4j1CNuF2Mx4e9Fl+O7m1y:Ct8yhH4AaspesaO1CNHmZ9TA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685839047, "uuid": "c4332441-bd1b-4be0-9b57-49ed83eadcf1", "value": 383488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685839047, "uuid": "a50171c6-6384-4e72-9c43-bf256481d9d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685839047, "uuid": "af3ed96d-388f-434d-8031-9c6bd538b476", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7637ce9d-0309-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1685904966, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904966, "uuid": "84b1e4d6-d462-404a-a8f4-8be72fdb1a59", "comment": "Malware payload (RedLineStealer)", "value": "4ec4e3c61d59d98c654bb9a2e5853000", "object_relation": "md5", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904966, "uuid": "13393dce-1e84-4786-937f-70492745ebcf", "comment": "Malware payload (RedLineStealer)", "value": "f4b092f5f134e9cfce7e29d2f9774092e408d8b20a619a63010872c24e1f8484", "object_relation": "sha256", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904966, "uuid": "d5a42672-c888-47ee-b9b9-80586a14f1e7", "comment": "Malware payload (RedLineStealer)", "value": "29cebf9a339cfad22262e80c387ffcb874a5eb4e", "object_relation": "sha1", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685904966, "uuid": "7459fbb0-38ff-49e0-a9f0-72e881124b68", "comment": "Malware payload (RedLineStealer)", "value": "d134952f9875bf536bffbd4da7fa445bf06a357cd6d907cc372f0e5fbfe359ebb857f8fa9da05c83932f8b8e21cb80e1", "object_relation": "sha3-384", "Tag": [ { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904966, "uuid": "4ae30c5f-6940-4665-becd-55b46ebbc38a", "value": "T1A3C41267D7ED4973E9B027B05CFA06C31A35BDA19E64432F23817E4A0CF1695A43237A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904966, "uuid": "b23b2e9e-b3e6-493d-b7b0-bd0ba7e470f5", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904966, "uuid": "8688655c-e86f-4d35-b3c1-2c0cfdcce8fc", "value": "12288:EMrpy90rQvZPEO1ia64hTVT0hTUtn85x/OXPcVNQCUkFMHGdHQ:NyHvBvTV9h8XmXkVW3Iw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685904966, "uuid": "754e3887-6643-4788-81c8-3cf7300c0c61", "value": 594432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685904966, "uuid": "bb4f5a55-0d3d-4bb1-a523-d79b84cb7832", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685904966, "uuid": "a3c1ee1a-2082-44bf-9e2a-ac78abf4ba65", "value": "05200499.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a920c5f-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910530, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910530, "uuid": "497d2118-bdc9-4e97-90e0-a0e38f10f352", "comment": "Malware payload", "value": "b5b34e0778108905f1e42e6dd958aab6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910530, "uuid": "144d38bc-71b0-4815-84de-90b4d8cacaae", "comment": "Malware payload", "value": "f55a05caf97ff6bb649cdc70272fa116b379987a6a61da1ca82c83bb642cc47f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910530, "uuid": "d6cc6397-c9c8-4a72-b593-b9b3c35648d3", "comment": "Malware payload", "value": "cf36a610a6f5ff36f40dfbed2f7ff87f3d9402e0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910530, "uuid": "b1b46999-0231-4ded-a9cb-865d2b014957", "comment": "Malware payload", "value": "94789dc9c39be48218d17e184888915229c0abd827c50cc084647c4e6a90aba87327d555fb135c779e4b75921c2453ee", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910530, "uuid": "ec483716-3b64-43c1-9c5b-bf59899130d7", "value": "T1E1825C42EB4DD8E2D8AB0532128B8E7D5B228C218AEF09A757D11D67FC6C62CD5325F1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910530, "uuid": "ccc054f2-fbd6-4609-a6cd-cba0f53ae1ff", "value": "7b2fa0d6850189b910f454ec207f7041", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910530, "uuid": "2d026cfb-4001-4cd5-8a64-73224bb68235", "value": "384:mm3XGnT23Ldw+AVHOWC9eu89NBTRr6+f9PfBZSnPhQRqOXQOXVr:mcXGT23uKh9e7T8IPISRRXXXVr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910530, "uuid": "04bcb911-e450-4e1c-aa46-d9106bf69176", "value": 18432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910530, "uuid": "51d0b984-c4bd-46f2-9ab9-7966a173d790", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910530, "uuid": "e1facdf5-014b-477e-819c-7fcfa08a8980", "value": "SecuriteInfo.com.HEUR.Trojan.Win32.Generic.25265.28084", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "79220f77-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910555, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910555, "uuid": "01e5d98f-3ecc-4a11-9aae-bee641448330", "comment": "Malware payload", "value": "2eac63b4ace8a5386e8b81880c335508", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910555, "uuid": "f3dd952f-2765-4a1c-863f-c1b484dab9d1", "comment": "Malware payload", "value": "f5a142300036949a1402a1bf17e1e8759cdd6dad4680b6b1f36a00557cd51947", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910555, "uuid": "617e5ea1-13cd-4f9c-ab56-603807a1e5d1", "comment": "Malware payload", "value": "f37eb625d803cecc53baaedcd65fcee8634f9934", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910555, "uuid": "795722af-60c9-49fa-9161-31b6032eec81", "comment": "Malware payload", "value": "db848c2c25d68cea2e69c8ba551908822a0dec730a3abbc367622712d5904513f41744cbd82514b288977d6a463a2ef0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910555, "uuid": "fbb9a2e0-a657-4f59-bc56-3c176f397a7a", "value": "T1CA12F8AB78834533C05BC0F815B782B9CB72E1626D5A426DCFB0D42E3C66B31795DA0D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910555, "uuid": "5ad7296e-9266-4e52-9161-44d5f0581c1c", "value": "95b9e80bb3c11e15fe75a6fe0fff22d7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910555, "uuid": "99f6132a-60a6-4943-aeb8-ed359ca3bf3c", "value": "192:dlaj0VOmizJ3Vs3ay29+4cymDpt7lUjIFT:wcOvMNIbHk7lUjE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910555, "uuid": "7a61b2c4-5da4-4efa-8364-290af2bfc1ce", "value": 9216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910555, "uuid": "8ff1fc18-ab70-48d9-8828-261fe1b26f94", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910555, "uuid": "1befc2de-a02d-46b7-91c0-22ffc45758ad", "value": "SecuriteInfo.com.Exploit.Win32.Aluigi.gr.24575.17817", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5aa2a6fe-0276-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1685841784, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685841784, "uuid": "a5496c95-1738-4627-babf-8003bbf04fec", "comment": "Malware payload (Amadey)", "value": "5f8b609b8b8aac549635a9c0a8880cb8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685841784, "uuid": "45b148c0-dd95-4b62-a311-4e2545c81bd7", "comment": "Malware payload (Amadey)", "value": "f61eba6af7d997de710cf9dab046d6eab1e536b5c9e5d987223dea0c66101ae7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685841784, "uuid": "4a12cc0e-9cf7-4e8a-ac56-c4e10c4cca1f", "comment": "Malware payload (Amadey)", "value": "cf4d06d3376f6c9ad5fe51635bceae0cc9f46719", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685841784, "uuid": "14e32321-c305-4ec9-801b-7f4e0ba4642d", "comment": "Malware payload (Amadey)", "value": "72ebb133fc117682bdd562ad38fcc264a5f2cf872e7e324419d978b8891bc514a83fd46b673bee4a3c0f68086374dbf3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685841784, "uuid": "4710ea64-8213-4752-89a6-cb283c1c8d23", "value": "T13C052206A2ED4575DCB117F149F306D70B32BD729AB8532F22826D1F18B238479367AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685841784, "uuid": "bcb37053-62f8-48e1-9fea-6f7812e105fa", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685841784, "uuid": "80180147-45e8-4aa7-b794-25b8d4a98889", "value": "12288:3Mr8y90hwNT+9fhVIsDkc+LzWSYmG/swBSioYsfMgX9tCsdGDMAceKFlG45y:byoj95GsDkzuJmG/shiB+tCsE5cXtI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685841784, "uuid": "e8f028c4-32bd-4137-9574-dc4f230d9ad5", "value": 796672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685841784, "uuid": "545d1340-54f7-4f80-8c9f-1ee52d4e26c0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685841784, "uuid": "fe91de95-9fce-4b80-b37b-d45a17cb1341", "value": "5f8b609b8b8aac549635a9c0a8880cb8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6205c12-0317-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685911140, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685911140, "uuid": "76d25dc2-ebac-4c9b-93c6-dcca07aa231a", "comment": "Malware payload", "value": "3a2d1ab69281a2ed28dd9dbeac4a3a90", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685911140, "uuid": "b45ce636-e337-494c-bd18-d9cefaf4cce7", "comment": "Malware payload", "value": "f876b9a14d9770212b2dea07d2f2f093be8825de4e13bacb68f49ab29bfd8ca6", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685911140, "uuid": "32da6100-155b-48af-be8c-58de7b0deae8", "comment": "Malware payload", "value": "34e8b29be74ec982fd9d6dce5ca87bc1a7184efe", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685911140, "uuid": "1803927c-5d53-42a3-b764-ca3ebd49a453", "comment": "Malware payload", "value": "c17d13e41c765a0d371d63d91f945f136d89cff9958c9cbcedf15060a75fc39f41fc33c9a88557db645d4fcc32327e32", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685911140, "uuid": "67152369-f074-4ba8-a284-65f8cb60616b", "value": "T1BD267CD8ED0D3C52E2C7E2BCEE869B62313B76B4C36680B2BE01415DC4A5EE5D6F6111", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685911140, "uuid": "fc9d319f-9d8c-4a42-ad28-8e008b9ad1fb", "value": "98304:uaq4+UFvC0NfjCTjqE9BX1vBwoaGldbvh05OaST2:ualVF9eTjjJvBwoh2e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685911140, "uuid": "91472482-b868-4aef-bd6e-fe123aa2ad01", "value": 4726672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685911140, "uuid": "458233e7-a0bb-4606-a1e4-fdd60c900e18", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685911140, "uuid": "7cceb987-a67e-467f-b5af-6e49914e377d", "value": "index", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14d59f51-02c7-11ee-b3cf-42010a9c0076", "comment": "Malware payload (OrcusRAT)", "timestamp": 1685876456, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685876456, "uuid": "b35d0e13-689d-4d78-ac65-da341bb31c94", "comment": "Malware payload (OrcusRAT)", "value": "864d1b8fe8c2caa11fabd19025c6af4c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685876456, "uuid": "f47794f4-fb17-4ad6-8711-5ef2b981fe2b", "comment": "Malware payload (OrcusRAT)", "value": "fc35a0e0418cefe500b02b81241fbb0338e7040db20934ed9abf3e6d55f879f4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685876456, "uuid": "0b7dac17-6cb3-4381-9896-3b15109cd541", "comment": "Malware payload (OrcusRAT)", "value": "80ef38b4619508eca929367e505ed86820cc7629", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685876456, "uuid": "36bd9117-82f7-433f-8cf2-8510cbfe26fc", "comment": "Malware payload (OrcusRAT)", "value": "21a99401035b374bf7cd5b17ea808a7d8141f7cc54e8431108edea997e6e909c3cd66fde59904504875ec498aba6c1db", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685876456, "uuid": "a84e2a44-76fc-478a-8708-0b8b0bde5d39", "value": "T18956D0113BACAD46C1BF3678A3731AC907B8F80A5242FB8F095452AD1D9B741FE25367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685876456, "uuid": "f6cb40fc-f576-44d2-a477-2fce51e72718", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685876456, "uuid": "da6b13d6-1c2e-4703-9f8b-4b9dc8ec3ce1", "value": "24576:UvcuN7KbNL34MROxnFf3HumarrcI0AilFEvxHPdeFooL:UvcuaWMid4rrcI0AilFEvxHP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685876456, "uuid": "539a8f7f-5eaa-4a1c-8c8a-2db67d00c662", "value": 6279680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685876456, "uuid": "91ea4ce7-54cf-48e4-9315-e7b5c34f5ba9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685876456, "uuid": "4a454399-c41c-482c-ad94-cae5220c34b4", "value": "BlizzardMinev2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "21ae11e6-026f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1685838682, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838682, "uuid": "a69dc5ba-c9c8-4cdb-a65e-f50752e0b198", "comment": "Malware payload (ArkeiStealer)", "value": "7499c20554084c32e5881c30ac3031d0", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838682, "uuid": "6cb3c3d6-6f30-49a0-90f6-cedd7108f7a4", "comment": "Malware payload (ArkeiStealer)", "value": "fd93fdc5ff4abb5a8479a36316875ddc5e77f45e4d86b7437888e5740bf266ac", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838682, "uuid": "460fec24-0547-4724-91e2-bee67c51065d", "comment": "Malware payload (ArkeiStealer)", "value": "61e7c42a4a20fa8f12f44b7c771ebedc4be5fb17", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685838682, "uuid": "6a2ace22-3256-41c4-a060-506dc51c7620", "comment": "Malware payload (ArkeiStealer)", "value": "c1a58c059f5598647bda322aa8cf4ff87ee94c570acf80f852046d87737279e9035a79c5d5f9be454220eab878e2c69d", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838682, "uuid": "4b6ec45b-7c54-47a6-83c0-3916e811ec62", "value": "T10F849F1362937C60E5165AB28E2EC6E46A1EFF918F573BDF12146E1F08B11B1C273B52", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838682, "uuid": "8d799c47-a55b-44db-874d-867fbb4cf667", "value": "382962f043b5a0413c587a899bceffb1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838682, "uuid": "633e1fab-5a0b-4daa-b8a6-7959c070fec0", "value": "6144:NY6Y/7plOmn9yd/s9h01JbPU5Kxx7tVZohR/HBZomU0fJMk:2X7pYHd/s9ujwKbRythZomU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685838682, "uuid": "77fd6402-52e6-4104-a095-2ec1f1d4f655", "value": 383488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685838682, "uuid": "4b9a8750-3260-47be-a733-d21d69c2b8b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685838682, "uuid": "35e4a66e-b7ce-48a2-9bb6-4e6f758e89c4", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6267ad94-027a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Smoke Loader)", "timestamp": 1685843515, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685843515, "uuid": "1e4e9e71-f6f4-47dd-81f3-53fb7c41fa1f", "comment": "Malware payload (Smoke Loader)", "value": "2cf0e4fdf13d5e7019ce29e796f88a5b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685843515, "uuid": "551391af-319e-49c4-b130-699290a415d4", "comment": "Malware payload (Smoke Loader)", "value": "fedd76a52cce8a71d561996427025cd8f5e290242bcfa1d791c76e41f878ebd6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685843515, "uuid": "9a10a768-5896-4b52-83c0-d578d42f22e5", "comment": "Malware payload (Smoke Loader)", "value": "e2dfdd2188723648b1abc9f80b8bba9085d32463", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685843515, "uuid": "bc682dc7-8b21-45aa-979c-c4fc690e41fb", "comment": "Malware payload (Smoke Loader)", "value": "44b39b16afae9bdf467146923f16fee445244000061c8c024a0ac68b06c33da1c58ba2118bddb35b62005c32ac0f2365", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685843515, "uuid": "86a79959-7d6b-45ff-9a38-4aa009001c81", "value": "T1F2543B1362E37C62E5164A728E2EC6E87A1EFF918F4B37AB12046E1F34713B1D162745", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685843515, "uuid": "c03e2abf-a8f8-4b31-b134-986f062be55e", "value": "08b56125ba7e99bd17ba88b830247aad", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685843515, "uuid": "64ef92a1-f374-4f4c-aa99-ef5b309c20d0", "value": "3072:msnB3+dPrkRWUPPvdK0xR80youuToeEqhlelIbU1jhg5qBwxxCR8WVdti6+:7nBYPrcFvxqhuzWxhgABwuqWVO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685843515, "uuid": "87623704-0557-4c5c-b881-0e5f335149c7", "value": 296960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685843515, "uuid": "d69d1089-f676-4709-b9d7-b3dedbd0968e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685843515, "uuid": "a2add3b6-e893-455a-95ab-da5396e92138", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6820d6f1-0316-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1685910526, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910526, "uuid": "7900611f-6ca3-406d-b093-deb3811e9262", "comment": "Malware payload", "value": "8f7137f72a9ad949d6a1f2d4cb8e9d66", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910526, "uuid": "d058f671-a520-4fc5-ac13-392b67403a7f", "comment": "Malware payload", "value": "ff3d0f1ce12aea08f1f4b396f4c77d234bb0cb6b9908c5be3c7be3a6db8bf962", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910526, "uuid": "76767788-a1d0-4b12-8de8-993da73f623d", "comment": "Malware payload", "value": "64fbdcd32b371f2f319bf4e7b8993a02ddb91c82", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1685910526, "uuid": "5d66bf96-9dbe-4d55-826a-52e7867c982b", "comment": "Malware payload", "value": "782ad3e157291ec2e6181e3146e577116d8b779ca54339cd3989dda5b8cc31310e856eb3538ae0886e589d1fbe7b00a1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910526, "uuid": "2a3fb9b6-45f6-4fde-ab06-03f9cd82d0c9", "value": "T1EE828C99B320C89AC19809361927DBFC77203D3ACD255E073FD86B0F3E36756AC06A56", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910526, "uuid": "a233b7bd-b5e5-44c6-a038-b7f5084f522e", "value": "87bed5a7cba00c7e1f4015f1bdae2183", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910526, "uuid": "bb82f8d4-cf49-4fbf-8f0e-575de98ab50f", "value": "192:nQx8BpwO8qU/LDZJpuuU8hsTJ6jPyztWz8lpZ2vlr8l+Sykth3et24Yvm1PHwlBu:SLDTs8hsF6qtK8lzQ8+Sych3mYvCPHxh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1685910526, "uuid": "da570baa-436b-4cc2-b62e-82d999c7106f", "value": 17929, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1685910526, "uuid": "8b2877ca-5a31-439e-a2ed-2a24f1b54106", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1685910526, "uuid": "58b9e308-5a1c-4f4b-acb0-44370a60208e", "value": "SecuriteInfo.com.HEUR.1359.23622", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }